From 2ff29dc22972287767e2a26c707865eec8664f1c Mon Sep 17 00:00:00 2001
From: Marcus Hert Da Coregio <marcusdacoregio@gmail.com>
Date: Mon, 9 Sep 2024 14:45:48 -0300
Subject: [PATCH] Throw AuthorizationDeniedException when AuthorizationResult
 is available

Closes gh-15706
---
 .../security/authorization/AuthorizationManager.java          | 2 +-
 .../security/web/access/intercept/AuthorizationFilter.java    | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthorizationManager.java
index 221d5f01c6..cb0ba782cb 100644
--- a/core/src/main/java/org/springframework/security/authorization/AuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/AuthorizationManager.java
@@ -41,7 +41,7 @@ public interface AuthorizationManager<T> {
 	default void verify(Supplier<Authentication> authentication, T object) {
 		AuthorizationDecision decision = check(authentication, object);
 		if (decision != null && !decision.isGranted()) {
-			throw new AccessDeniedException("Access Denied");
+			throw new AuthorizationDeniedException("Access Denied", decision);
 		}
 	}
 
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java b/web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java
index 6c27365070..bc09dc0573 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java
@@ -28,9 +28,9 @@ import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.context.ApplicationEventPublisher;
-import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.authorization.AuthorizationDecision;
+import org.springframework.security.authorization.AuthorizationDeniedException;
 import org.springframework.security.authorization.AuthorizationEventPublisher;
 import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.security.authorization.event.AuthorizationDeniedEvent;
@@ -95,7 +95,7 @@ public class AuthorizationFilter extends GenericFilterBean {
 			AuthorizationDecision decision = this.authorizationManager.check(this::getAuthentication, request);
 			this.eventPublisher.publishAuthorizationEvent(this::getAuthentication, request, decision);
 			if (decision != null && !decision.isGranted()) {
-				throw new AccessDeniedException("Access Denied");
+				throw new AuthorizationDeniedException("Access Denied", decision);
 			}
 			chain.doFilter(request, response);
 		}