Expected Behavior
I have found one inconsistency in the spring security documentation.
More specifically on this page https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html
under the section "Each Annotation Has Its Own Method Interceptor", there is listing of Method security annotations and there corresponding Interceptors. However, in my opinion, for the @PostAuthorize annotation, the interceptor is incorrect and instead of:
AuthorizationManagerBeforeMethodInterceptor#postAuthorize, there should be:
AuthorizationManagerAfterMethodInterceptor#postAuthorize
Current Behavior
Currently for @PostAuthorize annotation, interceptor class is documented as AuthorizationManagerBeforeMethodInterceptor.
Expected Behavior I have found one inconsistency in the spring security documentation. More specifically on this page https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html under the section "Each Annotation Has Its Own Method Interceptor", there is listing of Method security annotations and there corresponding Interceptors. However, in my opinion, for the @PostAuthorize annotation, the interceptor is incorrect and instead of: AuthorizationManagerBeforeMethodInterceptor#postAuthorize, there should be: AuthorizationManagerAfterMethodInterceptor#postAuthorize
Current Behavior Currently for @PostAuthorize annotation, interceptor class is documented as AuthorizationManagerBeforeMethodInterceptor.