I have written examples for using oauth1 and oauth2 with spring-security for pseudo-authentication and placed them here: https://github.com/isopov/spring-sec...authentication
The example for OAuth2 is based on the sample taken from git history of cloudfoundry and sample for OAuth1 is written using OAuth2 as a reference. (I'm going to use OAuth1 in my app). Can anyone review this code, since it is security related and therefor price of mistake is very high?
To start, what bothers me with https://github.com/isopov/spring-sec...ionContext.xml is that if I look at security filter chain in debug I see not only oauthConsumerContextFilter and oauthConsumerFilter wrapped in my wrapper (I wrapped them because it seems that both should be placed after EXCEPTION_TRANSLATION_FILTER) but also them at the end of normal security filter chain.
Any thoughts on how this can be fixed or any other problems with this code?