http.authorizeRequests().expressionHandler(new OAuth2WebSecurityExpressionHandler());
ResourceServerSecurityConfigurer resources = new ResourceServerSecurityConfigurer();
http.apply(resources);
ResourceServerTokenServices services = resolveTokenServices();
if (services != null) {
resources.tokenServices(services);
}
else {
if (tokenStore != null) {
resources.tokenStore(tokenStore);
}