That is needed to add the OAUTH2 scope voter to the auth decision process. Well, that is going to mess with the
element if you're using it and have use-expressions="true".
So even if you have:
your expressions will not work. You will get a stack trace like the following:
java.lang.IllegalArgumentException: Unsupported configuration attributes: [hasRole('ROLE_USER'), permitAll]...
That's because of the above custom definition of the accessDecisionManager bean. You need to switch the RoleVoter definition in the accessDecisionManager for a WebExpressionVoter in order for the web expressions to become available, just like this:
Here you go,
Enjoy Spring Security (with OAUTH2) as before.