Class ObservationAuthorizationManager<T>
java.lang.Object
org.springframework.security.authorization.ObservationAuthorizationManager<T>
- All Implemented Interfaces:
org.springframework.beans.factory.Aware
,org.springframework.context.MessageSourceAware
,AuthorizationManager<T>
,MethodAuthorizationDeniedHandler
public final class ObservationAuthorizationManager<T>
extends Object
implements AuthorizationManager<T>, org.springframework.context.MessageSourceAware, MethodAuthorizationDeniedHandler
An
AuthorizationManager
that observes the authorization- Since:
- 6.0
-
Constructor Summary
ConstructorDescriptionObservationAuthorizationManager
(io.micrometer.observation.ObservationRegistry registry, AuthorizationManager<T> delegate) -
Method Summary
Modifier and TypeMethodDescriptioncheck
(Supplier<Authentication> authentication, T object) Deprecated.handleDeniedInvocation
(org.aopalliance.intercept.MethodInvocation methodInvocation, AuthorizationResult authorizationResult) Handle denied method invocations, implementations might either throw anAuthorizationDeniedException
or a replacement result instead of invoking the method, e.g.handleDeniedInvocationResult
(MethodInvocationResult methodInvocationResult, AuthorizationResult authorizationResult) Handle denied method invocations, implementations might either throw anAuthorizationDeniedException
or a replacement result instead of invoking the method, e.g.void
setMessageSource
(org.springframework.context.MessageSource messageSource) Set the MessageSource that this object runs in.void
setObservationConvention
(io.micrometer.observation.ObservationConvention<AuthorizationObservationContext<?>> convention) Use the provided convention for reporting observation dataMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.springframework.security.authorization.AuthorizationManager
authorize, verify
-
Constructor Details
-
ObservationAuthorizationManager
public ObservationAuthorizationManager(io.micrometer.observation.ObservationRegistry registry, AuthorizationManager<T> delegate)
-
-
Method Details
-
check
Deprecated.please useAuthorizationManager.authorize(Supplier, Object)
insteadDescription copied from interface:AuthorizationManager
Determines if access is granted for a specific authentication and object.- Specified by:
check
in interfaceAuthorizationManager<T>
- Parameters:
authentication
- theSupplier
of theAuthentication
to checkobject
- theAuthorizationManager
object to check- Returns:
- an
AuthorizationDecision
or null if no decision could be made
-
setObservationConvention
public void setObservationConvention(io.micrometer.observation.ObservationConvention<AuthorizationObservationContext<?>> convention) Use the provided convention for reporting observation data- Parameters:
convention
- The provided convention- Since:
- 6.1
-
setMessageSource
public void setMessageSource(org.springframework.context.MessageSource messageSource) Set the MessageSource that this object runs in.- Specified by:
setMessageSource
in interfaceorg.springframework.context.MessageSourceAware
- Parameters:
messageSource
- The message source to be used by this object- Since:
- 6.2
-
handleDeniedInvocation
public Object handleDeniedInvocation(org.aopalliance.intercept.MethodInvocation methodInvocation, AuthorizationResult authorizationResult) Description copied from interface:MethodAuthorizationDeniedHandler
Handle denied method invocations, implementations might either throw anAuthorizationDeniedException
or a replacement result instead of invoking the method, e.g. a masked value.- Specified by:
handleDeniedInvocation
in interfaceMethodAuthorizationDeniedHandler
- Parameters:
methodInvocation
- theMethodInvocation
related to the authorization deniedauthorizationResult
- the authorization denied result- Returns:
- a replacement result for the denied method invocation, or null, or a
Mono
for reactive applications
-
handleDeniedInvocationResult
public Object handleDeniedInvocationResult(MethodInvocationResult methodInvocationResult, AuthorizationResult authorizationResult) Description copied from interface:MethodAuthorizationDeniedHandler
Handle denied method invocations, implementations might either throw anAuthorizationDeniedException
or a replacement result instead of invoking the method, e.g. a masked value. By default, this method invokesMethodAuthorizationDeniedHandler.handleDeniedInvocation(MethodInvocation, AuthorizationResult)
.- Specified by:
handleDeniedInvocationResult
in interfaceMethodAuthorizationDeniedHandler
- Parameters:
methodInvocationResult
- the object containing theMethodInvocation
and the result producedauthorizationResult
- the authorization denied result- Returns:
- a replacement result for the denied method invocation, or null, or a
Mono
for reactive applications
-
AuthorizationManager.authorize(Supplier, Object)
instead