Package org.springframework.security.authorization.method
package org.springframework.security.authorization.method
-
ClassDescriptionAn interface that indicates method security adviceA proxy factory for applying authorization advice to an arbitrary object.An interface to handle how the
AuthorizationAdvisorProxyFactory
should step through the target's object hierarchy.Ordering of Spring Security's authorizationAdvisor
sAMethodInterceptor
which can determine if anAuthentication
has access to the result of anMethodInvocation
using anAuthorizationManager
AMethodInterceptor
which can determine if anAuthentication
has access to the returned object from theMethodInvocation
using the configuredReactiveAuthorizationManager
.AMethodInterceptor
which uses aAuthorizationManager
to determine if anAuthentication
may invoke the givenMethodInvocation
AMethodInterceptor
which can determine if anAuthentication
has access to theMethodInvocation
using the configuredReactiveAuthorizationManager
.An interface that is typically implemented by Spring Security's AOP support to identify an instance as being proxied by Spring Security.Wraps Spring Security method authorization advice around the return object of any method this annotation is applied to.A method interceptor that applies the givenAuthorizationProxyFactory
to any return value annotated withAuthorizeReturnObject
Deprecated.Annotation for specifying handling behavior when an authorization denied happens in method security or anAuthorizationDeniedException
is thrown during method invocationAnAuthorizationManager
which can determine if anAuthentication
may invoke theMethodInvocation
by evaluating if theAuthentication
contains a specified authority from the JSR-250 security annotations.An interface used to define a strategy to handle denied method invocationsAn expression-basedAuthorizationManager
that determines the access by evaluating the provided expression against theMethodInvocation
.A context object that contains aMethodInvocation
and the result of thatMethodInvocation
.AnAuthorizationManager
which can determine if anAuthentication
may return the result from an invokedMethodInvocation
by evaluating an expression from thePostAuthorize
annotation.AReactiveAuthorizationManager
which can determine if anAuthentication
has access to the returned object from theMethodInvocation
by evaluating an expression from thePostAuthorize
annotation.AMethodInterceptor
which filters areturnedObject
from theMethodInvocation
by evaluating an expression from thePostFilter
annotation.AMethodInterceptor
which filters the returned object from theMethodInvocation
by evaluating an expression from thePostFilter
annotation.AnAuthorizationManager
which can determine if anAuthentication
may invoke theMethodInvocation
by evaluating an expression from thePreAuthorize
annotation.AReactiveAuthorizationManager
which can determine if anAuthentication
has access to theMethodInvocation
by evaluating an expression from thePreAuthorize
annotation.AMethodInterceptor
which filters a method argument by evaluating an expression from thePreFilter
annotation.AMethodInterceptor
which filters a reactive method argument by evaluating an expression from thePreFilter
annotation.Deprecated.Please useAnnotationTemplateExpressionDefaults
insteadAnAuthorizationManager
which can determine if anAuthentication
may invoke theMethodInvocation
by evaluating if theAuthentication
contains a specified authority from the Spring Security'sSecured
annotation.An implementation ofMethodAuthorizationDeniedHandler
that throwsAuthorizationDeniedException
ExpressionAuthorizationDecision
instead