@Override
 protected void configure(HttpSecurity http) throws Exception {
   AuthorizationServerSecurityConfigurer configurer = new AuthorizationServerSecurityConfigurer();
   FrameworkEndpointHandlerMapping handlerMapping = endpoints.oauth2EndpointHandlerMapping();
   http.setSharedObject(FrameworkEndpointHandlerMapping.class, handlerMapping);
   configure(configurer);
   http.apply(configurer);
   String tokenEndpointPath = handlerMapping.getServletPath("/oauth/token");
   String tokenKeyPath = handlerMapping.getServletPath("/oauth/token_key");
   String checkTokenPath = handlerMapping.getServletPath("/oauth/check_token");
   // @formatter:off
   http.authorizeRequests()
       .antMatchers(tokenEndpointPath)
       .fullyAuthenticated()
       .antMatchers(tokenKeyPath)
       .access(configurer.getTokenKeyAccess())
       .antMatchers(checkTokenPath)
       .access(configurer.getCheckTokenAccess())
       .and()
       .requestMatchers()
       .antMatchers(tokenEndpointPath, tokenKeyPath, checkTokenPath);
   // @formatter:on
   http.setSharedObject(ClientDetailsService.class, clientDetailsService);
 }
 @Override
 public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
   oauthServer
       .tokenKeyAccess("isAnonymous() || hasAuthority('" + AuthoritiesConstants.USER + "')")
       .checkTokenAccess("hasAuthority('" + AuthoritiesConstants.USER + "')");
 }
 @Override
 public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
   oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
 }
 @Override
 public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
   oauthServer.realm("sens/client");
 }