P E N C I L
Login
ResourceServer deep dive

Which filter setup?

OAuth2AuthenticationProcessingFilter

- How is it setup?

It's just a normal HttpSecurityFilter setup by install by ResourceServerSecurityConfigurer#configure
httpSecurity.addFilterBefore(resourcesServerFilter, AbstractPreAuthenticatedProcessingFilter.class)

- Logic
OAuth2AuthenticationProcessingFilter {

authentication = bearertokenExtractor.extract(httpRequest)

oauth2AuthenticationManager.authenticate(authentication) {
defaultTokenService.load(authentication.getPrincipal()) {
oAuth2AccessToken = tokenStore.readAccessToken(principal)
check token is not expired
}
}
}