diff --git a/docs/modules/ROOT/assets/images/servlet/authorization/authorizationfilter.odg b/docs/modules/ROOT/assets/images/servlet/authorization/authorizationfilter.odg index 5ef95428f9..8b47b55954 100644 Binary files a/docs/modules/ROOT/assets/images/servlet/authorization/authorizationfilter.odg and b/docs/modules/ROOT/assets/images/servlet/authorization/authorizationfilter.odg differ diff --git a/docs/modules/ROOT/assets/images/servlet/authorization/authorizationfilter.png b/docs/modules/ROOT/assets/images/servlet/authorization/authorizationfilter.png index 8118785797..007dba3059 100644 Binary files a/docs/modules/ROOT/assets/images/servlet/authorization/authorizationfilter.png and b/docs/modules/ROOT/assets/images/servlet/authorization/authorizationfilter.png differ diff --git a/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc b/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc index f114ba5edf..daad8210e3 100644 --- a/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc +++ b/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc @@ -48,12 +48,10 @@ image::{figures}/authorizationfilter.png[] * image:{icondir}/number_1.png[] First, the `AuthorizationFilter` obtains an xref:servlet/authentication/architecture.adoc#servlet-authentication-authentication[Authentication] from the xref:servlet/authentication/architecture.adoc#servlet-authentication-securitycontextholder[SecurityContextHolder]. It wraps this in an `Supplier` in order to delay lookup. -* image:{icondir}/number_2.png[] Second, `AuthorizationFilter` creates a {security-api-url}org/springframework/security/web/FilterInvocation.html[`FilterInvocation`] from the `HttpServletRequest`, `HttpServletResponse`, and `FilterChain`. -// FIXME: link to FilterInvocation -* image:{icondir}/number_3.png[] Next, it passes the `Supplier` and `FilterInvocation` to the xref:servlet/architecture.adoc#authz-authorization-manager[`AuthorizationManager`]. -** image:{icondir}/number_4.png[] If authorization is denied, an `AccessDeniedException` is thrown. +* image:{icondir}/number_2.png[] Second, it passes the `Supplier` and the `HttpServletRequest` to the xref:servlet/architecture.adoc#authz-authorization-manager[`AuthorizationManager`]. +** image:{icondir}/number_3.png[] If authorization is denied, an `AccessDeniedException` is thrown. In this case the xref:servlet/architecture.adoc#servlet-exceptiontranslationfilter[`ExceptionTranslationFilter`] handles the `AccessDeniedException`. -** image:{icondir}/number_5.png[] If access is granted, `AuthorizationFilter` continues with the xref:servlet/architecture.adoc#servlet-filters-review[FilterChain] which allows the application to process normally. +** image:{icondir}/number_4.png[] If access is granted, `AuthorizationFilter` continues with the xref:servlet/architecture.adoc#servlet-filters-review[FilterChain] which allows the application to process normally. We can configure Spring Security to have different rules by adding more rules in order of precedence.