diff --git a/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/config/OAuth2ResourceServerConfig.java b/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/config/OAuth2ResourceServerConfig.java
index c5e33739ae..52bfeb4233 100644
--- a/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/config/OAuth2ResourceServerConfig.java
+++ b/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/config/OAuth2ResourceServerConfig.java
@@ -7,12 +7,13 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
 import org.springframework.core.env.Environment;
+import org.springframework.http.HttpMethod;
 import org.springframework.jdbc.datasource.DriverManagerDataSource;
-import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
-import org.springframework.security.oauth2.provider.expression.OAuth2MethodSecurityExpressionHandler;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
 import org.springframework.security.oauth2.provider.token.TokenStore;
 import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
 
@@ -20,14 +21,25 @@ import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
 @PropertySource({ "classpath:persistence.properties" })
 @EnableResourceServer
 @EnableGlobalMethodSecurity(prePostEnabled = true)
-public class OAuth2ResourceServerConfig extends GlobalMethodSecurityConfiguration {
-
+public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
     @Autowired
     private Environment env;
 
     @Override
-    protected MethodSecurityExpressionHandler createExpressionHandler() {
-        return new OAuth2MethodSecurityExpressionHandler();
+    public void configure(HttpSecurity http) throws Exception {
+        // @formatter:off
+        http
+            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
+            .and()
+            .requestMatchers().antMatchers("/foos/**","/bars/**")
+            .and()
+            .authorizeRequests()
+                .antMatchers(HttpMethod.GET,"/foos/**").access("#oauth2.hasScope('read')")
+                .antMatchers(HttpMethod.POST,"/foos/**").access("#oauth2.hasScope('write')")
+                .antMatchers(HttpMethod.GET,"/bars/**").access("#oauth2.hasScope('read') and hasRole('ROLE_ADMIN')")
+                .antMatchers(HttpMethod.POST,"/bars/**").access("#oauth2.hasScope('write') and hasRole('ROLE_ADMIN')")
+            ;
+        // @formatter:on
     }
 
     @Bean
diff --git a/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/BarController.java b/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/BarController.java
new file mode 100644
index 0000000000..a716635f6d
--- /dev/null
+++ b/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/BarController.java
@@ -0,0 +1,41 @@
+package org.baeldung.web.controller;
+
+import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic;
+import static org.apache.commons.lang3.RandomStringUtils.randomNumeric;
+
+import org.baeldung.web.dto.Bar;
+import org.springframework.http.HttpStatus;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.ResponseStatus;
+
+@Controller
+public class BarController {
+
+    public BarController() {
+        super();
+    }
+
+    // API - read
+    // @PreAuthorize("#oauth2.hasScope('read')")
+    @RequestMapping(method = RequestMethod.GET, value = "/bars/{id}")
+    @ResponseBody
+    public Bar findById(@PathVariable final long id) {
+        return new Bar(Long.parseLong(randomNumeric(2)), randomAlphabetic(4));
+    }
+
+    // API - write
+    // @PreAuthorize("#oauth2.hasScope('write')")
+    @RequestMapping(method = RequestMethod.POST, value = "/bars")
+    @ResponseStatus(HttpStatus.CREATED)
+    @ResponseBody
+    public Bar create(@RequestBody final Bar bar) {
+        bar.setId(Long.parseLong(randomNumeric(2)));
+        return bar;
+    }
+
+}
diff --git a/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/FooController.java b/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/FooController.java
index 8dfa19bd84..a1275670f0 100644
--- a/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/FooController.java
+++ b/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/FooController.java
@@ -4,12 +4,14 @@ import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic;
 import static org.apache.commons.lang3.RandomStringUtils.randomNumeric;
 
 import org.baeldung.web.dto.Foo;
-import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.http.HttpStatus;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.ResponseStatus;
 
 @Controller
 public class FooController {
@@ -19,11 +21,21 @@ public class FooController {
     }
 
     // API - read
-    @PreAuthorize("#oauth2.hasScope('read')")
+    // @PreAuthorize("#oauth2.hasScope('read')")
     @RequestMapping(method = RequestMethod.GET, value = "/foos/{id}")
     @ResponseBody
     public Foo findById(@PathVariable final long id) {
         return new Foo(Long.parseLong(randomNumeric(2)), randomAlphabetic(4));
     }
 
