From d279a83ca397114bcfc0ad190f88f364e2706171 Mon Sep 17 00:00:00 2001
From: as1605 <1605.aditya.singh@gmail.com>
Date: Fri, 26 Dec 2025 09:32:45 +0530
Subject: [PATCH 1/2] Fix documentation for Custom Authorization Manager

Signed-off-by: as1605 <1605.aditya.singh@gmail.com>
---
 .../authorization/method-security.adoc        | 50 +++++++++++--------
 1 file changed, 30 insertions(+), 20 deletions(-)

diff --git a/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc b/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc
index 28f0009e1b4..47aa4cd1ad0 100644
--- a/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc
+++ b/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc
@@ -1382,14 +1382,17 @@ Java::
 [source,java,role="primary"]
 ----
 @Component
-public class MyAuthorizationManager implements AuthorizationManager<MethodInvocation>, AuthorizationManager<MethodInvocationResult> {
+public class MyPreAuthorizeAuthorizationManager implements AuthorizationManager<MethodInvocation> {
     @Override
-    public AuthorizationResult authorize(Supplier<Authentication> authentication, MethodInvocation invocation) {
+    public AuthorizationDecision check(Supplier<Authentication> authentication, MethodInvocation invocation) {
         // ... authorization logic
     }
+}
 
+@Component
+public class MyPostAuthorizeAuthorizationManager implements AuthorizationManager<MethodInvocationResult> {
     @Override
-    public AuthorizationResult authorize(Supplier<Authentication> authentication, MethodInvocationResult invocation) {
+    public AuthorizationDecision check(Supplier<Authentication> authentication, MethodInvocationResult invocation) {
         // ... authorization logic
     }
 }
@@ -1400,12 +1403,15 @@ Kotlin::
 [source,kotlin,role="secondary"]
 ----
 @Component
-class MyAuthorizationManager : AuthorizationManager<MethodInvocation>, AuthorizationManager<MethodInvocationResult> {
-    override fun authorize(authentication: Supplier<Authentication>, invocation: MethodInvocation): AuthorizationResult {
+class MyPreAuthorizeAuthorizationManager : AuthorizationManager<MethodInvocation> {
+    override fun check(authentication: Supplier<Authentication>, invocation: MethodInvocation): AuthorizationDecision {
         // ... authorization logic
     }
+}
 
-    override fun authorize(authentication: Supplier<Authentication>, invocation: MethodInvocationResult): AuthorizationResult {
+@Component
+class MyPostAuthorizeAuthorizationManager : AuthorizationManager<MethodInvocationResult> {
+    override fun check(authentication: Supplier<Authentication>, invocation: MethodInvocationResult): AuthorizationDecision {
         // ... authorization logic
     }
 }
@@ -1427,13 +1433,15 @@ Java::
 class MethodSecurityConfig {
     @Bean
 	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
-	Advisor preAuthorize(MyAuthorizationManager manager) {
+	Advisor preAuthorize() {
+        MyPreAuthorizeAuthorizationManager manager = new MyPreAuthorizeAuthorizationManager();
 		return AuthorizationManagerBeforeMethodInterceptor.preAuthorize(manager);
 	}
 
 	@Bean
 	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
-	Advisor postAuthorize(MyAuthorizationManager manager) {
+	Advisor postAuthorize() {
+        MyPostAuthorizeAuthorizationManager manager = new MyPostAuthorizeAuthorizationManager();
 		return AuthorizationManagerAfterMethodInterceptor.postAuthorize(manager);
 	}
 }
@@ -1446,17 +1454,19 @@ Kotlin::
 @Configuration
 @EnableMethodSecurity(prePostEnabled = false)
 class MethodSecurityConfig {
-   	@Bean
-	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
-	fun preAuthorize(manager: MyAuthorizationManager) : Advisor {
-		return AuthorizationManagerBeforeMethodInterceptor.preAuthorize(manager)
-	}
+    @Bean
+    @Role(BeanDefinition.ROLE_INFRASTRUCTURE)
+    fun preAuthorize(): Advisor {
+        val manager = MyPreAuthorizeAuthorizationManager()
+        return AuthorizationManagerBeforeMethodInterceptor.preAuthorize(manager)
+    }
 
