Skip to content

Commit 6020ab8

Browse files
committed
Polish CustomAuthorizationManager Docs
Issue gh-13967 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
1 parent 3076367 commit 6020ab8

1 file changed

Lines changed: 15 additions & 17 deletions

File tree

docs/modules/ROOT/pages/servlet/authorization/method-security.adoc

Lines changed: 15 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1433,15 +1433,13 @@ Java::
14331433
class MethodSecurityConfig {
14341434
@Bean
14351435
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
1436-
Advisor preAuthorize() {
1437-
MyPreAuthorizeAuthorizationManager manager = new MyPreAuthorizeAuthorizationManager();
1436+
Advisor preAuthorize(MyPreAuthorizeAuthorizationManager manager) {
14381437
return AuthorizationManagerBeforeMethodInterceptor.preAuthorize(manager);
14391438
}
14401439
14411440
@Bean
14421441
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
1443-
Advisor postAuthorize() {
1444-
MyPostAuthorizeAuthorizationManager manager = new MyPostAuthorizeAuthorizationManager();
1442+
Advisor postAuthorize(MyPostAuthorizeAuthorizationManager manager) {
14451443
return AuthorizationManagerAfterMethodInterceptor.postAuthorize(manager);
14461444
}
14471445
}
@@ -1454,19 +1452,17 @@ Kotlin::
14541452
@Configuration
14551453
@EnableMethodSecurity(prePostEnabled = false)
14561454
class MethodSecurityConfig {
1457-
@Bean
1458-
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
1459-
fun preAuthorize(): Advisor {
1460-
val manager = MyPreAuthorizeAuthorizationManager()
1461-
return AuthorizationManagerBeforeMethodInterceptor.preAuthorize(manager)
1462-
}
1455+
@Bean
1456+
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
1457+
fun preAuthorize(manager: MyPreAuthorizeAuthorizationManager): Advisor {
1458+
return AuthorizationManagerBeforeMethodInterceptor.preAuthorize(manager)
1459+
}
14631460
1464-
@Bean
1465-
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
1466-
fun postAuthorize(): Advisor {
1467-
val manager = MyPostAuthorizeAuthorizationManager()
1468-
return AuthorizationManagerAfterMethodInterceptor.postAuthorize(manager)
1469-
}
1461+
@Bean
1462+
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
1463+
fun postAuthorize(manager: MyPostAuthorizeAuthorizationManager): Advisor {
1464+
return AuthorizationManagerAfterMethodInterceptor.postAuthorize(manager)
1465+
}
14701466
}
14711467
----
14721468
@@ -1481,11 +1477,13 @@ Xml::
14811477
<bean id="preAuthorize"
14821478
class="org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor"
14831479
factory-method="preAuthorize">
1480+
<constructor-arg ref="myPreAuthorizeAuthorizationManager"/>
14841481
</bean>
14851482
14861483
<bean id="postAuthorize"
14871484
class="org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor"
14881485
factory-method="postAuthorize">
1486+
<constructor-arg ref="myPostAuthorizeAuthorizationManager"/>
14891487
</bean>
14901488
----
14911489
======
@@ -1495,7 +1493,7 @@ Xml::
14951493
You can place your interceptor in between Spring Security method interceptors using the order constants specified in `AuthorizationInterceptorsOrder`.
14961494
====
14971495

1498-
Additionally, you can also implement `MethodAuthorizationDeniedHandler` by the same manager, to override default exception handling behavior.
1496+
You can also implement `MethodAuthorizationDeniedHandler` in the same manager class to override the default exception-handling behavior.
14991497

15001498
[[customizing-expression-handling]]
15011499
=== Customizing Expression Handling

0 commit comments

Comments
 (0)