org.springframework.security.authorization.ConditionalAuthorizationManager<T>

Type Parameters:: T - the type of object that the authorization check is being performed on

All Implemented Interfaces:: AuthorizationManager<T>

public final class ConditionalAuthorizationManager<T> extends Object implements AuthorizationManager<T>

An AuthorizationManager that delegates to one of two AuthorizationManager instances based on a condition evaluated against the current Authentication.

When authorize(Supplier, Object) is invoked, the condition is evaluated. If the Authentication is non-null and the condition returns true, the whenTrue manager is used; otherwise the whenFalse manager is used.

This is useful for scenarios such as requiring multi-factor authentication only when the user has registered a second factor, or applying different rules based on authentication state.

Since:: 7.1

Nested Class Summary

Nested Classes

Modifier and Type

Class

Description

static final class

ConditionalAuthorizationManager.Builder<T>

A builder for ConditionalAuthorizationManager.
Method Summary

Modifier and Type

Method

Description

@Nullable AuthorizationResult

authorize(Supplier<? extends @Nullable Authentication> authentication, T object)

Determines if access is granted for a specific authentication and object.

static <T> ConditionalAuthorizationManager.Builder<T>

when(Predicate<Authentication> condition)

Creates a builder for a ConditionalAuthorizationManager with the given condition.

Methods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface AuthorizationManager
verify

Method Details
- when
  
  public static <T> ConditionalAuthorizationManager.Builder<T> when(Predicate<Authentication> condition)
  
  Creates a builder for a ConditionalAuthorizationManager with the given condition.
  
  Type Parameters:
  
  T - the type of object that the authorization check is being performed on
  
  Parameters:
  
  condition - the condition to evaluate against the Authentication (must not be null)
  
  Returns:
  
  the builder
- authorize
  
  public @Nullable AuthorizationResult authorize(Supplier<? extends @Nullable Authentication> authentication, T object)
  
  Description copied from interface: AuthorizationManager
  
  Determines if access is granted for a specific authentication and object.
  
  Specified by:
  
  authorize in interface AuthorizationManager<T>
  
  Parameters:
  
  authentication - the Supplier of the Authentication to authorize
  
  object - the T object to authorize
  
  Returns:
  
  an AuthorizationResult

Class ConditionalAuthorizationManager<T>

Nested Class Summary

Method Summary

Methods inherited from class Object

Methods inherited from interface AuthorizationManager

Method Details

when

authorize