Remove Deprecated AuthorizationDecision Elements

Closes gh-17299

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>

config/src/main/java/org/springframework/security/config/method/PointcutDelegatingAuthorizationManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -36,19 +36,6 @@ class PointcutDelegatingAuthorizationManager implements AuthorizationManager<Met
 		this.managers = managers;
 	}
 
-	@Override
-	public AuthorizationDecision check(Supplier<Authentication> authentication, MethodInvocation object) {
-		AuthorizationResult result = authorize(authentication, object);
-		if (result == null) {
-			return null;
-		}
-		if (result instanceof AuthorizationDecision decision) {
-			return decision;
-		}
-		throw new IllegalArgumentException(
-				"Please either call authorize or ensure that the returned result is of type AuthorizationDecision");
-	}
-
 	@Override
 	public AuthorizationResult authorize(Supplier<Authentication> authentication, MethodInvocation object) {
 		for (Map.Entry<Pointcut, AuthorizationManager<MethodInvocation>> entry : this.managers.entrySet()) {

config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -53,6 +53,7 @@ import org.springframework.security.access.expression.SecurityExpressionHandler;
 import org.springframework.security.access.vote.ConsensusBased;
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationManager;
+import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.config.Elements;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -463,7 +464,7 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 		}
 
 		@Override
-		public AuthorizationDecision check(Supplier<Authentication> authentication,
+		public AuthorizationResult authorize(Supplier<Authentication> authentication,
 				MessageAuthorizationContext<?> object) {
 			EvaluationContext context = this.expressionHandler.createEvaluationContext(authentication, object);
 			boolean granted = ExpressionUtils.evaluateAsBoolean(this.expression, context);

config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostMethodSecurityConfigurationTests.java

@@ -93,7 +93,6 @@ import org.springframework.security.access.prepost.PreFilter;
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationEventPublisher;
 import org.springframework.security.authorization.AuthorizationManager;
-import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.authorization.SpringAuthorizationEventPublisher;
 import org.springframework.security.authorization.event.AuthorizationDeniedEvent;
 import org.springframework.security.authorization.method.AuthorizationAdvisor;
@@ -143,7 +142,6 @@ import static org.assertj.core.api.Assertions.assertThatNoException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.clearInvocations;
-import static org.mockito.Mockito.doCallRealMethod;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.spy;
@@ -1555,8 +1553,6 @@ public class PrePostMethodSecurityConfigurationTests {
 
 		@Bean
 		AuthorizationEventPublisher authorizationEventPublisher() {
-			doCallRealMethod().when(this.publisher)
-				.publishAuthorizationEvent(any(), any(), any(AuthorizationResult.class));
 			return this.publisher;
 		}
 

config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java

@@ -44,7 +44,6 @@ import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationEventPublisher;
 import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.security.authorization.AuthorizationObservationContext;
-import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.authorization.SpringAuthorizationEventPublisher;
 import org.springframework.security.authorization.event.AuthorizationDeniedEvent;
 import org.springframework.security.config.ObjectPostProcessor;
@@ -82,10 +81,8 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
-import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.any;
 import static org.mockito.Mockito.atLeastOnce;
-import static org.mockito.Mockito.doCallRealMethod;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
@@ -151,20 +148,17 @@ public class AuthorizeHttpRequestsConfigurerTests {
 	@Test
 	public void configureMvcMatcherAccessAuthorizationManagerWhenNotNullThenVerifyUse() throws Exception {
 		CustomAuthorizationManagerConfig.authorizationManager = mock(AuthorizationManager.class);
-		given(CustomAuthorizationManagerConfig.authorizationManager.authorize(any(), any())).willCallRealMethod();
 		this.spring.register(CustomAuthorizationManagerConfig.class, BasicController.class).autowire();
 		this.mvc.perform(get("/")).andExpect(status().isOk());
-		verify(CustomAuthorizationManagerConfig.authorizationManager).check(any(), any());
+		verify(CustomAuthorizationManagerConfig.authorizationManager).authorize(any(), any());
 	}
 
 	@Test
 	public void configureNoParameterMvcMatcherAccessAuthorizationManagerWhenNotNullThenVerifyUse() throws Exception {
 		CustomAuthorizationManagerNoParameterConfig.authorizationManager = mock(AuthorizationManager.class);
-		given(CustomAuthorizationManagerNoParameterConfig.authorizationManager.authorize(any(), any()))
-			.willCallRealMethod();
 		this.spring.register(CustomAuthorizationManagerNoParameterConfig.class, BasicController.class).autowire();
 		this.mvc.perform(get("/")).andExpect(status().isOk());
-		verify(CustomAuthorizationManagerNoParameterConfig.authorizationManager).check(any(), any());
+		verify(CustomAuthorizationManagerNoParameterConfig.authorizationManager).authorize(any(), any());
 	}
 
