<sec:intercept-urlpattern="/oauth/users/([^/].*?)/tokens/.*"access="#oauth2.clientHasRole('ROLE_CLIENT') and (hasRole('ROLE_USER') or #oauth2.isClient()) and #oauth2.hasScope('write')"method="DELETE"/>
<sec:intercept-urlpattern="/oauth/users/.*"access="#oauth2.clientHasRole('ROLE_CLIENT') and (hasRole('ROLE_USER') or #oauth2.isClient()) and #oauth2.hasScope('read')"method="GET"/>
<sec:intercept-urlpattern="/oauth/clients/.*"access="#oauth2.clientHasRole('ROLE_CLIENT') and #oauth2.isClient() and #oauth2.hasScope('read')"method="GET"/>