A resource server will have all the protected resources, and these are protected by the OAuth2 token. It's time to learn about this resource server with the help of the code. Create a resource server named  ResourceServerConfig.kt. 

Here is the code of our ResourceServerConfig.kt:

@Configuration
@EnableResourceServer
class ResourceServerConfig: ResourceServerConfigurerAdapter(){

    @Throws(Exception::class)
    override fun configure(http: HttpSecurity?) {
        http!!
                .authorizeRequests()
                .antMatchers("/open_for_all").permitAll() // anyone can enter
                .antMatchers("/private").authenticated() // only authorized user can enter
    }
}

To enable the features of the OAuth 2.0 resource-server mechanism, you need to add an annotation named @EnableResourceServer, and although it's a configuration class, you need to add the @Configuration annotation.

This class extends ResourceServerConfigurerAdapter, this then extends ResourceServerConfigurer, which will make it possible to override and configure ResourceServerConfigurer.

We override configure(http: HttpSecurity?), where we mention which URL paths are protected and which are not protected.

authorizeRequests() permits confining access dependent on the utilization of HttpServletRequest.

antMatchers() refers to the implementation of the Ant-style path patterns in mappings.

We use .antMatchers("/").permitAll(), which allows all users to access this URL path, "/". In addition, we use .antMatchers("/private").authenticated(), which means a user needs a token to access this /private path.