Merge branch '7.0.x'

rwinch · rwinch · commit 5a7d93ee3b66 · 2026-01-09T16:55:02.000-06:00
Closes gh-18471
diff --git a/docs/modules/ROOT/pages/servlet/authorization/architecture.adoc b/docs/modules/ROOT/pages/servlet/authorization/architecture.adoc
@@ -107,7 +107,7 @@ default void verify(Supplier<Authentication> authentication, Object secureObject
 }
 ----
 
-The ``AuthorizationManager``'s `check` method is passed all the relevant information it needs in order to make an authorization decision.
+The ``AuthorizationManager``'s `authorize` method is passed all the relevant information it needs in order to make an authorization decision.
 In particular, passing the secure `Object` enables those arguments contained in the actual secure object invocation to be inspected.
 For example, let's assume the secure object was a `MethodInvocation`.
 It would be easy to query the `MethodInvocation` for any `Customer` argument, and then implement some sort of security logic in the `AuthorizationManager` to ensure the principal is permitted to operate on that customer.
diff --git a/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc b/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc
@@ -118,7 +118,7 @@ A given invocation to `MyCustomerService#readCustomer` may look something like t
 image::{figures}/methodsecurity.png[]
 
 1. Spring AOP invokes its proxy method for `readCustomer`. Among the proxy's other advisors, it invokes an javadoc:org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor[] that matches <<annotation-method-pointcuts,the `@PreAuthorize` pointcut>>
-2. The interceptor invokes javadoc:org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager[`PreAuthorizeAuthorizationManager#check`]
+2. The interceptor invokes javadoc:org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager[`PreAuthorizeAuthorizationManager#authorize`]
 3. The authorization manager uses a `MethodSecurityExpressionHandler` to parse the annotation's <<authorization-expressions,SpEL expression>> and constructs a corresponding `EvaluationContext` from a `MethodSecurityExpressionRoot` containing xref:servlet/authentication/architecture.adoc#servlet-authentication-authentication[a `Supplier<Authentication>`] and `MethodInvocation`.
 4. The interceptor uses this context to evaluate the expression; specifically, it reads xref:servlet/authentication/architecture.adoc#servlet-authentication-authentication[the `Authentication`] from the `Supplier` and checks whether it has `permission:read` in its collection of xref:servlet/authorization/architecture.adoc#authz-authorities[authorities]
 5. If the evaluation passes, then Spring AOP proceeds to invoke the method.

Original file line number	Diff line number	Diff line change
`@@ -107,7 +107,7 @@ default void verify(Supplier<Authentication> authentication, Object secureObject`
`107`	`107`	`}`
`108`	`108`	`----`
`109`	`109`
`110`		-The ``AuthorizationManager``'s `check` method is passed all the relevant information it needs in order to make an authorization decision.
	`110`	+The ``AuthorizationManager``'s `authorize` method is passed all the relevant information it needs in order to make an authorization decision.
`111`	`111`	In particular, passing the secure `Object` enables those arguments contained in the actual secure object invocation to be inspected.
`112`	`112`	For example, let's assume the secure object was a `MethodInvocation`.
`113`	`113`	It would be easy to query the `MethodInvocation` for any `Customer` argument, and then implement some sort of security logic in the `AuthorizationManager` to ensure the principal is permitted to operate on that customer.