Class PostAuthorizeReactiveAuthorizationManager
java.lang.Object
org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager
- All Implemented Interfaces:
MethodAuthorizationDeniedHandler
,ReactiveAuthorizationManager<MethodInvocationResult>
public final class PostAuthorizeReactiveAuthorizationManager
extends Object
implements ReactiveAuthorizationManager<MethodInvocationResult>, MethodAuthorizationDeniedHandler
A
ReactiveAuthorizationManager
which can determine if an Authentication
has access to the returned object from the MethodInvocation
by evaluating an
expression from the PostAuthorize
annotation.- Since:
- 5.8
-
Constructor Summary
ConstructorsConstructorDescriptionPostAuthorizeReactiveAuthorizationManager
(MethodSecurityExpressionHandler expressionHandler) -
Method Summary
Modifier and TypeMethodDescriptionreactor.core.publisher.Mono<AuthorizationDecision>
check
(reactor.core.publisher.Mono<Authentication> authentication, MethodInvocationResult result) Determines if anAuthentication
has access to the returned object from theMethodInvocation
by evaluating an expression from thePostAuthorize
annotation.handleDeniedInvocation
(org.aopalliance.intercept.MethodInvocation methodInvocation, AuthorizationResult authorizationResult) Handle denied method invocations, implementations might either throw anAuthorizationDeniedException
or a replacement result instead of invoking the method, e.g.handleDeniedInvocationResult
(MethodInvocationResult methodInvocationResult, AuthorizationResult authorizationResult) Handle denied method invocations, implementations might either throw anAuthorizationDeniedException
or a replacement result instead of invoking the method, e.g.void
setApplicationContext
(org.springframework.context.ApplicationContext context) void
setTemplateDefaults
(PrePostTemplateDefaults defaults) Configure pre/post-authorization template resolutionMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.springframework.security.authorization.ReactiveAuthorizationManager
verify
-
Constructor Details
-
PostAuthorizeReactiveAuthorizationManager
public PostAuthorizeReactiveAuthorizationManager() -
PostAuthorizeReactiveAuthorizationManager
-
-
Method Details
-
setTemplateDefaults
Configure pre/post-authorization template resolutionBy default, this value is
null
, which indicates that templates should not be resolved.- Parameters:
defaults
- - whether to resolve pre/post-authorization templates parameters- Since:
- 6.3
-
setApplicationContext
public void setApplicationContext(org.springframework.context.ApplicationContext context) -
check
public reactor.core.publisher.Mono<AuthorizationDecision> check(reactor.core.publisher.Mono<Authentication> authentication, MethodInvocationResult result) Determines if anAuthentication
has access to the returned object from theMethodInvocation
by evaluating an expression from thePostAuthorize
annotation.- Specified by:
check
in interfaceReactiveAuthorizationManager<MethodInvocationResult>
- Parameters:
authentication
- theMono
of theAuthentication
to checkresult
- theMethodInvocationResult
to check- Returns:
- a Mono of the
AuthorizationDecision
or an emptyMono
if thePostAuthorize
annotation is not present
-
handleDeniedInvocation
public Object handleDeniedInvocation(org.aopalliance.intercept.MethodInvocation methodInvocation, AuthorizationResult authorizationResult) Description copied from interface:MethodAuthorizationDeniedHandler
Handle denied method invocations, implementations might either throw anAuthorizationDeniedException
or a replacement result instead of invoking the method, e.g. a masked value.- Specified by:
handleDeniedInvocation
in interfaceMethodAuthorizationDeniedHandler
- Parameters:
methodInvocation
- theMethodInvocation
related to the authorization deniedauthorizationResult
- the authorization denied result- Returns:
- a replacement result for the denied method invocation, or null, or a
Mono
for reactive applications
-
handleDeniedInvocationResult
public Object handleDeniedInvocationResult(MethodInvocationResult methodInvocationResult, AuthorizationResult authorizationResult) Description copied from interface:MethodAuthorizationDeniedHandler
Handle denied method invocations, implementations might either throw anAuthorizationDeniedException
or a replacement result instead of invoking the method, e.g. a masked value. By default, this method invokesMethodAuthorizationDeniedHandler.handleDeniedInvocation(MethodInvocation, AuthorizationResult)
.- Specified by:
handleDeniedInvocationResult
in interfaceMethodAuthorizationDeniedHandler
- Parameters:
methodInvocationResult
- the object containing theMethodInvocation
and the result producedauthorizationResult
- the authorization denied result- Returns:
- a replacement result for the denied method invocation, or null, or a
Mono
for reactive applications
-