diff --git a/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc b/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc index 10c5d5742b..cd71bb13ec 100644 --- a/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc +++ b/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc @@ -1382,12 +1382,15 @@ Java:: [source,java,role="primary"] ---- @Component -public class MyAuthorizationManager implements AuthorizationManager, AuthorizationManager { +public class MyPreAuthorizeAuthorizationManager implements AuthorizationManager { @Override public AuthorizationResult authorize(Supplier authentication, MethodInvocation invocation) { // ... authorization logic } +} +@Component +public class MyPostAuthorizeAuthorizationManager implements AuthorizationManager { @Override public AuthorizationResult authorize(Supplier authentication, MethodInvocationResult invocation) { // ... authorization logic @@ -1400,11 +1403,14 @@ Kotlin:: [source,kotlin,role="secondary"] ---- @Component -class MyAuthorizationManager : AuthorizationManager, AuthorizationManager { +class MyPreAuthorizeAuthorizationManager : AuthorizationManager { override fun authorize(authentication: Supplier, invocation: MethodInvocation): AuthorizationResult { // ... authorization logic } +} +@Component +class MyPostAuthorizeAuthorizationManager : AuthorizationManager { override fun authorize(authentication: Supplier, invocation: MethodInvocationResult): AuthorizationResult { // ... authorization logic } @@ -1427,13 +1433,13 @@ Java:: class MethodSecurityConfig { @Bean @Role(BeanDefinition.ROLE_INFRASTRUCTURE) - Advisor preAuthorize(MyAuthorizationManager manager) { + Advisor preAuthorize(MyPreAuthorizeAuthorizationManager manager) { return AuthorizationManagerBeforeMethodInterceptor.preAuthorize(manager); } @Bean @Role(BeanDefinition.ROLE_INFRASTRUCTURE) - Advisor postAuthorize(MyAuthorizationManager manager) { + Advisor postAuthorize(MyPostAuthorizeAuthorizationManager manager) { return AuthorizationManagerAfterMethodInterceptor.postAuthorize(manager); } } @@ -1446,15 +1452,15 @@ Kotlin:: @Configuration @EnableMethodSecurity(prePostEnabled = false) class MethodSecurityConfig { - @Bean + @Bean @Role(BeanDefinition.ROLE_INFRASTRUCTURE) - fun preAuthorize(manager: MyAuthorizationManager) : Advisor { + fun preAuthorize(manager: MyPreAuthorizeAuthorizationManager): Advisor { return AuthorizationManagerBeforeMethodInterceptor.preAuthorize(manager) } @Bean @Role(BeanDefinition.ROLE_INFRASTRUCTURE) - fun postAuthorize(manager: MyAuthorizationManager) : Advisor { + fun postAuthorize(manager: MyPostAuthorizeAuthorizationManager): Advisor { return AuthorizationManagerAfterMethodInterceptor.postAuthorize(manager) } } @@ -1471,13 +1477,13 @@ Xml:: - + - + ---- ====== @@ -1487,6 +1493,8 @@ Xml:: You can place your interceptor in between Spring Security method interceptors using the order constants specified in `AuthorizationInterceptorsOrder`. ==== +You can also implement `MethodAuthorizationDeniedHandler` in the same manager class to override the default exception-handling behavior. + [[customizing-expression-handling]] === Customizing Expression Handling