Spring Boot with Security OAuth2 - how to use resource server with web login form?

Question

I have Spring Boot (1.2.1.RELEASE) application that serves OAuth2 (2.0.6.RELEASE) authorization and resource server in one application inst

Answer 1

I don't think you should be trying to set up form login or http basic in your ResourceServerConfigurerAdapter, and certainly not if you already have them in your other WebSecurityConfigurerAdapter (you do because they are on by default). It might work, but the authentication and access decisions are so different for an OAuth2 protected resource and a UI that I recommend you keep them separate (as they are in all the samples in github). If you go with the recommendation and continue with the components you already defined, the key to getting this right is to know that the filter chains are tried sequentially and the first one to match wins, so only one of them is going to act on any given request. You have to put request matchers in both chains (or at least the one with the lowest order), and make sure they don't overlap.