Package org.springframework.security.authorization.method

Interface MethodAuthorizationDeniedHandler

All Known Implementing Classes:
ObservationAuthorizationManager, ObservationReactiveAuthorizationManager, PostAuthorizeAuthorizationManager, PostAuthorizeReactiveAuthorizationManager, PreAuthorizeAuthorizationManager, PreAuthorizeReactiveAuthorizationManager, ThrowingMethodAuthorizationDeniedHandler
public interface MethodAuthorizationDeniedHandler
An interface used to define a strategy to handle denied method invocations
Since:
6.3
See Also:

  • Method Details

    • handleDeniedInvocation

      @Nullable Object handleDeniedInvocation(org.aopalliance.intercept.MethodInvocation methodInvocation, AuthorizationResult authorizationResult)
      Handle denied method invocations, implementations might either throw an AuthorizationDeniedException or a replacement result instead of invoking the method, e.g. a masked value.
      Parameters:
      methodInvocation - the MethodInvocation related to the authorization denied
      authorizationResult - the authorization denied result
      Returns:
      a replacement result for the denied method invocation, or null, or a Mono for reactive applications

    • handleDeniedInvocationResult

      @Nullable default Object handleDeniedInvocationResult(MethodInvocationResult methodInvocationResult, AuthorizationResult authorizationResult)
      Handle denied method invocations, implementations might either throw an AuthorizationDeniedException or a replacement result instead of invoking the method, e.g. a masked value. By default, this method invokes handleDeniedInvocation(MethodInvocation, AuthorizationResult).
      Parameters:
      methodInvocationResult - the object containing the MethodInvocation and the result produced
      authorizationResult - the authorization denied result
      Returns:
      a replacement result for the denied method invocation, or null, or a Mono for reactive applications