I want to create a public REST API but apparently, the Resource Server is only allowed to respond to authenticated requests. Where should I put the public rest controllers? Is there a way for using the same Resource Server an avoid creating the entity and dao clases again in other server?

Thanks in advance for the reply.

Take a look at the Spring Security User Guide and other resources (e.g. type "security" in the search box at https://spring.io/guides). It's just a matter of changing the access rules for the paths you want to protect/unprotect.