Spring security form logging and outh2 in same app

Question

I have written a sample spring application which have some rest services protected using spring-security-oauth2. Now I want to move these services to the origin

Answer 1

Spring Security is built on an ordered list of filter chains, and for each request the first one with a matching path handles the authentication. You have 3 filter chains in your combined app, one created by @EnableAuthorizationServer (with default order=0), one created by @EnableResourceServer (with default order=3), and one created by your MyStaysureSecurityConfiguration (also with order=0). You aren't allowed to have 2 filters with the same order so you need to re-arrange them and give them request matchers that make sense for your use case. Maybe you didn't need the @EnableAuthorizationServer anyway (it was unclear from the question)? In any case it is pretty simple - you have 2 choices (roughly):

1. exclude the oauth2 resources from the request matchers in your MyStaysureSecurityConfiguration and allow them to be handled by the resource server filter.

2. re-order the resource server filter to a lower order and give it a request matcher that only matches the oauth2 resources.