Spring Security Document alternative to #oauth2 expression object

I previously used the old Spring Security OAuth2 module, which provided an expression object #oauth2 with hasScope and similar convenience features. As best I can tell, this has been removed with the v5 rewrite, but lots of documentation and the top search results refer to this style.

It would be helpful to explain in the documentation that the expression object is no longer available and identify the alternative (is it simply hasRole('SCOPE_foo'))? (Alternately, the hasScope syntax in particular was conveniently expressive, but I can understand a desire not to unnecessarily add API surface area now that a standardized mapping is available.)

Comment From: jgrandja

@chrylis Configuring authorization is already documented in the reference.

For example, if a protected resource authorizes on the scope read then the configuration would be:

authorizeRequests.mvcMatchers("/resource/**").hasAuthority("SCOPE_read")

It would be helpful to explain in the documentation that the expression object is no longer available

I don't think it makes sense to reference legacy API in the new API reference.

I'm going to close this as I feel configuring scope-based authorization is well documented in the reference.