Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove Irrelevant Documentation Lines 

Refactor: Remove two lines that lack proper context due to earlier
deletions/movements. They are no longer relevant and contribute little
to the overall meaning.

Issue gh-12974
This commit is contained in:
Krishna Chaitanya Surapaneni 2023-12-25 19:52:40 -07:00 committed by Steve Riesenberg
parent 92af758f1f
commit 7ec9188f5b
No known key found for this signature in database
GPG Key ID: 3D0169B18AB8F0A9
1 changed files with 0 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/modules/ROOT/pages/servlet/authorization/method-security.adoc
View File

@ -394,11 +394,6 @@ fun readAccountWithWrongRoleThenAccessDenied() {
While `@PreAuthorize` is quite helpful for declaring needed authorities, it can also be used to evaluate more complex <<using_method_parameters,expressions that involve the method parameters>>.
The above two snippets are ensuring that the user can only request orders that belong to them by comparing the username parameter to xref:servlet/authentication/architecture.adoc#servlet-authentication-authentication[`Authentication#getName`].
The result is that the above method will only be invoked if the `username` in the request path matches the logged-in user's `name`.
If not, Spring Security will throw an `AccessDeniedException` and return a 403 status code.
[[use-postauthorize]]
=== Authorization Method Results with `@PostAuthorize`