Merge branch '6.2.x'

This commit is contained in:
Steve Riesenberg 2023-12-28 10:47:55 -06:00
commit 144b83e5f3
No known key found for this signature in database
GPG Key ID: 3D0169B18AB8F0A9
1 changed files with 0 additions and 5 deletions

View File

@ -395,11 +395,6 @@ fun readAccountWithWrongRoleThenAccessDenied() {
While `@PreAuthorize` is quite helpful for declaring needed authorities, it can also be used to evaluate more complex <<using_method_parameters,expressions that involve the method parameters>>.
The above two snippets are ensuring that the user can only request orders that belong to them by comparing the username parameter to xref:servlet/authentication/architecture.adoc#servlet-authentication-authentication[`Authentication#getName`].
The result is that the above method will only be invoked if the `username` in the request path matches the logged-in user's `name`.
If not, Spring Security will throw an `AccessDeniedException` and return a 403 status code.
[[use-postauthorize]]
=== Authorization Method Results with `@PostAuthorize`