diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
index 6b54db931..7a9952a5a 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
@@ -35,7 +35,7 @@ public class OAuthConfirmationController {
 	}
 	
 	@PreAuthorize("hasRole('ROLE_USER')")
-	@RequestMapping("/oauth/user/approve")
+	@RequestMapping("/oauth/confirm_access")
 	public ModelAndView confimAccess(@ModelAttribute AuthorizationRequest clientAuth, 
 			ModelAndView modelAndView) {
 		
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/AuthorizationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/AuthorizationEndpoint.java
deleted file mode 100644
index 28047bd27..000000000
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/AuthorizationEndpoint.java
+++ /dev/null
@@ -1,49 +0,0 @@
-package org.mitre.openid.connect.web;
-
-import java.util.TreeMap;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.oauth2.provider.AuthorizationRequest;
-import org.springframework.security.oauth2.provider.ClientDetails;
-import org.springframework.security.oauth2.provider.ClientDetailsService;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.ModelAttribute;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.servlet.ModelAndView;
-
-@Controller
-@RequestMapping("/")
-public class AuthorizationEndpoint {
-
-	@Autowired
-	private ClientDetailsService clientDetailsService;
-
-	//TODO: this endpoint needs to be protected
-	@RequestMapping("/oauth/confirm_access")
-	public ModelAndView getAccessConfirmation(
-			@ModelAttribute AuthorizationRequest clientAuth) throws Exception {
-		ClientDetails client = clientDetailsService
-				.loadClientByClientId(clientAuth.getClientId());
-		TreeMap<String, Object> model = new TreeMap<String, Object>();
-		model.put("auth_request", clientAuth);
-		model.put("client", client);
-		return new ModelAndView("oauth/approve", model);
-	}
-
-	public void setClientDetailsService(
-			ClientDetailsService clientDetailsService) {
-		this.clientDetailsService = clientDetailsService;
-	}
-
-	public ClientDetailsService getClientDetailsService() {
-		return this.clientDetailsService;
-	}
-
-	/*
-	 * handle "idtoken token" flow
-	 */
-
-	/*
-	 * Other flows get handled outside of our endpoints by SSOA
-	 */
-}
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/TokenEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/TokenEndpoint.java
deleted file mode 100644
index ac1cbc2c0..000000000
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/TokenEndpoint.java
+++ /dev/null
@@ -1,16 +0,0 @@
-package org.mitre.openid.connect.web;
-
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-
-@Controller
-@RequestMapping("token")
-public class TokenEndpoint {
-
-	//Corresponds to spring security Authentication Filter class
-	
-	// handle sending back a token and an id token for a code
-	
-	// fall through to SSOA code if no id token?
-	
-}
diff --git a/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/controllers.xml b/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/controllers.xml
index dcab144a8..2e1b8ff85 100644
--- a/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/controllers.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/controllers.xml
@@ -15,4 +15,8 @@
 		<context:include-filter type="annotation" expression="org.springframework.stereotype.Controller" />
 	</context:component-scan>
 	
+	<context:component-scan base-package="org.mitre">
+		<context:include-filter type="annotation" expression="org.springframework.stereotype.Controller" />
+	</context:component-scan>
+	
 </beans>
diff --git a/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml b/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
index 0334f4170..70caaa644 100644
--- a/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
@@ -45,7 +45,7 @@
 	<!-- SECOAUTH Authorization Server, with our custom token granter plugged in -->
 	<oauth:authorization-server client-details-service-ref="defaultOAuth2ClientDetailsEntityService" 
 		token-services-ref="defaultOAuth2ProviderTokenService" token-granter-ref="connectAuthCodeTokenGranter"
-		authorization-endpoint-url="/openidconnect/auth">
+		authorization-endpoint-url="/openidconnect/auth" token-endpoint-url="/openidconnect/token">
 		<oauth:authorization-code authorization-code-services-ref="authCodeServices"/>
 	</oauth:authorization-server>
 	
diff --git a/openid-connect-server/src/main/webapp/WEB-INF/spring/application-context.xml b/openid-connect-server/src/main/webapp/WEB-INF/spring/application-context.xml
index 647809e19..9712ab91f 100644
--- a/openid-connect-server/src/main/webapp/WEB-INF/spring/application-context.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/spring/application-context.xml
@@ -19,13 +19,28 @@
 		
 	<import resource="data-context.xml" />	
 
+
+
 	<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="springSecurityAuthenticationManager"/>
+
 	<security:http use-expressions="true" auto-config="true" authentication-manager-ref="springSecurityAuthenticationManager">
-<!-- 		<security:intercept-url pattern="/oauth/user/**" access="hasRole('ROLE_USER')"/> -->
-		<security:intercept-url pattern="/*" access="permitAll"/>
-		
+ 		<security:intercept-url pattern="/oauth/authorize**" access="hasRole('ROLE_USER')"/> 
+<!--  		<security:intercept-url pattern="/openidconnect/token**" access="hasRole('ROLE_USER')"/>  -->
+		<security:intercept-url pattern="/**" access="permitAll"/>
 	</security:http>
-		
+
+<!-- 	<security:http pattern="/oauth/**" use-expressions="true" auto-config="true" authentication-manager-ref="springSecurityAuthenticationManager"> -->
+<!--  		<security:intercept-url pattern="/oauth/**" access="hasRole('ROLE_USER')"/>	 -->
+<!-- 	</security:http> -->
+
+<!-- 	<security:http pattern="/resources/**" security="none" authentication-manager-ref="springSecurityAuthenticationManager"/> -->
+
+<!-- 	<security:http pattern="/oauth/authorize" security="none" authentication-manager-ref="springSecurityAuthenticationManager"/> -->
+	
+<!-- 	<security:http pattern="/openidconnect/auth" security="none" authentication-manager-ref="springSecurityAuthenticationManager"/> -->
+
+<!-- 	<security:http pattern="/**" security="none" authentication-manager-ref="springSecurityAuthenticationManager"/> -->
+
 	<bean id="clientCredentialsChecker" class="org.springframework.security.oauth2.provider.ClientCredentialsChecker">
 		<constructor-arg>
 			<bean class="org.mitre.oauth2.service.impl.DefaultOAuth2ClientDetailsEntityService"/>
diff --git a/openid-connect-server/src/main/webapp/WEB-INF/views/oauth/approve.jsp b/openid-connect-server/src/main/webapp/WEB-INF/views/oauth/approve.jsp
index f27f5ac1a..6ad0a4f3a 100644
--- a/openid-connect-server/src/main/webapp/WEB-INF/views/oauth/approve.jsp
+++ b/openid-connect-server/src/main/webapp/WEB-INF/views/oauth/approve.jsp
@@ -2,7 +2,7 @@
 <%@ page import="org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException" %>
 <%@ page import="org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter" %>
 <%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags" %>
-<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 <%@ taglib prefix="o" tagdir="/WEB-INF/tags" %>
 
 <o:header title="approve access"/>