Spring oauth2指定受保护和不受保护的资源

我在我的 Spring 季MVC网络应用程序中实现了oauth2 . 现在我受到保护和不受保护的资源，比如我的所有网络服务和帐户（用于密码重置，电子邮件验证等） . 我当前的spring安全性阻止所有带访问令牌的请求，即使我指定Account完全访问 . 有人可以纠正如何定义受保护和未受保护的资源 .

网络配置

<!-- Spring Root -->
<context-param>
    <param-name>contextClass</param-name>
    <param-value>
        org.springframework.web.context.support.AnnotationConfigWebApplicationContext
    </param-value>
</context-param>
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>portal</param-value>
</context-param>
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<servlet>
    <servlet-name>SpringDispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextClass</param-name>
        <param-value>
            org.springframework.web.context.support.AnnotationConfigWebApplicationContext
        </param-value>
    </init-param>
    <!-- <init-param> <param-name>contextConfigLocation</param-name> <param-value>portal</param-value> 
        Modify this one to get clean URL without portal by plain "/" </init-param> -->
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>SpringDispatcher</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

<!-- Spring Security -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

oAuth2网络安全

<!-- Definition of the Authentication Service -->
  <http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager"
  xmlns="http://www.springframework.org/schema/security">
        <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY"/>
        <anonymous enabled="false"/>
         <http-basic entry-point-ref="clientAuthenticationEntryPoint"/>
         <!-- include this only if you need to authenticate clients via request parameters -->
         <custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER"/>
          <access-denied-handler ref="oauthAccessDeniedHandler"/>
   </http>

   <http pattern="/Accounts" create-session="stateless" authentication-manager-ref="clientAuthenticationManager"
  xmlns="http://www.springframework.org/schema/security">
          <intercept-url pattern="/Accounts" access="IS_AUTHENTICATED_FULLY"/>
          <anonymous enabled="true"/>
          <http-basic entry-point-ref="clientAuthenticationEntryPoint"/>
          <!-- include this only if you need to authenticate clients via request parameters -->
          <!-- <custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER"/>
          <access-denied-handler ref="oauthAccessDeniedHandler"/> -->
  </http>

   <!-- Protected resources -->
   <http pattern="/**"
  create-session="never"
  entry-point-ref="oauthAuthenticationEntryPoint"
  access-decision-manager-ref="accessDecisionManager"
  xmlns="http://www.springframework.org/schema/security">
          <anonymous enabled="false"/>
          <intercept-url pattern="/**"
               access="ROLE_USER"/>
          <custom-filter ref="resourceServerFilter"
               before="PRE_AUTH_FILTER"/>
          <access-denied-handler
        ref="oauthAccessDeniedHandler"/>
 </http>