-	@Bean
-	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
-	fun postAuthorize(manager: MyAuthorizationManager) : Advisor {
-		return AuthorizationManagerAfterMethodInterceptor.postAuthorize(manager)
-	}
+    @Bean
+    @Role(BeanDefinition.ROLE_INFRASTRUCTURE)
+    fun postAuthorize(): Advisor {
+        val manager = MyPostAuthorizeAuthorizationManager()
+        return AuthorizationManagerAfterMethodInterceptor.postAuthorize(manager)
+    }
 }
 ----
 
@@ -1471,13 +1481,11 @@ Xml::
 <bean id="preAuthorize"
 	class="org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor"
 	factory-method="preAuthorize">
-    <constructor-arg ref="myAuthorizationManager"/>
 </bean>
 
 <bean id="postAuthorize"
 	class="org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor"
 	factory-method="postAuthorize">
-    <constructor-arg ref="myAuthorizationManager"/>
 </bean>
 ----
 ======
@@ -1487,6 +1495,8 @@ Xml::
 You can place your interceptor in between Spring Security method interceptors using the order constants specified in `AuthorizationInterceptorsOrder`.
 ====
 
+Additionally, you can also implement `MethodAuthorizationDeniedHandler` by the same manager, to override default exception handling behavior.
+
 [[customizing-expression-handling]]
 === Customizing Expression Handling
 

From 2c6e37cfc11338f09accdae35b164ffaffc3be17 Mon Sep 17 00:00:00 2001
From: as1605 <1605.aditya.singh@gmail.com>
Date: Fri, 26 Dec 2025 09:44:05 +0530
Subject: [PATCH 2/2] Migrated check to authorize for Spring 7

Signed-off-by: as1605 <1605.aditya.singh@gmail.com>
---
 .../ROOT/pages/servlet/authorization/method-security.adoc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc b/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc
index 47aa4cd1ad0..e6cd990bd6c 100644
--- a/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc
+++ b/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc
@@ -1384,7 +1384,7 @@ Java::
 @Component
 public class MyPreAuthorizeAuthorizationManager implements AuthorizationManager<MethodInvocation> {
     @Override
-    public AuthorizationDecision check(Supplier<Authentication> authentication, MethodInvocation invocation) {
+    public AuthorizationResult authorize(Supplier<Authentication> authentication, MethodInvocation invocation) {
         // ... authorization logic
     }
 }
@@ -1392,7 +1392,7 @@ public class MyPreAuthorizeAuthorizationManager implements AuthorizationManager<
 @Component
 public class MyPostAuthorizeAuthorizationManager implements AuthorizationManager<MethodInvocationResult> {
     @Override
-    public AuthorizationDecision check(Supplier<Authentication> authentication, MethodInvocationResult invocation) {
+    public AuthorizationResult authorize(Supplier<Authentication> authentication, MethodInvocationResult invocation) {
         // ... authorization logic
     }
 }
@@ -1404,14 +1404,14 @@ Kotlin::
 ----
 @Component
 class MyPreAuthorizeAuthorizationManager : AuthorizationManager<MethodInvocation> {
-    override fun check(authentication: Supplier<Authentication>, invocation: MethodInvocation): AuthorizationDecision {
+    override fun authorize(authentication: Supplier<Authentication>, invocation: MethodInvocation): AuthorizationResult {
         // ... authorization logic
     }
 }
 
 @Component
 class MyPostAuthorizeAuthorizationManager : AuthorizationManager<MethodInvocationResult> {
-    override fun check(authentication: Supplier<Authentication>, invocation: MethodInvocationResult): AuthorizationDecision {
+    override fun authorize(authentication: Supplier<Authentication>, invocation: MethodInvocationResult): AuthorizationResult {
         // ... authorization logic
     }
 }