问题
I'm currently working on a Oauth2 implementation with Spring Security, and I found many documentations that use ResourceServerConfigurerAdapter along with the WebSecurityConfigurerAdapter.
I hope someone can tell me the differences between the two configurations because I really get confused in which configure(HttpSecurity http) method to use since both classes offer one.
I've found some similar questions here in stackoverflow but there are not clearly answered.
回答1:
From reading the JavaDocs I think the only purpose it's to separate the concerns for OAuth2 Resources authentication from the WebSecurityConfigurerAdapters which contains all sorts of security filters.
Additionally it seems like you should add @EnableResourceServer annotation and provide a @Bean of type ResourceServerConfigurer via ResourceServerConfigurerAdapter. The annotation will basically create another WebSecurityConfigurerAdapters with an hard-coded order of 3.
So to summarise you will have 2 or more WebSecurityConfigurerAdapters but one is specific to OAuth2 authentications.
来源:https://stackoverflow.com/questions/45980267/resourceserverconfigureradapter-vs-websecurityconfigureradapter