I'm trying to override the behaviour of OAuth2AuthorizationFilter. There are a couple of posts on this subject. One post implies it's not trivial to override. The other I've tried by declaring a bean in applicationContext:
<beans:bean id="oauth2AuthorizationFilter" class="org.springframework.security.oauth2.provide r.CustomOAuth2AuthorizationFilter">
but couldn't get this to pick up.
I'm trying to model different grant types using separate paths:
/oauth/authorize - for resource owner password grant type
/oauth/refresh - for exchanging a refresh token for an access token.
and I still want OAuth2AuthorizationFilter to do the work and want to avoid running two instances of the filter in the chain. If that makes sense.
Any help would be much appreciated.