So, it sounds like you're trying to secure a REST API with OAuth 2. For that, your best bet would be to look at Spring Security for OAuth (http://static.springsource.org/spring-security/oauth/). The OAuth2-oriented Sparklr and Tonr examples should be helpful and the https://github.com/SpringSource/html5expense and https://github.com/SpringSource/greenhouse apps might also give you some idea on how to secure an API with S2OAuth. If your client is a mobile app, I'd recommend configuring S2OAuth to support the resource-owner credentials grant...and use the authorization code grant for a more traditional browser-based app.
The one thing that makes this more interesting is that you indicate that sign-in itself will be via Facebook. For that you can use Spring Social's ProviderSignInController. The Spring Social Showcase (https://github.com/SpringSource/spring-social-samples) has a good example of doing that. The Greenhouse app also supports FB signin, so that's probably the closest to what you're trying to do.
If you have any specific questions about any of this, feel free to ask. For S2OAuth-specific question, though, you might do better asking in the S2OAuth forum: http://forum.springsource.org/forumdisplay.php?79-OAuth.
Spring Social Project Lead