CODEWITHSUNDEEP
springspring-securityoauth-2.0spring-oauth2
Dave
Dave

Reputation: 19220

"Unsupported configuration attributes: [IS_AUTHENTICATED_FULLY]" when trying to configure Spring 4 / OAuth 2

I recently upgraded to Spring SEcurity 4.2.2.RELEASE and now I'm having trouble with my OAuth2 configuration (using v 2.0.7.RELEASE). I want to force URLs that look like '/context-path/api/**' to require an OAuth access token. SO I have

<http pattern="/api/**"  
              create-session="never"
              entry-point-ref="oauthAuthenticationEntryPoint"
              access-decision-manager-ref="accessDecisionManager"
              xmlns="http://www.springframework.org/schema/security">
 <anonymous enabled="false" />
 <intercept-url pattern="/**"
                         access="IS_AUTHENTICATED_FULLY"/>
 <custom-filter ref="resourceServerFilter"
                         before="PRE_AUTH_FILTER" />
 <access-denied-handler ref="oauthAccessDeniedHandler" />

HOwever, after upgrading to Spring SEcurity 4, I'm getting this error ...

Caused by: java.lang.IllegalArgumentException: Unsupported configuration attributes: [IS_AUTHENTICATED_FULLY]

WHat's the right way to indicate that the user must have fully authenticated in order to access my resource?

Upvotes: 2

Views: 1525

Answers (1)

user2252882
user2252882

Reputation:

The problem is that in Spring Security 4.x XML configuration uses expressions by default and IS_AUTHENTICATED_FULLY is not the expression syntax. Either disable expressions using use-expressions="false" in your <http> tag or replace IS_AUTHENTICATED_FULLY with fullyAuthenticated.

Upvotes: 3

Related Questions