Is anyone using the OAuth2ClientProcessingFilter? I can't see much value in it, so I'm planning to rip it out unless someone has a good use case (https://jira.springsource.org/browse/SECOAUTH-223). Reminder it's part of the client-side support and it lets you add an extra layer of assertions about particular client URLs, to ensure that they cannot be accessed without the correct OAuth2 credentials. It's pointless in my opinion because the resource server should prevent you from accessing those resources anyway. The filter on the client only has the effect of preventing the resource server from ever even being asked.