Class PostAuthorizeAuthorizationManager
java.lang.Object
org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager
- All Implemented Interfaces:
AuthorizationManager<MethodInvocationResult>
,MethodAuthorizationDeniedHandler
public final class PostAuthorizeAuthorizationManager
extends Object
implements AuthorizationManager<MethodInvocationResult>, MethodAuthorizationDeniedHandler
An
AuthorizationManager
which can determine if an Authentication
may
return the result from an invoked MethodInvocation
by evaluating an expression
from the PostAuthorize
annotation.- Since:
- 5.6
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptioncheck
(Supplier<Authentication> authentication, MethodInvocationResult mi) Determine if anAuthentication
has access to the returned object by evaluating thePostAuthorize
annotation that theMethodInvocation
specifies.handleDeniedInvocation
(org.aopalliance.intercept.MethodInvocation methodInvocation, AuthorizationResult authorizationResult) Handle denied method invocations, implementations might either throw anAuthorizationDeniedException
or a replacement result instead of invoking the method, e.g.handleDeniedInvocationResult
(MethodInvocationResult methodInvocationResult, AuthorizationResult authorizationResult) Handle denied method invocations, implementations might either throw anAuthorizationDeniedException
or a replacement result instead of invoking the method, e.g.void
setApplicationContext
(org.springframework.context.ApplicationContext context) InvokesPostAuthorizeExpressionAttributeRegistry.setApplicationContext(ApplicationContext)
with the providedApplicationContext
.void
setExpressionHandler
(MethodSecurityExpressionHandler expressionHandler) Use this theMethodSecurityExpressionHandler
.void
setTemplateDefaults
(PrePostTemplateDefaults defaults) Deprecated.void
Configure pre/post-authorization template resolutionMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.springframework.security.authorization.AuthorizationManager
verify
-
Constructor Details
-
PostAuthorizeAuthorizationManager
public PostAuthorizeAuthorizationManager()
-
-
Method Details
-
setExpressionHandler
Use this theMethodSecurityExpressionHandler
.- Parameters:
expressionHandler
- theMethodSecurityExpressionHandler
to use
-
setTemplateDefaults
Deprecated.Please usesetTemplateDefaults(AnnotationTemplateExpressionDefaults)
insteadConfigure pre/post-authorization template resolutionBy default, this value is
null
, which indicates that templates should not be resolved.- Parameters:
defaults
- - whether to resolve pre/post-authorization templates parameters- Since:
- 6.3
-
setTemplateDefaults
Configure pre/post-authorization template resolutionBy default, this value is
null
, which indicates that templates should not be resolved.- Parameters:
defaults
- - whether to resolve pre/post-authorization templates parameters- Since:
- 6.4
-
setApplicationContext
public void setApplicationContext(org.springframework.context.ApplicationContext context) InvokesPostAuthorizeExpressionAttributeRegistry.setApplicationContext(ApplicationContext)
with the providedApplicationContext
.- Parameters:
context
- theApplicationContext
- Since:
- 6.3
- See Also:
-
PreAuthorizeExpressionAttributeRegistry.setApplicationContext(ApplicationContext)
-
check
public AuthorizationDecision check(Supplier<Authentication> authentication, MethodInvocationResult mi) Determine if anAuthentication
has access to the returned object by evaluating thePostAuthorize
annotation that theMethodInvocation
specifies.- Specified by:
check
in interfaceAuthorizationManager<MethodInvocationResult>
- Parameters:
authentication
- theSupplier
of theAuthentication
to checkmi
- theMethodInvocationResult
to check- Returns:
- an
AuthorizationDecision
ornull
if thePostAuthorize
annotation is not present
-
handleDeniedInvocation
public Object handleDeniedInvocation(org.aopalliance.intercept.MethodInvocation methodInvocation, AuthorizationResult authorizationResult) Description copied from interface:MethodAuthorizationDeniedHandler
Handle denied method invocations, implementations might either throw anAuthorizationDeniedException
or a replacement result instead of invoking the method, e.g. a masked value.- Specified by:
handleDeniedInvocation
in interfaceMethodAuthorizationDeniedHandler
- Parameters:
methodInvocation
- theMethodInvocation
related to the authorization deniedauthorizationResult
- the authorization denied result- Returns:
- a replacement result for the denied method invocation, or null, or a
Mono
for reactive applications
-
handleDeniedInvocationResult
public Object handleDeniedInvocationResult(MethodInvocationResult methodInvocationResult, AuthorizationResult authorizationResult) Description copied from interface:MethodAuthorizationDeniedHandler
Handle denied method invocations, implementations might either throw anAuthorizationDeniedException
or a replacement result instead of invoking the method, e.g. a masked value. By default, this method invokesMethodAuthorizationDeniedHandler.handleDeniedInvocation(MethodInvocation, AuthorizationResult)
.- Specified by:
handleDeniedInvocationResult
in interfaceMethodAuthorizationDeniedHandler
- Parameters:
methodInvocationResult
- the object containing theMethodInvocation
and the result producedauthorizationResult
- the authorization denied result- Returns:
- a replacement result for the denied method invocation, or null, or a
Mono
for reactive applications
-
setTemplateDefaults(AnnotationTemplateExpressionDefaults)
instead