+    // API - write
+    // @PreAuthorize("#oauth2.hasScope('write')")
+    @RequestMapping(method = RequestMethod.POST, value = "/foos")
+    @ResponseStatus(HttpStatus.CREATED)
+    @ResponseBody
+    public Foo create(@RequestBody final Foo foo) {
+        foo.setId(Long.parseLong(randomNumeric(2)));
+        return foo;
+    }
+
 }
diff --git a/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/dto/Bar.java b/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/dto/Bar.java
new file mode 100644
index 0000000000..adbb2aa2ad
--- /dev/null
+++ b/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/dto/Bar.java
@@ -0,0 +1,36 @@
+package org.baeldung.web.dto;
+
+public class Bar {
+    private long id;
+    private String name;
+
+    public Bar() {
+        super();
+    }
+
+    public Bar(final long id, final String name) {
+        super();
+
+        this.id = id;
+        this.name = name;
+    }
+
+    //
+
+    public long getId() {
+        return id;
+    }
+
+    public void setId(final long id) {
+        this.id = id;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(final String name) {
+        this.name = name;
+    }
+
+}
\ No newline at end of file
diff --git a/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/OAuth2AuthorizationServerConfig.java b/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/OAuth2AuthorizationServerConfig.java
index c2f6ca41ae..a0f8baa4bc 100644
--- a/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/OAuth2AuthorizationServerConfig.java
+++ b/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/OAuth2AuthorizationServerConfig.java
@@ -47,10 +47,10 @@ public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigur
     public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
         // @formatter:off
         clients.jdbc(dataSource())
-               .withClient("clientId")
+               .withClient("sampleClientId")
                .authorizedGrantTypes("implicit")
-               .scopes("read")
-               .autoApprove(true)
+               .scopes("read","write")
+               .autoApprove(false)
                .and()
                .withClient("clientIdPassword")
                .secret("secret")
diff --git a/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/ServerSecurityConfig.java b/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/ServerSecurityConfig.java
index 3e1a8a8ccb..46870f3fc3 100644
--- a/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/ServerSecurityConfig.java
+++ b/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/ServerSecurityConfig.java
@@ -12,8 +12,7 @@ public class ServerSecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Override
     protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
-        auth.inMemoryAuthentication().withUser("john").password("123").roles("USER");
-
+        auth.inMemoryAuthentication().withUser("john").password("123").roles("USER").and().withUser("tom").password("111").roles("ADMIN");
     }
 
     @Override
diff --git a/spring-security-oauth/spring-security-oauth-ui-implicit/.project b/spring-security-oauth/spring-security-oauth-ui-implicit/.project
index c9fc2aa8f0..b96a26c60d 100644
--- a/spring-security-oauth/spring-security-oauth-ui-implicit/.project
+++ b/spring-security-oauth/spring-security-oauth-ui-implicit/.project
@@ -25,11 +25,6 @@
 			<arguments>
 			</arguments>
 		</buildCommand>
-		<buildCommand>
-			<name>org.eclipse.m2e.core.maven2Builder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
 		<buildCommand>
 			<name>org.springframework.ide.eclipse.core.springbuilder</name>
 			<arguments>
@@ -40,6 +35,11 @@
 			<arguments>
 			</arguments>
 		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.m2e.core.maven2Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
 	</buildSpec>
 	<natures>
 		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
diff --git a/spring-security-oauth/spring-security-oauth-ui-implicit/src/main/resources/templates/header.html b/spring-security-oauth/spring-security-oauth-ui-implicit/src/main/resources/templates/header.html
index a62bce9747..8cd7be67c3 100644
--- a/spring-security-oauth/spring-security-oauth-ui-implicit/src/main/resources/templates/header.html
+++ b/spring-security-oauth/spring-security-oauth-ui-implicit/src/main/resources/templates/header.html
@@ -11,9 +11,9 @@
 
 <oauth
   site="http://localhost:8081/spring-security-oauth-server"
-  client-id="clientId"
+  client-id="sampleClientId"
   redirect-uri="http://localhost:8081/spring-security-oauth-ui-implicit/"
-  scope="read"
+  scope="read write"
   template="oauthTemp">
 </oauth>
 
@@ -34,9 +34,21 @@ app.config(function($locationProvider) {
 	}).hashPrefix('!');
 });
 
