fixed patterns and expressions on http blocks

openid-connect-server/src/main/webapp/WEB-INF/application-context.xml

@@ -57,17 +57,17 @@
 	</security:http>
 
 	<!-- Allow open access to required endpoints -->
-	<security:http auto-config="true">
+	<security:http auto-config="true" pattern="/jwk**" use-expressions="true">
 		<security:intercept-url pattern="/jwk**" access="permitAll"/>
 	</security:http>
-	<security:http auto-config="true">
+	<security:http auto-config="true" pattern="/.well-known**" use-expressions="true">
 		<security:intercept-url pattern="/.well-known**" access="permitAll"/>
 	</security:http>
-	<security:http auto-config="true">
+	<security:http auto-config="true" pattern="/x509**" use-expressions="true">
 		<security:intercept-url pattern="/x509**" access="permitAll"/>	
 	</security:http>
 
- 	<security:http auto-config="true" pattern="/userinfo**">
+ 	<security:http auto-config="true" pattern="/userinfo**" use-expressions="true">
 		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
 		<security:expression-handler ref="oauthWebExpressionHandler" />
 	</security:http>