不确定如何用一个漂亮的弓来回答所有问题，所以我只是把以下指出：

Not sure how to answer all the questions with a nice bow, so I'll just put the following points out there:

• 您是否尝试以OAuth安全的方式使用Facebook等OAuth安全API？使用Spring Social。


• 如果您正在尝试创建OWN REST API并使用OWN用户上下文，请使用Spring Security OAuth。在这种情况下，您需要客户使用OAuth对您的API进行身份验证，而不是Facebook或LinkedIn等。


• Spring Social Security（在1.2.x系列中）支持'签署'用户进入OAuth连接的结果（例如，'与facebook签名'，'..'，'..'，'..链接，'等等，您的应用程序最终会在会话中以Spring Security主体结束，就好像您曾使用HTTP表单手动签署用户。


• Spring Security OAuth并不关心您从哪里获得Spring Security主体。它只关心主体是否具有正确的角色/ Spring Security OAuth客户端所需的范围。因此，没有理由不能使用Spring Social安全连接到Facebook，使用Spring Social Security让该连接创建Spring Security Authentication对象，然后使用Spring Security OAuth然后保护对您的API的任何访问权限，这反过来可以安全地连接到Facebook的A. PI幕后。客户端将使用OAuth访问令牌为您的API，而不是Facebook。这在服务中处理。

• Are you trying to just consume an OAuth-secured API like Facebook in a OAuth-secured fashion? Use Spring Social.
• If you're trying to create your OWN REST API and use your OWN user context, then use Spring Security OAuth. In this case, you would require clients to authenticate using OAuth against YOUR API, not Facebook or LinkedIn, etc.
• Spring Social Security (in the 1.2.x series) supports 'signing' the user in as the result of an OAuth connection (e.g., 'signin with facebook,' '..twitter,' '..linkedin,' etc., and your application ultimately ends up with a Spring Security principal in session, just as if you had used an HTTP form to sign the user in manually.
• Spring Security OAuth doesn't care where you got the Spring Security principal from. It just cares if the principal has the right roles / scopes required by the Spring Security OAuth client. So, there's no reason you couldn't use Spring Social to securely connect to Facebook, use Spring Social Security to have that connection create a Spring Security Authentication object, and then use Spring Security OAuth to then secure any access to YOUR API, which in turn might securely connect to Facebook's API behind the scenes. Clients would use the OAuth access token for YOUR API, not Facebook. That gets handled in the service.