From 6020ab8e651d6bc19e3b827cc8b02905c2f532d0 Mon Sep 17 00:00:00 2001
From: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Date: Fri, 27 Mar 2026 16:34:20 -0600
Subject: [PATCH] Polish CustomAuthorizationManager Docs

Issue gh-13967

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
---
 .../authorization/method-security.adoc        | 32 +++++++++----------
 1 file changed, 15 insertions(+), 17 deletions(-)

diff --git a/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc b/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc
index 43b1824fb4..0215f83732 100644
--- a/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc
+++ b/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc
@@ -1433,15 +1433,13 @@ Java::
 class MethodSecurityConfig {
     @Bean
 	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
-	Advisor preAuthorize() {
-        MyPreAuthorizeAuthorizationManager manager = new MyPreAuthorizeAuthorizationManager();
+	Advisor preAuthorize(MyPreAuthorizeAuthorizationManager manager) {
 		return AuthorizationManagerBeforeMethodInterceptor.preAuthorize(manager);
 	}
 
 	@Bean
 	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
-	Advisor postAuthorize() {
-        MyPostAuthorizeAuthorizationManager manager = new MyPostAuthorizeAuthorizationManager();
+	Advisor postAuthorize(MyPostAuthorizeAuthorizationManager manager) {
 		return AuthorizationManagerAfterMethodInterceptor.postAuthorize(manager);
 	}
 }
@@ -1454,19 +1452,17 @@ Kotlin::
 @Configuration
 @EnableMethodSecurity(prePostEnabled = false)
 class MethodSecurityConfig {
-    @Bean
-    @Role(BeanDefinition.ROLE_INFRASTRUCTURE)
-    fun preAuthorize(): Advisor {
-        val manager = MyPreAuthorizeAuthorizationManager()
-        return AuthorizationManagerBeforeMethodInterceptor.preAuthorize(manager)
-    }
+	@Bean
+	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
+	fun preAuthorize(manager: MyPreAuthorizeAuthorizationManager): Advisor {
+		return AuthorizationManagerBeforeMethodInterceptor.preAuthorize(manager)
+	}
 
-    @Bean
-    @Role(BeanDefinition.ROLE_INFRASTRUCTURE)
-    fun postAuthorize(): Advisor {
-        val manager = MyPostAuthorizeAuthorizationManager()
-        return AuthorizationManagerAfterMethodInterceptor.postAuthorize(manager)
-    }
+	@Bean
+	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
+	fun postAuthorize(manager: MyPostAuthorizeAuthorizationManager): Advisor {
+		return AuthorizationManagerAfterMethodInterceptor.postAuthorize(manager)
+	}
 }
 ----
 
@@ -1481,11 +1477,13 @@ Xml::
 <bean id="preAuthorize"
 	class="org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor"
 	factory-method="preAuthorize">
+    <constructor-arg ref="myPreAuthorizeAuthorizationManager"/>
 </bean>
 
 <bean id="postAuthorize"
 	class="org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor"
 	factory-method="postAuthorize">
+    <constructor-arg ref="myPostAuthorizeAuthorizationManager"/>
 </bean>
 ----
 ======
@@ -1495,7 +1493,7 @@ Xml::
 You can place your interceptor in between Spring Security method interceptors using the order constants specified in `AuthorizationInterceptorsOrder`.
 ====
 
-Additionally, you can also implement `MethodAuthorizationDeniedHandler` by the same manager, to override default exception handling behavior.
+You can also implement `MethodAuthorizationDeniedHandler` in the same manager class to override the default exception-handling behavior.
 
 [[customizing-expression-handling]]
 === Customizing Expression Handling