Skip to content

HttpSecurity should allow for AuthorizationManager<? super RequestAuthorizationContext> #17931

New issue
New issue
Closed
Closed
HttpSecurity should allow for AuthorizationManager<? super RequestAuthorizationContext>#17931
Assignees
rwinch
Labels
in: coreAn issue in spring-security-coretype: enhancementA general enhancement
Milestone
7.0.0-RC1
@rwinch

Description

@rwinch
rwinch
opened on Sep 18, 2025

This allows an AuthorizationManager<Object> to be used. Similarly we should allow for AuthorizationManagerFactory<? super RequestAuthorizationContext>

NOTE: This worked because if AuthorizationManager<RequestAuthorizationContext> was not found it would look for AuthorizationManager<Object> as a fall back. Due to type erasure it was able to assign it to RequestMatcherDelegatingAuthorizationManager even though it wasn't the right type.

See spring-projects/spring-framework#31444

Metadata

Metadata

Assignees

Labels

in: coreAn issue in spring-security-coretype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions