Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 13:23:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix documentation for Custom Authorization Manager

Browse Source 
Closes gh-13967

Signed-off-by: as1605 <1605.aditya.singh@gmail.com>
This commit is contained in:
as1605
2025-12-26 09:32:45 +05:30
committed by Josh Cummings
parent 721b22d87a
commit 3076367168
1 changed files with 26 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/modules/ROOT/pages/servlet/authorization/method-security.adoc
+26 -16
View File
@@ -1382,12 +1382,15 @@ Java::
[source,java,role="primary"]
----
@Component
public class MyAuthorizationManager implements AuthorizationManager<MethodInvocation>, AuthorizationManager<MethodInvocationResult> {
public class MyPreAuthorizeAuthorizationManager implements AuthorizationManager<MethodInvocation> {
@Override
public AuthorizationResult authorize(Supplier<Authentication> authentication, MethodInvocation invocation) {
// ... authorization logic
}
}
@Component
public class MyPostAuthorizeAuthorizationManager implements AuthorizationManager<MethodInvocationResult> {
@Override
public AuthorizationResult authorize(Supplier<Authentication> authentication, MethodInvocationResult invocation) {
// ... authorization logic
@@ -1400,11 +1403,14 @@ Kotlin::
[source,kotlin,role="secondary"]
----
@Component
class MyAuthorizationManager : AuthorizationManager<MethodInvocation>, AuthorizationManager<MethodInvocationResult> {
class MyPreAuthorizeAuthorizationManager : AuthorizationManager<MethodInvocation> {
override fun authorize(authentication: Supplier<Authentication>, invocation: MethodInvocation): AuthorizationResult {
// ... authorization logic
}
}
@Component
class MyPostAuthorizeAuthorizationManager : AuthorizationManager<MethodInvocationResult> {
override fun authorize(authentication: Supplier<Authentication>, invocation: MethodInvocationResult): AuthorizationResult {
// ... authorization logic
}
@@ -1427,13 +1433,15 @@ Java::
class MethodSecurityConfig {
@Bean
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
Advisor preAuthorize(MyAuthorizationManager manager) {
Advisor preAuthorize() {
MyPreAuthorizeAuthorizationManager manager = new MyPreAuthorizeAuthorizationManager();
return AuthorizationManagerBeforeMethodInterceptor.preAuthorize(manager);
}
@Bean
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
Advisor postAuthorize(MyAuthorizationManager manager) {
Advisor postAuthorize() {
MyPostAuthorizeAuthorizationManager manager = new MyPostAuthorizeAuthorizationManager();
return AuthorizationManagerAfterMethodInterceptor.postAuthorize(manager);
}
}
@@ -1446,17 +1454,19 @@ Kotlin::
@Configuration
@EnableMethodSecurity(prePostEnabled = false)
class MethodSecurityConfig {
@Bean
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
fun preAuthorize(manager: MyAuthorizationManager) : Advisor {
return AuthorizationManagerBeforeMethodInterceptor.preAuthorize(manager)
}
@Bean
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
fun preAuthorize(): Advisor {
val manager = MyPreAuthorizeAuthorizationManager()
return AuthorizationManagerBeforeMethodInterceptor.preAuthorize(manager)
}
@Bean
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
fun postAuthorize(manager: MyAuthorizationManager) : Advisor {
return AuthorizationManagerAfterMethodInterceptor.postAuthorize(manager)
}
@Bean
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
fun postAuthorize(): Advisor {
val manager = MyPostAuthorizeAuthorizationManager()
return AuthorizationManagerAfterMethodInterceptor.postAuthorize(manager)
}
}
----
@@ -1471,13 +1481,11 @@ Xml::
<bean id="preAuthorize"
class="org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor"
factory-method="preAuthorize">
<constructor-arg ref="myAuthorizationManager"/>
</bean>
<bean id="postAuthorize"
class="org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor"
factory-method="postAuthorize">
<constructor-arg ref="myAuthorizationManager"/>
</bean>
----
======
@@ -1487,6 +1495,8 @@ Xml::
You can place your interceptor in between Spring Security method interceptors using the order constants specified in `AuthorizationInterceptorsOrder`.
====
Additionally, you can also implement `MethodAuthorizationDeniedHandler` by the same manager, to override default exception handling behavior.
[[customizing-expression-handling]]
=== Customizing Expression Handling