OAuth2RestTemplate used to invoke unsecured method on webservice

[samuel_coutinho]

Hi,

I have REST webservice and a website which is a client of the webservice. The webservice has some secured endpoints which i have secured using OAuth2 password grant. The website uses OAuth2RestTemplate when interacting with the webservice. The template is session scoped. I want all communication between the website and webservice to go via this template.

Currently if i invoke an unprotected endpoint on the webservice (this is possible as the user can do a number of things on the website that doesnt require authentication) I get an exception as the template falls over when trying to get an access token.

I dont want the website code to have to decide whether to use OAuth2RestTemplate or a normal Resttemplate depending on whether a public or a protected webservice endpoint is invoked.

Do you have any suggestions on how I can go about achieving this?

Thanks

[Dave Syer]

You're not really supposed to use password grants for that kind of set up - the password shouldn't be revealed to the client and you can easily avoid that by using auth code grant. Is there a reason you don't want to do that?