Page Contents
The Authorization Component once registered binds an in-built interceptor to
all API calls.
The Authorization interceptor enforces authorization with user-provided
authorizers/voters
- The interceptor checks to see if an endpoint is annotated with an authorization specification.
- It collects all functions tagged as
Authorizer. The interceptor also collectsvotersprovided in the@authorizedecorator of the endpoint. - It executes each of the above collected functions provided by the user.
- Based on the result of all functions it enforces access/privilege control using a decision matrix.