Oauth Request is failing on Hybris 6.3 migrated from 5.7
Hi Experts ,
I have done migration from 5.7 to hybris 6.3. I am able to run normal web-service as well resolved CSRF token issue login from storefront but trying make rest service run for mobile api .
I followed same step which has been mentioned https://help.hybris.com/6.3.0/hcd/8c189dc48669101496b594a9bb97a11b.html
As followed by document,I am not using v2 web-services so I changed in common security-spring.xml
and disabled csrf token.
<http xmlns="http://www.springframework.org/schema/security" entry-point-ref="oauthAuthenticationEntryPoint"
authentication-manager-ref="clientAuthenticationManager" create-session="stateless" pattern="/oauth/token">
<security:csrf disabled="true"/>
<intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
<!-- for PRODUCTION requires-channel="https" -->
<anonymous enabled="false" />
<http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
<!-- include this only if you need to authenticate clients via request
parameters -->
<custom-filter before="BASIC_AUTH_FILTER" ref="clientCredentialsTokenEndpointFilter" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
<http disable-url-rewriting="true"
xmlns="http://www.springframework.org/schema/security">
<security:csrf disabled="true"/>
<access-denied-handler error-page="/login"/>
<intercept-url pattern="/oauth/**" access="ROLE_CUSTOMERGROUP" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<form-login authentication-failure-url="/login.jsp?authentication_error=true" default-target-url="/index.jsp"
login-page="/login.jsp" login-processing-url="/login.do" />
<logout logout-success-url="/index.jsp" logout-url="/logout.do" />
<anonymous />
</http>
..........................................................................................
after this ,I have created oauth clients via back-office as per documentation : https://help.hybris.com/6.0.0/hcd/627c92db29ce4fce8b01ffbe478a8b3b.html#loio4079b4327ac243b6b3bd507cda6d74ff
Now ,when I try to hit the rest service with URL:
then I am receiving response:
{ "errors": [ { "message": Failed to evaluate expression 'IS_AUTHENTICATED_FULLY', "type": IllegalArgumentError } ] }
with backend exception :
enter code herepringframework.security.web.access.ExceptionTranslationFilter@7f56559c, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@695d3126]]]]'!; nested exception is java.lang.Illega
lArgumentException: Failed to evaluate expression 'IS_AUTHENTICATED_FULLY'] with root cause
org.springframework.expression.spel.SpelEvaluationException: EL1008E:(pos 0): Property or field 'IS_AUTHENTICATED_FULLY' cannot be found on object of type 'org.springframework.security.web.access.expr
ession.WebSecurityExpressionRoot' - maybe not public?
at org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:224)
at org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:94)
at org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:81)
at org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:131)
at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:299)
at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:26)
at org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:52)
at org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:33)
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:63)