Package org.springframework.security.authorization.method

Class PostAuthorizeReactiveAuthorizationManager

java.lang.Object

org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager

All Implemented Interfaces:

MethodAuthorizationDeniedHandler, ReactiveAuthorizationManager<MethodInvocationResult>

public final class PostAuthorizeReactiveAuthorizationManager
extends Object
implements ReactiveAuthorizationManager<MethodInvocationResult>, MethodAuthorizationDeniedHandler

A ReactiveAuthorizationManager which can determine if an Authentication has access to the returned object from the MethodInvocation by evaluating an expression from the PostAuthorize annotation.

Since:

5.8

Constructor Summary

Constructors

Constructor	Description
PostAuthorizeReactiveAuthorizationManager()
PostAuthorizeReactiveAuthorizationManager(MethodSecurityExpressionHandler expressionHandler)

Method Summary

Modifier and Type	Method	Description
reactor.core.publisher.Mono<AuthorizationResult>	authorize(reactor.core.publisher.Mono<Authentication> authentication, MethodInvocationResult result)	Determines if an Authentication has access to the returned object from the MethodInvocation by evaluating an expression from the PostAuthorize annotation.
@Nullable Object	handleDeniedInvocation(org.aopalliance.intercept.MethodInvocation methodInvocation, AuthorizationResult authorizationResult)	Handle denied method invocations, implementations might either throw an AuthorizationDeniedException or a replacement result instead of invoking the method, e.g.
@Nullable Object	handleDeniedInvocationResult(MethodInvocationResult methodInvocationResult, AuthorizationResult authorizationResult)	Handle denied method invocations, implementations might either throw an AuthorizationDeniedException or a replacement result instead of invoking the method, e.g.
void	setApplicationContext(org.springframework.context.ApplicationContext context)
void	setTemplateDefaults(AnnotationTemplateExpressionDefaults defaults)	Configure pre/post-authorization template resolution

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.security.authorization.ReactiveAuthorizationManager

verify

Constructor Details

PostAuthorizeReactiveAuthorizationManager

public PostAuthorizeReactiveAuthorizationManager()

PostAuthorizeReactiveAuthorizationManager

public PostAuthorizeReactiveAuthorizationManager(MethodSecurityExpressionHandler expressionHandler)

Method Details

setTemplateDefaults

public void setTemplateDefaults(AnnotationTemplateExpressionDefaults defaults)

Configure pre/post-authorization template resolution

By default, this value is null, which indicates that templates should not be resolved.

Parameters:

defaults - - whether to resolve pre/post-authorization templates parameters

Since:

6.4

setApplicationContext

public void setApplicationContext(org.springframework.context.ApplicationContext context)

authorize

public reactor.core.publisher.Mono<AuthorizationResult> authorize(reactor.core.publisher.Mono<Authentication> authentication,
 MethodInvocationResult result)

Determines if an Authentication has access to the returned object from the MethodInvocation by evaluating an expression from the PostAuthorize annotation.

Specified by:

authorize in interface ReactiveAuthorizationManager<MethodInvocationResult>

Parameters:

authentication - the Mono of the Authentication to check

result - the MethodInvocationResult to check

Returns:

a Mono of the AuthorizationDecision or an empty Mono if the PostAuthorize annotation is not present

handleDeniedInvocation

public @Nullable Object handleDeniedInvocation(org.aopalliance.intercept.MethodInvocation methodInvocation,
 AuthorizationResult authorizationResult)

Description copied from interface: MethodAuthorizationDeniedHandler

Handle denied method invocations, implementations might either throw an AuthorizationDeniedException or a replacement result instead of invoking the method, e.g. a masked value.

Specified by:

handleDeniedInvocation in interface MethodAuthorizationDeniedHandler

Parameters:

methodInvocation - the MethodInvocation related to the authorization denied

authorizationResult - the authorization denied result

Returns:

a replacement result for the denied method invocation, or null, or a Mono for reactive applications

handleDeniedInvocationResult

public @Nullable Object handleDeniedInvocationResult(MethodInvocationResult methodInvocationResult,
 AuthorizationResult authorizationResult)

Description copied from interface: MethodAuthorizationDeniedHandler

Handle denied method invocations, implementations might either throw an AuthorizationDeniedException or a replacement result instead of invoking the method, e.g. a masked value. By default, this method invokes MethodAuthorizationDeniedHandler.handleDeniedInvocation(MethodInvocation, AuthorizationResult).

Specified by:

handleDeniedInvocationResult in interface MethodAuthorizationDeniedHandler

Parameters:

methodInvocationResult - the object containing the MethodInvocation and the result produced

authorizationResult - the authorization denied result

Returns:

a replacement result for the denied method invocation, or null, or a Mono for reactive applications