spring mvc - Relation between WebSecurityConfigurerAdapter and ResourceServerConfigurerAdapter

Question

I'm trying to integrate Spring OAuth2 into Spring MVC REST. Most of the Spring OAuth2 examples, there is only ResourceServerConfigurerAdapter and some of have WebSecurityConfigurerAdapter as well. I'm not going to integrate OAuth with Google, Facebook, etc. I'm trying to provide a token based authentication for Spring MVC REST which is currently based on Basic Authentication. Can someone exaplin me what is required and not or good resource to understand the Spring MVC REST +OAuth integration in a single server?

Currently my POC works without WebSecurityConfigurerAdapter, but with ResourceServerConfigurerAdapter along with AuthorizationServerConfigurerAdapter. It looks like ResourceServerConfigurerAdapter is enough. Now I'm not sure what should I do to my existing WebSecurityConfigurerAdapter which is working perfectly in my Spring MVC REST application.

Answer 1

Here is a good answer https://stackoverflow.com/a/28604260, it looks like WebSecurityConfigurerAdapter is an order inferior to the ResourceServerConfigurerAdapter.

I have a WebSecurityConfigurerAdapter and a ResourceServerConfigurerAdapter, but the endpoints security configuration is in the ResourceServerConfigurerAdapter under:

public void configure(HttpSecurity http) throws Exception {

I also have the following configuration:

security:
    oauth2:
        resource:
            filter-order: 3

Else the endpoints security configuration is ignored (I don't know why).