spring-security-oauth2 hasScope XML method security upgrade to what?

Question

As spring-security-oauth2 obsoleted, see EOL for Spring Security OAuth, I cannot use #oauth2.hasScope([scope]) in XML config provided by OAuth2SecurityExpressionMethods.java.

Expected to see AST parser or similar handler in either spring-security-oauth2-jose, spring-security-oauth2-client, spring-security-oauth2-core to accomplish that in the following example, #oauth2 security expressions on method level.

Is there something I missed for XML config for OAuth2 scope checking? Or I must implement it by hasAuthority('SCOPE_[scope]')?

score 0 · Answer 1 · edited Apr 23 '23 at 20:16

0

I have to switch to hasAuthority("SCOPE_scope").

Spring Security converts scopes that follow the granted authority naming convention`, see OAuth 2.0 Migration Guide

edited Apr 23 '23 at 20:16

dur

15,689
25
79
125

answered Jan 17 '23 at 09:58

John

1

spring-security-oauth2 hasScope XML method security upgrade to what?

1 Answers1