From cc6a76f06469913ea2c324edfeb31d5bf64a7329 Mon Sep 17 00:00:00 2001 From: Tran Ngoc Nhan Date: Fri, 7 Feb 2025 07:29:49 +0700 Subject: [PATCH] Clarify WebInvocationPrivilegeEvaluator JavaDoc Closes gh-16529 Signed-off-by: Tran Ngoc Nhan --- .../access/WebInvocationPrivilegeEvaluator.java | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/web/src/main/java/org/springframework/security/web/access/WebInvocationPrivilegeEvaluator.java b/web/src/main/java/org/springframework/security/web/access/WebInvocationPrivilegeEvaluator.java index 521346ef2ff..131cb7d147e 100644 --- a/web/src/main/java/org/springframework/security/web/access/WebInvocationPrivilegeEvaluator.java +++ b/web/src/main/java/org/springframework/security/web/access/WebInvocationPrivilegeEvaluator.java @@ -29,6 +29,9 @@ public interface WebInvocationPrivilegeEvaluator { /** * Determines whether the user represented by the supplied Authentication * object is allowed to invoke the supplied URI. + *

+ * Note this will only match authorization rules that don't require a certain + * {@code HttpMethod}. * @param uri the URI excluding the context path (a default context path setting will * be used) */ @@ -36,13 +39,18 @@ public interface WebInvocationPrivilegeEvaluator { /** * Determines whether the user represented by the supplied Authentication - * object is allowed to invoke the supplied URI, with the given . + * object is allowed to invoke the supplied URI, with the given parameters. *

- * Note the default implementation of FilterInvocationSecurityMetadataSource + * Note: + *

* @param uri the URI excluding the context path * @param contextPath the context path (may be null). * @param method the HTTP method (or null, for any method)