 	@Test
@@ -1273,8 +1267,6 @@ public class AuthorizeHttpRequestsConfigurerTests {
 
 		@Bean
 		AuthorizationEventPublisher authorizationEventPublisher() {
-			doCallRealMethod().when(this.publisher)
-				.publishAuthorizationEvent(any(), any(), any(AuthorizationResult.class));
 			return this.publisher;
 		}
 

config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -124,8 +124,7 @@ public class DefaultFilterChainValidatorTests {
 
 	@Test
 	public void validateCheckLoginPageAllowsAnonymous() {
-		given(this.authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(false));
-		given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(this.authorizationManager.authorize(any(), any())).willReturn(new AuthorizationDecision(false));
 		this.validator.validate(this.chainAuthorizationFilter);
 		verify(this.logger).warn("Anonymous access to the login page doesn't appear to be enabled. "
 				+ "This is almost certainly an error. Please check your configuration allows unauthenticated "

config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -90,14 +90,13 @@ public class HttpConfigTests {
 		this.spring.configLocations(this.xml("AuthorizationManager")).autowire();
 		AuthorizationManager<HttpServletRequest> authorizationManager = this.spring.getContext()
 			.getBean(AuthorizationManager.class);
-		given(authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(false));
-		given(authorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(authorizationManager.authorize(any(), any())).willReturn(new AuthorizationDecision(false));
 		// @formatter:off
 		this.mvc.perform(get("/"))
 				.andExpect(status().isFound())
 				.andExpect(redirectedUrl("http://localhost/login"));
 		// @formatter:on
-		verify(authorizationManager).check(any(), any());
+		verify(authorizationManager).authorize(any(), any());
 	}
 
 	@Test

config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -168,10 +168,9 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements Application
 
 	@Test
 	public void targetCustomAuthorizationManagerUsed() {
-		given(this.mockAuthorizationManager.authorize(any(), any())).willCallRealMethod();
-		given(this.mockAuthorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(true));
+		given(this.mockAuthorizationManager.authorize(any(), any())).willReturn(new AuthorizationDecision(true));
 		this.targetCustomAuthorizationManager.doSomething();
-		verify(this.mockAuthorizationManager).check(any(), any());
+		verify(this.mockAuthorizationManager).authorize(any(), any());
 	}
 
 	@Override

config/src/test/java/org/springframework/security/config/method/MethodSecurityBeanDefinitionParserTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -39,6 +39,7 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationManager;
+import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.config.annotation.method.configuration.MethodSecurityService;
 import org.springframework.security.config.test.SpringTestContext;
 import org.springframework.security.config.test.SpringTestContextExtension;
@@ -463,7 +464,7 @@ public class MethodSecurityBeanDefinitionParserTests {
 	static class MyAuthorizationManager implements AuthorizationManager<MethodInvocation> {
 
 		@Override
-		public AuthorizationDecision check(Supplier<Authentication> authentication, MethodInvocation object) {
+		public AuthorizationResult authorize(Supplier<Authentication> authentication, MethodInvocation object) {
 			return new AuthorizationDecision("bob".equals(authentication.get().getName()));
 		}
 

config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -513,12 +513,11 @@ public class WebSocketMessageBrokerConfigTests {
 		this.spring.configLocations(xml("CustomAuthorizationManagerConfig")).autowire();
 		AuthorizationManager<Message<?>> authorizationManager = this.spring.getContext()
 			.getBean(AuthorizationManager.class);
-		given(authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(false));
-		given(authorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(authorizationManager.authorize(any(), any())).willReturn(new AuthorizationDecision(false));
 		Message<?> message = message("/any");
 		assertThatExceptionOfType(Exception.class).isThrownBy(send(message))
 			.withCauseInstanceOf(AccessDeniedException.class);
-		verify(authorizationManager).check(any(), any());
+		verify(authorizationManager).authorize(any(), any());
 	}
 
 	private String xml(String configName) {

core/src/main/java/org/springframework/security/authorization/AuthenticatedAuthorizationManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -111,7 +111,7 @@ public final class AuthenticatedAuthorizationManager<T> implements Authorization
 	 * @return an {@link AuthorizationDecision}
 	 */
 	@Override
-	public AuthorizationDecision check(Supplier<Authentication> authentication, T object) {
+	public AuthorizationResult authorize(Supplier<Authentication> authentication, T object) {
 		boolean granted = this.authorizationStrategy.isGranted(authentication.get());
 		return new AuthorizationDecision(granted);
 	}

core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -39,13 +39,13 @@ public class AuthenticatedReactiveAuthorizationManager<T> implements ReactiveAut
 	}
 
