spring-security-oauth2：intercept-url的access字段IS_AUTHENTICATED_FULLY无法使用了

最近把spring-security-oauth2的版本更新到了最新版，发现路径限制的access属性已经不能再使用原有的字符串和hasRole等函数了，百度上找的都是旧版的用法，官网也没怎么看懂，求大佬支招
下面两种方式都试过了，还是没法启动。

<security:intercept-url pattern="/oauth/token" access="hasRole('ROLE_USER')" />
<security:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />

<security:intercept-url pattern="/api/**" access="hasRole('ROLE_USER')" />
<security:intercept-url pattern="/api/**" access="IS_AUTHENTICATED_FULLY" />

Caused by: java.lang.IllegalArgumentException: Unsupported configuration attributes: [hasRole('ROLE_USER')]
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:176)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1804)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1741)
    ... 47 more