What's the right way to separate the Resource Server and the Authorization Server?

Question

Using spring-security-oauth2 to secure my resources against a SSO endpoint that can act as an authorization server. I\'m a bit confused when the documentation states:

Answer 1

You can separate open resources and protected resources in the spring-security.xml

Pattern /api/** will be protected and other resources will be open.