Class PostAuthorizeReactiveAuthorizationManager
java.lang.Object
org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager
- All Implemented Interfaces:
ReactiveAuthorizationManager<MethodInvocationResult>
public final class PostAuthorizeReactiveAuthorizationManager
extends Object
implements ReactiveAuthorizationManager<MethodInvocationResult>
A
ReactiveAuthorizationManager
which can determine if an Authentication
has access to the returned object from the MethodInvocation
by evaluating an
expression from the PostAuthorize
annotation.- Since:
- 5.8
-
Constructor Summary
ConstructorDescriptionPostAuthorizeReactiveAuthorizationManager
(MethodSecurityExpressionHandler expressionHandler) -
Method Summary
Modifier and TypeMethodDescriptionreactor.core.publisher.Mono<AuthorizationDecision>
check
(reactor.core.publisher.Mono<Authentication> authentication, MethodInvocationResult result) Determines if anAuthentication
has access to the returned object from theMethodInvocation
by evaluating an expression from thePostAuthorize
annotation.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.springframework.security.authorization.ReactiveAuthorizationManager
verify
-
Constructor Details
-
PostAuthorizeReactiveAuthorizationManager
public PostAuthorizeReactiveAuthorizationManager() -
PostAuthorizeReactiveAuthorizationManager
-
-
Method Details
-
check
public reactor.core.publisher.Mono<AuthorizationDecision> check(reactor.core.publisher.Mono<Authentication> authentication, MethodInvocationResult result) Determines if anAuthentication
has access to the returned object from theMethodInvocation
by evaluating an expression from thePostAuthorize
annotation.- Specified by:
check
in interfaceReactiveAuthorizationManager<MethodInvocationResult>
- Parameters:
authentication
- theMono
of theAuthentication
to checkresult
- theMethodInvocationResult
to check- Returns:
- a Mono of the
AuthorizationDecision
or an emptyMono
if thePostAuthorize
annotation is not present
-