diff --git a/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc b/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc index 28f0009e1b4..e6cd990bd6c 100644 --- a/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc +++ b/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc @@ -1382,12 +1382,15 @@ Java:: [source,java,role="primary"] ---- @Component -public class MyAuthorizationManager implements AuthorizationManager, AuthorizationManager { +public class MyPreAuthorizeAuthorizationManager implements AuthorizationManager { @Override public AuthorizationResult authorize(Supplier authentication, MethodInvocation invocation) { // ... authorization logic } +} +@Component +public class MyPostAuthorizeAuthorizationManager implements AuthorizationManager { @Override public AuthorizationResult authorize(Supplier authentication, MethodInvocationResult invocation) { // ... authorization logic @@ -1400,11 +1403,14 @@ Kotlin:: [source,kotlin,role="secondary"] ---- @Component -class MyAuthorizationManager : AuthorizationManager, AuthorizationManager { +class MyPreAuthorizeAuthorizationManager : AuthorizationManager { override fun authorize(authentication: Supplier, invocation: MethodInvocation): AuthorizationResult { // ... authorization logic } +} +@Component +class MyPostAuthorizeAuthorizationManager : AuthorizationManager { override fun authorize(authentication: Supplier, invocation: MethodInvocationResult): AuthorizationResult { // ... authorization logic } @@ -1427,13 +1433,15 @@ Java:: class MethodSecurityConfig { @Bean @Role(BeanDefinition.ROLE_INFRASTRUCTURE) - Advisor preAuthorize(MyAuthorizationManager manager) { + Advisor preAuthorize() { + MyPreAuthorizeAuthorizationManager manager = new MyPreAuthorizeAuthorizationManager(); return AuthorizationManagerBeforeMethodInterceptor.preAuthorize(manager); } @Bean @Role(BeanDefinition.ROLE_INFRASTRUCTURE) - Advisor postAuthorize(MyAuthorizationManager manager) { + Advisor postAuthorize() { + MyPostAuthorizeAuthorizationManager manager = new MyPostAuthorizeAuthorizationManager(); return AuthorizationManagerAfterMethodInterceptor.postAuthorize(manager); } } @@ -1446,17 +1454,19 @@ Kotlin:: @Configuration @EnableMethodSecurity(prePostEnabled = false) class MethodSecurityConfig { - @Bean - @Role(BeanDefinition.ROLE_INFRASTRUCTURE) - fun preAuthorize(manager: MyAuthorizationManager) : Advisor { - return AuthorizationManagerBeforeMethodInterceptor.preAuthorize(manager) - } + @Bean + @Role(BeanDefinition.ROLE_INFRASTRUCTURE) + fun preAuthorize(): Advisor { + val manager = MyPreAuthorizeAuthorizationManager() + return AuthorizationManagerBeforeMethodInterceptor.preAuthorize(manager) + } - @Bean - @Role(BeanDefinition.ROLE_INFRASTRUCTURE) - fun postAuthorize(manager: MyAuthorizationManager) : Advisor { - return AuthorizationManagerAfterMethodInterceptor.postAuthorize(manager) - } + @Bean + @Role(BeanDefinition.ROLE_INFRASTRUCTURE) + fun postAuthorize(): Advisor { + val manager = MyPostAuthorizeAuthorizationManager() + return AuthorizationManagerAfterMethodInterceptor.postAuthorize(manager) + } } ---- @@ -1471,13 +1481,11 @@ Xml:: - - ---- ====== @@ -1487,6 +1495,8 @@ Xml:: You can place your interceptor in between Spring Security method interceptors using the order constants specified in `AuthorizationInterceptorsOrder`. ==== +Additionally, you can also implement `MethodAuthorizationDeniedHandler` by the same manager, to override default exception handling behavior. + [[customizing-expression-handling]] === Customizing Expression Handling