<client-details-service> vs <client>

[errigo]

Hi everyone, I'm really new to Spring and Spring Security so I have to ask you some advice: in spring-security-oauth2-1.0.xsd I can't figure out the difference between

Code:

<client-details-service>
      <client />
</client-details-service>

and

Code:

<client />

Reading from here I understand that the loaded ones are those in <client-details-service>, so what to do with the <client> ones? What is their use?

I have the same issue with

Code:

<resource-server>

and

Code:

<resource>

Could you point me some more detailed documentation?
Thanks in advance.

[Dave Syer]

A <client/> is just an element in the (in-memory) <client-details-service/> (it's just like the in-memory <user-details-srevice/> in Spring Security core). It's OK for development or for small systems, but you probably need something with a real backend store for a production system (just like the user details).

A <resource-server/> is a filter that you add to your Spring Security filter chain in a Resource Server.

A <resource/> is the client-side view of that - it tells an OAuth2 client how to connect to a Resource Server.

That link is *really* old (the project is now hosted on github: http://github.com/SpringSource/spring-security-oauth) and the docs are in teh wiki there. If you think you can improve them please feel free to make changes.

[errigo]

So to implement my real store i have to ref my bean in
<authorization-server client-details-service-ref="BeanToMyClass" />
and i will need no more the <client-details-service />, right?

About resources now I think I have clearer ideas, but are anywhere more exaples? Sparklr is maybe too simple to be complete and clear on some aspects.

Thanks for your quick reply.