That is needed to add the OAUTH2 scope voter to the auth decision process. Well, that is going to mess with the element if you're using it and have use-expressions="true".
So even if you have:
your expressions will not work. You will get a stack trace like the following:
java.lang.IllegalArgumentException: Unsupported configuration attributes: [hasRole('ROLE_USER'), permitAll]...
That's because of the above custom definition of the accessDecisionManager bean. You need to switch the RoleVoter definition in the accessDecisionManager for a WebExpressionVoter in order for the web expressions to become available, just like this:
Here you go,
Enjoy Spring Security (with OAUTH2) as before.
Thank you very much !, I spent a lot of time to find this as I am a Oauth newbie.
ReplyDeleteFantistic. Thanks!
ReplyDeleteThanks for the post. One thing to add:
ReplyDeleteIf you plan to use any of the oauth2 expressions like oauth2.hasScope or oauth2.clientHasRole you'll also need to configure the web expression handler as a property of the voter. For example (apologies for formatting):
<bean class="org.springframework.security.web.access.expression.WebExpressionVoter">
<property name="expressionHandler" ref="oauthWebExpressionHandler" />
</bean>
Thank you very much !
ReplyDeleteVery helpful. Thanks for post
ReplyDeleteYou just saved my bacon
ReplyDeletei love you so much! thank you !!!
ReplyDeleteThanks a bunch! That helped me a lot!
ReplyDeleteGreat readingg your blog post
ReplyDelete