@Configuration@EnableResourceServer@EnableGlobalMethodSecurity(prePostEnabled

1. @Configuration
2. @EnableResourceServer
3. @EnableGlobalMethodSecurity(prePostEnabled = true)
4. @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER-1)
5. public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
6. public static final String RESOURCE_ID = "resources";
7.  
8. @Override
9. public void configure(final ResourceServerSecurityConfigurer resources) {
10. resources
11. .resourceId(RESOURCE_ID);
12. }
13.  
14. @Override
15. public void configure(final HttpSecurity http) throws Exception {
16. http
17. .authorizeRequests()
18. .antMatchers(HttpMethod.GET, "/**").access("#oauth2.hasScope('read')")
19. .antMatchers(HttpMethod.POST, "/**").access("#oauth2.hasScope('write')")
20. .antMatchers(HttpMethod.PUT, "/**").access("#oauth2.hasScope('write')")
21. .antMatchers(HttpMethod.PATCH, "/**").access("#oauth2.hasScope('write')")
22. .antMatchers(HttpMethod.DELETE, "/**").access("#oauth2.hasScope('write')")
23. .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
24. .antMatchers(HttpMethod.GET, "/health").permitAll();
25. }
26.  
27. }
28.  
29. @Configuration
30. @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
31. public class SecurityConfig extends WebSecurityConfigurerAdapter {
32.  
33. @Autowired
34. private UserDetailsService userDetailsService;
35.  
36. @Override
37. public void configure(final AuthenticationManagerBuilder auth) throws Exception {
38. auth
39. .userDetailsService(userDetailsService)
40. .passwordEncoder(new BCryptPasswordEncoder());
41. }
42.  
43. @Override
44. protected void configure(final HttpSecurity http) throws Exception {
45. http
46. .authorizeRequests()
47. .anyRequest().authenticated()
48. .and().httpBasic().realmName("OAuth Server");
49. }
50. }
51.  
52. protected void configure(HttpSecurity http) throws Exception {
53. ...
54. .authorizeRequests()
55. .antMatchers("/actuator/**").permitAll()
56. }