jjbubudi/oauth.xml

## oauth.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
       xmlns:http="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
                           http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
                           http://www.springframework.org/schema/security
                           http://www.springframework.org/schema/security/spring-security-3.2.xsd
                           http://www.springframework.org/schema/security/oauth2
                           http://www.springframework.org/schema/security/spring-security-oauth2.xsd">

    <!-- OAuth 2.0 endpoints -->
    <security:http pattern="/oauth/token"
                   use-expressions="true"
                   create-session="stateless"
                   authentication-manager-ref="clientAuthenticationManager"
                   entry-point-ref="clientAuthenticationEntryPoint">
        <security:anonymous enabled="false"/>
        <security:custom-filter ref="clientCredentialsTokenEndpointFilter" before="PRE_AUTH_FILTER"/>
        <security:intercept-url pattern="/oauth/token" method="POST" access="isFullyAuthenticated()"/>
        <security:intercept-url pattern="/oauth/token" access="denyAll()"/>
    </security:http>

    <bean id="clientAuthenticationEntryPoint"
          class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint"/>

    <security:authentication-manager id="clientAuthenticationManager">
        <security:authentication-provider user-service-ref="clientDetailsUserService"/>
    </security:authentication-manager>

    <bean id="clientDetailsUserService"
          class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
        <constructor-arg ref="clientDetailsService"/>
    </bean>

    <oauth:client-details-service id="clientDetailsService">
        <oauth:client
                client-id="ccc"
                secret="bbb"
                redirect-uri="http://google.com"
                authorized-grant-types="authorization_code,password,refresh_token"
                authorities="ROLE_CLIENT, ROLE_TRUSTED_CLIENT"
                scope="read,write,trust"/>
    </oauth:client-details-service>

    <bean id="clientCredentialsTokenEndpointFilter"
          class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
        <property name="authenticationManager" ref="clientAuthenticationManager"/>
    </bean>

    <!-- Protected resources -->
    <security:http pattern="/api/**"
                   use-expressions="true"
                   create-session="never"
                   entry-point-ref="oauthAuthenticationEntryPoint">
        <security:anonymous enabled="false"/>
        <security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER"/>
        <http:intercept-url pattern="/api/**" access="isFullyAuthenticated()"/>
        <security:access-denied-handler ref="oauthAccessDeniedHandler"/>
    </security:http>

    <bean id="oauthAuthenticationEntryPoint"
          class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
        <property name="realmName" value="myapp/client"/>
    </bean>

    <oauth:resource-server id="resourceServerFilter"
                           resource-id="myapp"
                           token-services-ref="tokenServices"/>

    <bean id="tokenServices"
          class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
        <property name="tokenStore" ref="tokenStore"/>
        <property name="supportRefreshToken" value="true"/>
        <property name="accessTokenValiditySeconds" value="3600"/>
        <property name="refreshTokenValiditySeconds" value="86400"/>
    </bean>

    <bean id="tokenStore"
          class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore"/>

    <bean id="oauthAccessDeniedHandler"
          class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler"/>

    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider>
            <security:user-service id="userDetailsService">
                <security:user name="admin" password="password" authorities="ROLE_USER"/>
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>

    <oauth:authorization-server client-details-service-ref="clientDetailsService"
                                token-services-ref="tokenServices">
        <oauth:authorization-code/>
        <oauth:refresh-token/>
        <oauth:password/>
    </oauth:authorization-server>

</beans>
	<?xml version="1.0" encoding="UTF-8"?>
	<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:security="http://www.springframework.org/schema/security"
	xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
	xmlns:http="http://www.springframework.org/schema/security"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
	http://www.springframework.org/schema/security
	http://www.springframework.org/schema/security/spring-security-3.2.xsd
	http://www.springframework.org/schema/security/oauth2
	http://www.springframework.org/schema/security/spring-security-oauth2.xsd">

	<!-- OAuth 2.0 endpoints -->
	<security:http pattern="/oauth/token"
	use-expressions="true"
	create-session="stateless"
	authentication-manager-ref="clientAuthenticationManager"
	entry-point-ref="clientAuthenticationEntryPoint">
	<security:anonymous enabled="false"/>
	<security:custom-filter ref="clientCredentialsTokenEndpointFilter" before="PRE_AUTH_FILTER"/>
	<security:intercept-url pattern="/oauth/token" method="POST" access="isFullyAuthenticated()"/>
	<security:intercept-url pattern="/oauth/token" access="denyAll()"/>
	</security:http>

	<bean id="clientAuthenticationEntryPoint"
	class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint"/>

	<security:authentication-manager id="clientAuthenticationManager">
	<security:authentication-provider user-service-ref="clientDetailsUserService"/>
	</security:authentication-manager>

	<bean id="clientDetailsUserService"
	class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
	<constructor-arg ref="clientDetailsService"/>
	</bean>

	<oauth:client-details-service id="clientDetailsService">
	<oauth:client
	client-id="ccc"
	secret="bbb"
	redirect-uri="http://google.com"
	authorized-grant-types="authorization_code,password,refresh_token"
	authorities="ROLE_CLIENT, ROLE_TRUSTED_CLIENT"
	scope="read,write,trust"/>
	</oauth:client-details-service>

	<bean id="clientCredentialsTokenEndpointFilter"
	class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
	<property name="authenticationManager" ref="clientAuthenticationManager"/>
	</bean>

	<!-- Protected resources -->
	<security:http pattern="/api/**"
	use-expressions="true"
	create-session="never"
	entry-point-ref="oauthAuthenticationEntryPoint">
	<security:anonymous enabled="false"/>
	<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER"/>
	<http:intercept-url pattern="/api/**" access="isFullyAuthenticated()"/>
	<security:access-denied-handler ref="oauthAccessDeniedHandler"/>
	</security:http>

	<bean id="oauthAuthenticationEntryPoint"
	class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
	<property name="realmName" value="myapp/client"/>
	</bean>

	<oauth:resource-server id="resourceServerFilter"
	resource-id="myapp"
	token-services-ref="tokenServices"/>

	<bean id="tokenServices"
	class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
	<property name="tokenStore" ref="tokenStore"/>
	<property name="supportRefreshToken" value="true"/>
	<property name="accessTokenValiditySeconds" value="3600"/>
	<property name="refreshTokenValiditySeconds" value="86400"/>
	</bean>

	<bean id="tokenStore"
	class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore"/>

	<bean id="oauthAccessDeniedHandler"
	class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler"/>

	<security:authentication-manager alias="authenticationManager">
	<security:authentication-provider>
	<security:user-service id="userDetailsService">
	<security:user name="admin" password="password" authorities="ROLE_USER"/>
	</security:user-service>
	</security:authentication-provider>
	</security:authentication-manager>

	<oauth:authorization-server client-details-service-ref="clientDetailsService"
	token-services-ref="tokenServices">
	<oauth:authorization-code/>
	<oauth:refresh-token/>
	<oauth:password/>
	</oauth:authorization-server>

	</beans>