Package org.springframework.security.authorization.method

Interface AuthorizationProxy

All Superinterfaces:

org.springframework.aop.RawTargetAccess

public interface AuthorizationProxy
extends org.springframework.aop.RawTargetAccess

An interface that is typically implemented by Spring Security's AOP support to identify an instance as being proxied by Spring Security.

Also provides a way to access the underlying target object, handy for working with the object without invoking the authorization rules.

This can be helpful when taking working with a proxied object and needing to hand it to a layer of the application that should not invoke the rules, like a Spring Data repository:

        MyObject object = this.objectRepository.findById(123L); // now an authorized proxy
  object.setProtectedValue(...); // only works if authorized
  if (object instanceof AuthorizationProxy proxy) {
        // Spring Data wants to be able to persist the entire object
        // so we'll remove the proxy
      object = (MyObject) proxy.toAuthorizedTarget();
  }
  this.objectRepository.save(object);
 

Since:

6.4

Method Summary

Modifier and Type	Method	Description
Object	toAuthorizedTarget()	Access underlying target object

Method Details

toAuthorizedTarget

Object toAuthorizedTarget()

Access underlying target object

Returns:

the target object