Open
Description
With the introduction of AuthorizationManager, there are a number of next steps that seem valuable.
- Consider AuthorizationManager for Method Security - AuthorizationManager + Method Security Support #9289
- AuthorizationManager for WebSocket Security #11076
- Consider ReactiveAuthorizationManager for Reactive Method Security - ReactiveAuthorizationManager + Reactive Method Security #9401
- Add AuthorizationDecision to AuthorizationFailureEvent - Add AuthorizationDecision to Authorization events #9286
- Add Reasons to AuthorizationDecisions - Add Reasons to AuthorizationDecisions #9287
- DelegatingAuthorizationManager Should Fire Events - DelegatingAuthorizationManager Should Fire Events #9288
- Add AuthorizationManager XML Support for Filter Security #11305
- Add AuthorizationManager XML Support for Method Security #11306
- Add RoleHierarchyAuthorizationManager #11304
- Consider LoggerListener in authorization package #11329
- InterceptMethodsBeanDefinitionDecorator should allow using AuthorizationManager #11328
- DefaultFilterChainValidator should check AuthorizationFilter #11327
- Add AspectJ support to @EnableMethodSecurity #11326
- Deprecate AccessDecisionManager and related classes #11302
- Provide guide for migrating from FilterSecurityInterceptor to AuthorizationFilter #11337
- Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer #11360
Not yet included in this list are potential deprecations, though I think this could depend on where #9289 lands.