 	@Override
-	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, T object) {
+	public Mono<AuthorizationResult> authorize(Mono<Authentication> authentication, T object) {
 		return authentication.filter(this::isNotAnonymous)
 			.map(this::getAuthorizationDecision)
 			.defaultIfEmpty(new AuthorizationDecision(false));
 	}
 
-	private AuthorizationDecision getAuthorizationDecision(Authentication authentication) {
+	private AuthorizationResult getAuthorizationDecision(Authentication authentication) {
 		return new AuthorizationDecision(authentication.isAuthenticated());
 	}
 

core/src/main/java/org/springframework/security/authorization/AuthoritiesAuthorizationManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -55,8 +55,7 @@ public final class AuthoritiesAuthorizationManager implements AuthorizationManag
 	 * @return an {@link AuthorityAuthorizationDecision}
 	 */
 	@Override
-	public AuthorityAuthorizationDecision check(Supplier<Authentication> authentication,
-			Collection<String> authorities) {
+	public AuthorizationResult authorize(Supplier<Authentication> authentication, Collection<String> authorities) {
 		boolean granted = isGranted(authentication.get(), authorities);
 		return new AuthorityAuthorizationDecision(granted, AuthorityUtils.createAuthorityList(authorities));
 	}

core/src/main/java/org/springframework/security/authorization/AuthorityAuthorizationManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -134,17 +134,11 @@ public final class AuthorityAuthorizationManager<T> implements AuthorizationMana
 	}
 
 	/**
-	 * Determines if the current user is authorized by evaluating if the
-	 * {@link Authentication} contains a specified authority.
-	 * @param authentication the {@link Supplier} of the {@link Authentication} to check
-	 * @param object the {@link T} object to check
-	 * @return an {@link AuthorizationDecision}
-	 * @deprecated please use {@link #authorize(Supplier, Object)} instead
+	 * {@inheritDoc}
 	 */
-	@Deprecated
 	@Override
-	public AuthorizationDecision check(Supplier<Authentication> authentication, T object) {
-		return this.delegate.check(authentication, this.authorities);
+	public AuthorizationResult authorize(Supplier<Authentication> authentication, T object) {
+		return this.delegate.authorize(authentication, this.authorities);
 	}
 
 	@Override

core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -43,13 +43,13 @@ public class AuthorityReactiveAuthorizationManager<T> implements ReactiveAuthori
 	}
 
 	@Override
-	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, T object) {
+	public Mono<AuthorizationResult> authorize(Mono<Authentication> authentication, T object) {
 		// @formatter:off
 		return authentication.filter(Authentication::isAuthenticated)
 				.flatMapIterable(Authentication::getAuthorities)
 				.map(GrantedAuthority::getAuthority)
 				.any((grantedAuthority) -> this.authorities.stream().anyMatch((authority) -> authority.getAuthority().equals(grantedAuthority)))
-				.map((granted) -> ((AuthorizationDecision) new AuthorityAuthorizationDecision(granted, this.authorities)))
+				.map((granted) -> ((AuthorizationResult) new AuthorityAuthorizationDecision(granted, this.authorities)))
 				.defaultIfEmpty(new AuthorityAuthorizationDecision(false, this.authorities));
 		// @formatter:on
 	}

core/src/main/java/org/springframework/security/authorization/AuthorizationEventPublisher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -33,23 +33,6 @@ import org.springframework.security.core.Authentication;
 @FunctionalInterface
 public interface AuthorizationEventPublisher {
 
