diff --git a/src/main/java/org/springframework/samples/petclinic/security/AuthorizationServerOAuth2Config.java b/src/main/java/org/springframework/samples/petclinic/security/AuthorizationServerOAuth2Config.java
new file mode 100644
index 0000000000000000000000000000000000000000..a14b41e206fb1193f617a0c70a2ab697cd3bab75
--- /dev/null
+++ b/src/main/java/org/springframework/samples/petclinic/security/AuthorizationServerOAuth2Config.java
@@ -0,0 +1,67 @@
+package org.springframework.samples.petclinic.security;
+
+import javax.sql.DataSource;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
+import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
+
+
+@Configuration
+@EnableAuthorizationServer
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+@Import(ServerSecurityConfig.class)
+public class AuthorizationServerOAuth2Config extends AuthorizationServerConfigurerAdapter {
+
+	@Autowired
+	@Qualifier("dataSource")
+	private DataSource dataSource;
+	@Autowired
+	private AuthenticationManager authenticationManager;
+	@Autowired
+	private UserDetailsService userDetailsService;
+	@Autowired
+	private PasswordEncoder oauthClientPasswordEncoder;
+
+	@Bean
+	public TokenStore tokenStore() {
+		return new JdbcTokenStore(dataSource);
+	}
+
+	@Bean
+	public OAuth2AccessDeniedHandler oauthAccessDeniedHandler() {
+		return new OAuth2AccessDeniedHandler();
+	}
+
+	@Override
+	public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
+		oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()")
+				.passwordEncoder(oauthClientPasswordEncoder);
+	}
+
+	@Override
+	public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+		clients.jdbc(dataSource);
+	}
+
+	@Override
+	public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
+		endpoints.tokenStore(tokenStore()).authenticationManager(authenticationManager)
+				.userDetailsService(userDetailsService);
+	}
+
+}
diff --git a/src/main/java/org/springframework/samples/petclinic/security/ResourceServerConfiguration.java b/src/main/java/org/springframework/samples/petclinic/security/ResourceServerConfiguration.java
new file mode 100644
index 0000000000000000000000000000000000000000..9d40780ded37b60c73c85f2108b81497d6376350
--- /dev/null
+++ b/src/main/java/org/springframework/samples/petclinic/security/ResourceServerConfiguration.java
@@ -0,0 +1,34 @@
+package org.springframework.samples.petclinic.security;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
+
+@Configuration
+@EnableResourceServer
+public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
+	private static final String RESOURCE_ID = "resource-server-rest-api";
+	private static final String SECURED_READ_SCOPE = "#oauth2.hasScope('read')";
+	private static final String SECURED_WRITE_SCOPE = "#oauth2.hasScope('write')";
+	// private static final String SECURED_PATTERN = "/secured/**";
+	private static final String SECURED_PATTERN = "/api/**";
+
+	@Override
+	public void configure(ResourceServerSecurityConfigurer resources) {
+		resources.resourceId(RESOURCE_ID);
+	}
+
+	@Override
+	public void configure(HttpSecurity http) throws Exception {
+		http.
+//		requestMatchers().and().authorizeRequests().antMatchers("/login/**","/logout/**").permitAll().
+//		and().
+		requestMatchers().antMatchers(SECURED_PATTERN).and().authorizeRequests()
+				.antMatchers(HttpMethod.POST, SECURED_PATTERN).access(SECURED_WRITE_SCOPE).anyRequest()
+				.access(SECURED_READ_SCOPE);
+	}
+
+}