That is needed to add the OAUTH2 scope voter to the auth decision process. Well, that is going to mess with the element if you're using it and have use-expressions="true".
So even if you have:
your expressions will not work. You will get a stack trace like the following:
java.lang.IllegalArgumentException: Unsupported configuration attributes: [hasRole('ROLE_USER'), permitAll]...
That's because of the above custom definition of the accessDecisionManager bean. You need to switch the RoleVoter definition in the accessDecisionManager for a WebExpressionVoter in order for the web expressions to become available, just like this:
Here you go,
Enjoy Spring Security (with OAUTH2) as before.
9 comments:
Thank you very much !, I spent a lot of time to find this as I am a Oauth newbie.
Thank you!
Fantistic. Thanks!
Thanks for the post. One thing to add:
If you plan to use any of the oauth2 expressions like oauth2.hasScope or oauth2.clientHasRole you'll also need to configure the web expression handler as a property of the voter. For example (apologies for formatting):
<bean class="org.springframework.security.web.access.expression.WebExpressionVoter">
<property name="expressionHandler" ref="oauthWebExpressionHandler" />
</bean>
Thank you very much !
Very helpful. Thanks for post
You just saved my bacon
i love you so much! thank you !!!
Thanks a bunch! That helped me a lot!
Post a Comment