Creates an OAuth2RestTemplate with all the pieces needed to connect to a remote resource from a web application. Injects request and session-scoped beans into the template, so can only be used in the context of a web request. The OAuth2ProtectedResourceDetails governing the configuration of this client. Mandatory. The reference to the bean that manages access token acquisition. Optional (defaults to a chain including common grant types from the spec). Specifies that the oauth 2 authorization and token endpoints should be created in the application context. These are implemented as regular Spring @Controller beans, so as long as the default Spring MVC set up in present in the application the endpoints should work (at /oauth/authorization and /oauth/token by default). The configuration of the authorization code mechanism. This mechanism enables a way for clients to obtain an access token by obtaining an authorization code. Whether to disable the authorization code mechanism. The reference to the bean that defines the authorization code services. Default value is an instance of "org.springframework.security.oauth2.provider.authorization_code.InMemoryAuthorizationCodeServices". The configuration of the client credentials grant type. Whether to disable the implicit grant type The configuration of the refresh token grant type. Whether to disable the refresh token grant type The configuration of the client credentials grant type. Whether to disable the refresh token grant type The configuration of the resource owner password grant type. Whether to disable the refresh token grant type A reference to an authentication manager that can be used to authenticate the resource owner The configuration of your custom grant type. Whether to disable this grant type A reference to your token granter The reference to the bean that defines the client details service. The URL at which a request for an access token will be serviced. Default value: "/oauth/token" The URL at which a user is redirected for authorization. Default value: "/oauth/authorize" The reference to the bean that defines the granter of different oauth token types. The reference to the bean that defines the implicit grant service. The reference to the bean that defines the token services. Default value is an instance of "org.springframework.security.oauth2.provider.token.DefaultTokenServices". The reference to the bean that defines the manager for authorization requests from the input parameters (e.g. request parameters). Default value is an instance of "org.springframework.security.oauth2.provider.token.DefaultAuthorizationRequestManager". Reference to a bean that handles user approval decisions. Using this strategy servers can selectively skip the approval process depending on decisions in the past or on the type of client. The URL of the page that handles the user approval form (if needed, depending on the grant type). The default is "forward:/oauth/confirm_access" which is not handled by the authorization endpoint, so normally you will have to supply a handler for this path. The URL of the page that handles errors (default forward:/oauth/error). The name of the form parameter that is used to indicate user approval of the client authentication request. Default value: "user_oauth_approval". The reference to the bean that defines the redirect resolver, used during the user authorization. Default value is an instance of "org.springframework.security.oauth2.provider.authorization_code.DefaultRedirectResolver". Specifies that there are oauth 2 protected resources in the application context. This element has an id which is the bean id of the filter created. The filter should be added to the Spring Security filter chain at position before="PRE_AUTH_FILTER" The resource id that is protected by this filter if any. If empty or absent then all resource ids are allowed, otherwise only tokens which are granted to a client that contains this reosurce id will be legal. The reference to the bean that defines the token services. Default value is an instance of "org.springframework.security.oauth2.provider.token.DefaultTokenServices". The reference to the bean that defines the entry point for failed authentications. Defaults to a vanilla org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint. The reference to the bean that defines the AuthenticationDetailsSource. Default element that contains the definition of the OAuth clients that are allowed to access this service. Definition of a client that can act on behalf of a user. The client id. The client secret. If the secret is undefined or empty (the default) the client does not require a secret. The re-direct URI(s) established during registration (optional, comma separated). The resource ids to which this client can be granted access (comma-separated). If missing or empty all resources are accessible (not recommended by the spec). The scopes to which the client is limited (comma-separated). If scope is undefined or empty (the default) the client is not limited by scope, but in that case the authorization service must explicitly accept unlimited access by not specifying any scopes itself. Grant types that are authorized for the client to use (comma-separated). Currently defined grant types include "authorization_code", "password", "assertion", and "refresh_token". Default value is "authorization_code,refresh_token". Authorities that are granted to the client (comma-separated). Distinct from the authorities granted to the user on behalf of whom the client is acting. The access token validity period in seconds (optional). If unspecified a global default will be applied by the token services. The refresh token validity period in seconds (optional). If unspecified a global default will be applied by the token services. Element for declaring and configuring an expression handler for oauth security expressions. See http://static.springsource.org/spring-security/site/docs/3.0.x/reference/el-access.html Element for declaring and configuring an expression handler for oauth security expressions in http intercept urls. See http://static.springsource.org/spring-security/site/docs/3.0.x/reference/el-access.html Creates the oauth 2 client filter be be added to the application security policy. The reference to the bean that defines the redirect strategy, used when redirecting the user for access authorization. Default value is an instance of "org.springframework.security.web.DefaultRedirectStrategy". Definition of a remote resource that is protected via OAuth2 to which this client application wants access. The grant type. Currently defined grant types include "authorization_code", "password", and "assertion". Default value is "authorization_code". The client id. This is the id by which the resource server will identify this application. The uri to where the access token may be obtained. Comma-separted list of string specifying the scope of the access to the resource. By default, no scope will be specified. The secret asssociated with the resource. By default, no secret will be supplied for access to the resource. The scheme that is used to pass the client secret. Suggested values: "header" and "form". Default: "header". See section 2.1 of the OAuth 2 spec. The uri to which the user will be redirected if the user is ever needed to grant an authorization code. The method for bearing the token when accessing the resource. Default value is "header". See AuthenticationScheme enum for possible values. The name of the bearer token. The default is "access_token", which is according to the spec, but some providers (e.g. Facebook) don't conform to the spec. Some resource servers may require a pre-established URI to which they will redirect users after users authorize an access token. Boolean flag indicating that the current URI should be used as a redirect (if available) rather than the registered redirect URI. Default is true. The username for authentication, required only when type is "password". The password for authentication, required only when type is "password".