Documentation inconsistency in AuthorizationManager's verify method return type

[ijnooyah]

Hi,

I noticed a discrepancy between the official Spring Security documentation and the actual code regarding the verify method in the AuthorizationManager interface.

Discrepancy:
In the official documentation, the verify method is shown as returning an AuthorizationDecision:

default AuthorizationDecision verify(Supplier<Authentication> authentication, Object secureObject)
        throws AccessDeniedException {
    // ...
}

However, in both the actual code and the same online API documentation, the verify method has a void return type:

    default void verify(Supplier<Authentication> authentication, T object) {
        AuthorizationDecision decision = this.check(authentication, object);
        if (decision != null && !decision.isGranted()) {
            throw new AccessDeniedException("Access Denied");
        }
    }

You can also see this in the official online API documentation:
AuthorizationManager API Documentation

Request for Clarification:

• Was this an intentional difference in the documentation, perhaps to illustrate a conceptual point?
• Or is this an error in the documentation that should be corrected?

It would be helpful to clarify whether the documentation needs to be updated to reflect the actual method signature in the code, or if there is an intended reason for this difference that we should be aware of.

Thank you for your assistance!

Best regards,
yoonji

[jzheaux]

Hi, @ijnooyah, thanks for pointing this out. This is now repaired in the documentation and should be visible in the next release.

You'll also see it in the SNAPSHOT version in the next few minutes once the build completes.