22

I get the following error...

Unsupported configuration attributes: [permitAll]

When adding ....

<sec:intercept-url pattern="/nonsecure/**" access="permitAll" />

I'm on Websphere with Spring 2.5.

Can anyone help?

Jeff Porter

Tiny
  • 27,221
  • 105
  • 339
  • 599
jeff porter
  • 6,560
  • 13
  • 65
  • 123
  • See this answer - http://stackoverflow.com/questions/3394657/spring-security-how-to-exclude-certain-resources/3394803#3394803 – Qrilka Nov 13 '10 at 09:48

2 Answers2

57

you have to add use-expressions tag to your http configuration in security xml for example:

<http auto-config="true" use-expressions="true">
...
...
</http>
A_J
  • 1,635
  • 1
  • 18
  • 31
  • 5
    This is the real answer ! – Rakesh Waghela Nov 10 '13 at 07:43
  • 1
    BTW this configuration is done by default if you're using Java Configuration – Alexis Gamarra Apr 10 '15 at 20:40
  • Also don't use `auto-config` anymore : `A legacy attribute which automatically registers a login form, BASIC authentication and a logout URL and logout services. If unspecified, defaults to "false". We'd recommend you avoid using this and instead explicitly configure the services you require. ` from https://docs.spring.io/autorepo/schema/spring-security/3.2.0.RC2/security/spring-security-3.2.xsd – alain.janinm Feb 01 '18 at 15:33
9

To be able to use expressions such as [permitAll] you have to add a a WebExpressionVoter to your AccessDecisionManager

Luxspes
  • 6,268
  • 2
  • 28
  • 31