Spring OAuth @EnableResourceServer preventing login page from OAuth server
SpringSecurityFilterChain should always be ordered before other filters.If you want to add your own authentication for all or some endpoints the best thing to do is add your own WebSecurityConfigurerAdapter with lower order. Modifying the WebSecurityConfigurerAdapter subclass as follows allows the ResourceServer to work with a jdbc authentication mgr:
@Configuration@Order(-10)protected static class LoginConfig extends WebSecurityConfigurerAdapter { @Autowired private AuthenticationManager authenticationManager; @Autowired private DataSource dataSource; @Override protected void configure(HttpSecurity http) throws Exception { http .formLogin().loginPage("/login").permitAll() .and() .requestMatchers().antMatchers("/login", "/oauth/authorize", "/oauth/confirm_access") .and() .authorizeRequests().anyRequest().authenticated(); } @Override public void configure(AuthenticationManagerBuilder auth) throws Exception { auth.parentAuthenticationManager(authenticationManager).jdbcAuthentication().dataSource(dataSource); }}