PostAuthorizeAuthorizationManager (spring-security-core 5.7.11 API)

java.lang.Object
- org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager

All Implemented Interfaces:

AuthorizationManager<MethodInvocationResult>
```
public final class PostAuthorizeAuthorizationManager
extends java.lang.Object
implements AuthorizationManager<MethodInvocationResult>
```
An AuthorizationManager which can determine if an Authentication may return the result from an invoked MethodInvocation by evaluating an expression from the PostAuthorize annotation.

Since:

5.6

Constructor Summary

Constructors
Constructor Description

PostAuthorizeAuthorizationManager()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`AuthorizationDecision`	`check(java.util.function.Supplier<Authentication> authentication, MethodInvocationResult mi)`	Determine if an `Authentication` has access to the returned object by evaluating the `PostAuthorize` annotation that the `MethodInvocation` specifies.
`void`	`setExpressionHandler(MethodSecurityExpressionHandler expressionHandler)`	Use this the `MethodSecurityExpressionHandler`.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.security.authorization.AuthorizationManager
verify

- Constructor Detail
  - PostAuthorizeAuthorizationManager
```
public PostAuthorizeAuthorizationManager()
```
- Method Detail
  - setExpressionHandler
```
public void setExpressionHandler(MethodSecurityExpressionHandler expressionHandler)
```
    Use this the MethodSecurityExpressionHandler.
    
    Parameters:
    
    expressionHandler - the MethodSecurityExpressionHandler to use
  - check
```
public AuthorizationDecision check(java.util.function.Supplier<Authentication> authentication,
                                   MethodInvocationResult mi)
```
    Determine if an Authentication has access to the returned object by evaluating the PostAuthorize annotation that the MethodInvocation specifies.
    
    Specified by:
    
    check in interface AuthorizationManager<MethodInvocationResult>
    
    Parameters:
    
    authentication - the Supplier of the Authentication to check
    
    mi - the MethodInvocationResult to check
    
    Returns:
    
    an AuthorizationDecision or null if the PostAuthorize annotation is not present