Class ObservationReactiveAuthorizationManager<T>
java.lang.Object
org.springframework.security.authorization.ObservationReactiveAuthorizationManager<T>
- All Implemented Interfaces:
MethodAuthorizationDeniedHandler
,ReactiveAuthorizationManager<T>
public final class ObservationReactiveAuthorizationManager<T>
extends Object
implements ReactiveAuthorizationManager<T>, MethodAuthorizationDeniedHandler
An
ReactiveAuthorizationManager
that observes the authentication- Since:
- 6.0
-
Constructor Summary
ConstructorDescriptionObservationReactiveAuthorizationManager
(io.micrometer.observation.ObservationRegistry registry, ReactiveAuthorizationManager<T> delegate) -
Method Summary
Modifier and TypeMethodDescriptionreactor.core.publisher.Mono<AuthorizationDecision>
check
(reactor.core.publisher.Mono<Authentication> authentication, T object) Deprecated.handleDeniedInvocation
(org.aopalliance.intercept.MethodInvocation methodInvocation, AuthorizationResult authorizationResult) Handle denied method invocations, implementations might either throw anAuthorizationDeniedException
or a replacement result instead of invoking the method, e.g.handleDeniedInvocationResult
(MethodInvocationResult methodInvocationResult, AuthorizationResult authorizationResult) Handle denied method invocations, implementations might either throw anAuthorizationDeniedException
or a replacement result instead of invoking the method, e.g.void
setObservationConvention
(io.micrometer.observation.ObservationConvention<AuthorizationObservationContext<?>> convention) Use the provided convention for reporting observation dataMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.springframework.security.authorization.ReactiveAuthorizationManager
authorize, verify
-
Constructor Details
-
ObservationReactiveAuthorizationManager
public ObservationReactiveAuthorizationManager(io.micrometer.observation.ObservationRegistry registry, ReactiveAuthorizationManager<T> delegate)
-
-
Method Details
-
check
@Deprecated public reactor.core.publisher.Mono<AuthorizationDecision> check(reactor.core.publisher.Mono<Authentication> authentication, T object) Deprecated.please useReactiveAuthorizationManager.authorize(Mono, Object)
insteadDescription copied from interface:ReactiveAuthorizationManager
Determines if access is granted for a specific authentication and object.- Specified by:
check
in interfaceReactiveAuthorizationManager<T>
- Parameters:
authentication
- the Authentication to checkobject
- the object to check- Returns:
- an decision or empty Mono if no decision could be made.
-
setObservationConvention
public void setObservationConvention(io.micrometer.observation.ObservationConvention<AuthorizationObservationContext<?>> convention) Use the provided convention for reporting observation data- Parameters:
convention
- The provided convention- Since:
- 6.1
-
handleDeniedInvocation
public Object handleDeniedInvocation(org.aopalliance.intercept.MethodInvocation methodInvocation, AuthorizationResult authorizationResult) Description copied from interface:MethodAuthorizationDeniedHandler
Handle denied method invocations, implementations might either throw anAuthorizationDeniedException
or a replacement result instead of invoking the method, e.g. a masked value.- Specified by:
handleDeniedInvocation
in interfaceMethodAuthorizationDeniedHandler
- Parameters:
methodInvocation
- theMethodInvocation
related to the authorization deniedauthorizationResult
- the authorization denied result- Returns:
- a replacement result for the denied method invocation, or null, or a
Mono
for reactive applications
-
handleDeniedInvocationResult
public Object handleDeniedInvocationResult(MethodInvocationResult methodInvocationResult, AuthorizationResult authorizationResult) Description copied from interface:MethodAuthorizationDeniedHandler
Handle denied method invocations, implementations might either throw anAuthorizationDeniedException
or a replacement result instead of invoking the method, e.g. a masked value. By default, this method invokesMethodAuthorizationDeniedHandler.handleDeniedInvocation(MethodInvocation, AuthorizationResult)
.- Specified by:
handleDeniedInvocationResult
in interfaceMethodAuthorizationDeniedHandler
- Parameters:
methodInvocationResult
- the object containing theMethodInvocation
and the result producedauthorizationResult
- the authorization denied result- Returns:
- a replacement result for the denied method invocation, or null, or a
Mono
for reactive applications
-
ReactiveAuthorizationManager.authorize(Mono, Object)
instead