I work with M6.
I have a resource server. I implement ResourceServerTokenServices,
and as I saw in the documentations, my XML looks like this:
public class MyRsrcSrvTokenServices implements ResourceServerTokenServices
... <security:http entry-point-ref="oauthAuthenticationEntryPoint"
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
<security:custom-filter ref="resourceServerFilter" after="PRE_AUTH_FILTER" />
<security:access-denied-handler ref="oauthAccessDeniedHandler" />
... <oauth:resource-server id="resourceServerFilter"
<bean id="oauthAuthenticationEntryPoint" class="org...oauth2.provider.error.MediaTypeAwareAuthenticationEntryPoint">
<property name="realmName" value="client" />
1. how my implementation of ResourceServerTokenServices suppose to be called? is it by the filter chain? do i have to call it explicitly? (do I miss something, because I put a breakpoint there and it does not stop there...)
2. what exactly is the "resource_id"? the docs says "The id for the resource (optional, but recommended and will be validated by the auth server if present)", but how do I bind it?
3. Is there a place to read more, except the current docs? what version the docs refer to?