-	/**
-	 * Publish the given details in the form of an event, typically
-	 * {@link AuthorizationGrantedEvent} or {@link AuthorizationDeniedEvent}.
-	 *
-	 * Note that success events can be very noisy if enabled by default. Because of this
-	 * implementations may choose to drop success events by default.
-	 * @param authentication a {@link Supplier} for the current user
-	 * @param object the secured object
-	 * @param decision the decision about whether the user may access the secured object
-	 * @param <T> the secured object's type
-	 * @deprecated use
-	 * {@link #publishAuthorizationEvent(Supplier, Object, AuthorizationResult)} instead
-	 */
-	@Deprecated
-	<T> void publishAuthorizationEvent(Supplier<Authentication> authentication, T object,
-			AuthorizationDecision decision);
-
 	/**
 	 * Publish the given details in the form of an event, typically
 	 * {@link AuthorizationGrantedEvent} or {@link AuthorizationDeniedEvent}.
@@ -63,17 +46,6 @@ public interface AuthorizationEventPublisher {
 	 * @param <T> the secured object's type
 	 * @since 6.4
 	 */
-	default <T> void publishAuthorizationEvent(Supplier<Authentication> authentication, T object,
-			AuthorizationResult result) {
-		if (result == null) {
-			publishAuthorizationEvent(authentication, object, null);
-			return;
-		}
-		if (result instanceof AuthorizationDecision decision) {
-			publishAuthorizationEvent(authentication, object, decision);
-			return;
-		}
-		throw new UnsupportedOperationException("result must be of type AuthorizationDecision");
-	}
+	<T> void publishAuthorizationEvent(Supplier<Authentication> authentication, T object, AuthorizationResult result);
 
 }

core/src/main/java/org/springframework/security/authorization/AuthorizationManager.java

@@ -45,17 +45,6 @@ public interface AuthorizationManager<T> {
 		}
 	}
 
-	/**
-	 * Determines if access is granted for a specific authentication and object.
-	 * @param authentication the {@link Supplier} of the {@link Authentication} to check
-	 * @param object the {@link T} object to check
-	 * @return an {@link AuthorizationDecision} or null if no decision could be made
-	 * @deprecated please use {@link #authorize(Supplier, Object)} instead
-	 */
-	@Nullable
-	@Deprecated
-	AuthorizationDecision check(Supplier<Authentication> authentication, T object);
-
 	/**
 	 * Determines if access is granted for a specific authentication and object.
 	 * @param authentication the {@link Supplier} of the {@link Authentication} to
@@ -65,8 +54,6 @@ public interface AuthorizationManager<T> {
 	 * @since 6.4
 	 */
 	@Nullable
-	default AuthorizationResult authorize(Supplier<Authentication> authentication, T object) {
-		return check(authentication, object);
-	}
+	AuthorizationResult authorize(Supplier<Authentication> authentication, T object);
 
 }

core/src/main/java/org/springframework/security/authorization/AuthorizationManagers.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -182,18 +182,6 @@ public final class AuthorizationManagers {
 	private interface AuthorizationManagerCheckAdapter<T> extends AuthorizationManager<T> {
 
 		@Override
-		default AuthorizationDecision check(Supplier<Authentication> authentication, T object) {
-			AuthorizationResult result = authorize(authentication, object);
-			if (result == null) {
-				return null;
-			}
-			if (result instanceof AuthorizationDecision decision) {
-				return decision;
-			}
-			throw new IllegalArgumentException(
-					"please call #authorize or ensure that the result is of type AuthorizationDecision");
-		}
-
 		AuthorizationResult authorize(Supplier<Authentication> authentication, T object);
 
 	}

core/src/main/java/org/springframework/security/authorization/AuthorizationObservationContext.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -68,33 +68,6 @@ public class AuthorizationObservationContext<T> extends Observation.Context {
 		return this.object;
 	}
 
-	/**
-	 * Get the observed {@link AuthorizationDecision}
-	 * @return the observed {@link AuthorizationDecision}
-	 * @deprecated please use {@link #getAuthorizationResult()} instead
-	 */
-	@Deprecated
-	public AuthorizationDecision getDecision() {
-		if (this.authorizationResult == null) {
-			return null;
-		}
-		if (this.authorizationResult instanceof AuthorizationDecision decision) {
-			return decision;
-		}
-		throw new IllegalArgumentException(
-				"Please call getAuthorizationResult instead. If you must call getDecision, please ensure that the result you provide is of type AuthorizationDecision");
-	}
-
-	/**
-	 * Set the observed {@link AuthorizationDecision}
-	 * @param decision the observed {@link AuthorizationDecision}
-	 * @deprecated please use {@link #setAuthorizationResult(AuthorizationResult)} instead
-	 */
-	@Deprecated
-	public void setDecision(AuthorizationDecision decision) {
-		this.authorizationResult = decision;
-	}
-
 	/**
 	 * Get the observed {@link AuthorizationResult}
 	 * @return the observed {@link AuthorizationResult}

core/src/main/java/org/springframework/security/authorization/ObservationAuthorizationManager.java

@@ -61,23 +61,6 @@ public final class ObservationAuthorizationManager<T>
 		}
 	}
 
