Authorization Component once registered binds an in-built interceptor to
all API calls.
Authorization interceptor enforces authorization with user-provided
- The interceptor checks to see if an endpoint is annotated with an authorization specification.
- It collects all functions tagged as
Authorizer. The interceptor also collects
votersprovided in the
@authorizedecorator of the endpoint.
- It executes each of the above collected functions provided by the user.
- Based on the result of all functions it enforces access/privilege control using a decision matrix.