+app.config(['$httpProvider', function ($httpProvider) {
+    $httpProvider.interceptors.push(function ($q,$rootScope) {
+        return {
+            'responseError': function (responseError) {
+                $rootScope.message = responseError.statusText;
+                console.log("error here");
+                console.log(responseError);
+                return $q.reject(responseError);
+            }
+        };
+    });
+}]);
 
 
-app.controller('mainCtrl', function($scope,$resource,$http) {
+app.controller('mainCtrl', function($scope,$resource,$http,$rootScope) {
 	
 	$scope.$on('oauth:login', function(event, token) {
 		$http.defaults.headers.common.Authorization= 'Bearer ' + token.access_token;
@@ -49,6 +61,38 @@ app.controller('mainCtrl', function($scope,$resource,$http) {
 	$scope.getFoo = function(){
 		$scope.foo = $scope.foos.get({fooId:$scope.foo.id});
 	}
+	
+	$scope.createFoo = function(){
+		if($scope.foo.name.length==0)
+		{
+			$rootScope.message = "Foo name can not be empty";
+			return;
+		}
+		$scope.foo.id = null;
+        $scope.foo = $scope.foos.save($scope.foo, function(){
+        	$rootScope.message = "Foo Created Successfully";
+        });
+    }
+	
+	// bar
+	$scope.bar = {id:0 , name:"sample bar"};
+    $scope.bars = $resource("http://localhost:8081/spring-security-oauth-resource/bars/:barId",{barId:'@id'});
+    
+    $scope.getBar = function(){
+        $scope.bar = $scope.bars.get({barId:$scope.bar.id});
+    }
+    
+    $scope.createBar = function(){
+    	if($scope.bar.name.length==0)
+        {
+            $rootScope.message = "Bar name can not be empty";
+            return;
+        }
+        $scope.bar.id = null;
+        $scope.bar = $scope.bars.save($scope.bar, function(){
+            $rootScope.message = "Bar Created Successfully";
+        });
+    }
     
 });
 /*]]>*/
diff --git a/spring-security-oauth/spring-security-oauth-ui-implicit/src/main/resources/templates/index.html b/spring-security-oauth/spring-security-oauth-ui-implicit/src/main/resources/templates/index.html
index c98ed493bd..c50781caf1 100755
--- a/spring-security-oauth/spring-security-oauth-ui-implicit/src/main/resources/templates/index.html
+++ b/spring-security-oauth/spring-security-oauth-ui-implicit/src/main/resources/templates/index.html
@@ -10,19 +10,47 @@
 <div th:include="header"></div>
 
 <div class="container">
-<h1 class="col-sm-12">Foo Details</h1>
+<div class="alert alert-info" ng-show="message">{{message}}</div>
+<h1>Foo Details</h1>
+<div class="col-sm-6">
 <div class="col-sm-12">
-	<label class="col-sm-3">ID</label>
-	<span>{{foo.id}}</span>
+	<label class="col-sm-2">ID</label>
+	<span class="col-sm-10"><input class="form-control" ng-model="foo.id"/></span>
 </div>
 
 <div class="col-sm-12">
-<label class="col-sm-3">Name</label>
-<span>{{foo.name}}</span>
+    <label class="col-sm-2">Name</label>
+    <span class="col-sm-10"><input class="form-control" ng-model="foo.name"/></span>
 </div>
 
 <div class="col-sm-12">
-<a class="btn btn-default" href="#" ng-click="getFoo()">New Foo</a>
+<a class="btn btn-default" href="#" ng-click="getFoo()">Get Foo</a>
+<a class="btn btn-default" href="#" ng-click="createFoo()">Create Foo</a>
+</div>
+</div>
+
+<br/>
+<hr/>
+<br/>
+<br/>
+<br/>
+<h1>Bar Details</h1>
+<div class="col-sm-6">
+<div class="col-sm-12">
+    <label class="col-sm-2">ID</label>
+    <span class="col-sm-10"><input class="form-control" ng-model="bar.id"/></span>
+</div>
+
+<div class="col-sm-12">
+    <label class="col-sm-2">Name</label>
+    <span class="col-sm-10"><input class="form-control" ng-model="bar.name"/></span>
+</div>
+
+<div class="col-sm-12">
+<a class="btn btn-default" href="#" ng-click="getBar()">Get Bar</a>
+<a class="btn btn-default" href="#" ng-click="createBar()">Create Bar</a>
+</div>
+
 </div>
 </div>
 </body>