-	/**
-	 * @deprecated please use {@link #authorize(Supplier, Object)} instead
-	 */
-	@Deprecated
-	@Override
-	public AuthorizationDecision check(Supplier<Authentication> authentication, T object) {
-		AuthorizationResult result = authorize(authentication, object);
-		if (result == null) {
-			return null;
-		}
-		if (result instanceof AuthorizationDecision decision) {
-			return decision;
-		}
-		throw new IllegalArgumentException(
-				"Please call #authorize or ensure that the returned result is of type AuthorizationDecision");
-	}
-
 	@Override
 	public AuthorizationResult authorize(Supplier<Authentication> authentication, T object) {
 		AuthorizationObservationContext<T> context = new AuthorizationObservationContext<>(object);

core/src/main/java/org/springframework/security/authorization/ObservationReactiveAuthorizationManager.java

@@ -56,21 +56,6 @@ public final class ObservationReactiveAuthorizationManager<T>
 		}
 	}
 
-	/**
-	 * @deprecated please use {@link #authorize(Mono, Object)} instead
-	 */
-	@Deprecated
-	@Override
-	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, T object) {
-		return authorize(authentication, object).flatMap((result) -> {
-			if (result instanceof AuthorizationDecision decision) {
-				return Mono.just(decision);
-			}
-			return Mono.error(new IllegalArgumentException(
-					"Please call #authorize or ensure that the returned result is of type Mono<AuthorizationDecision>"));
-		});
-	}
-
 	@Override
 	public Mono<AuthorizationResult> authorize(Mono<Authentication> authentication, T object) {
 		AuthorizationObservationContext<T> context = new AuthorizationObservationContext<>(object);

core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java

@@ -31,16 +31,6 @@ import org.springframework.security.core.Authentication;
  */
 public interface ReactiveAuthorizationManager<T> {
 
-	/**
-	 * Determines if access is granted for a specific authentication and object.
-	 * @param authentication the Authentication to check
-	 * @param object the object to check
-	 * @return an decision or empty Mono if no decision could be made.
-	 * @deprecated please use {@link #authorize(Mono, Object)} instead
-	 */
-	@Deprecated
-	Mono<AuthorizationDecision> check(Mono<Authentication> authentication, T object);
-
 	/**
 	 * Determines if access should be granted for a specific authentication and object
 	 * @param authentication the Authentication to check
@@ -64,8 +54,6 @@ public interface ReactiveAuthorizationManager<T> {
 	 * @return an decision or empty Mono if no decision could be made.
 	 * @since 6.4
 	 */
-	default Mono<AuthorizationResult> authorize(Mono<Authentication> authentication, T object) {
-		return check(authentication, object).cast(AuthorizationResult.class);
-	}
+	Mono<AuthorizationResult> authorize(Mono<Authentication> authentication, T object);
 
 }

core/src/main/java/org/springframework/security/authorization/SingleResultAuthorizationManager.java

@@ -44,15 +44,10 @@ public final class SingleResultAuthorizationManager<C> implements AuthorizationM
 	}
 
 	@Override
-	public AuthorizationDecision check(Supplier<Authentication> authentication, C object) {
+	public AuthorizationResult authorize(Supplier<Authentication> authentication, C object) {
 		if (!(this.result instanceof AuthorizationDecision)) {
 			throw new IllegalArgumentException("result should be AuthorizationDecision");
 		}
-		return (AuthorizationDecision) this.result;
-	}
-
-	@Override
-	public AuthorizationResult authorize(Supplier<Authentication> authentication, C object) {
 		return this.result;
 	}
 

core/src/main/java/org/springframework/security/authorization/SpringAuthorizationEventPublisher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -52,12 +52,6 @@ public final class SpringAuthorizationEventPublisher implements AuthorizationEve
 	/**
 	 * {@inheritDoc}
 	 */
-	@Override
-	public <T> void publishAuthorizationEvent(Supplier<Authentication> authentication, T object,
-			AuthorizationDecision decision) {
-		publishAuthorizationEvent(authentication, object, (AuthorizationResult) decision);
-	}
-
 	@Override
 	public <T> void publishAuthorizationEvent(Supplier<Authentication> authentication, T object,
 			AuthorizationResult result) {

core/src/main/java/org/springframework/security/authorization/event/AuthorizationDeniedEvent.java

@@ -21,7 +21,6 @@ import java.util.function.Supplier;
 import org.springframework.context.ApplicationEvent;
 import org.springframework.core.ResolvableType;
 import org.springframework.core.ResolvableTypeProvider;
-import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.core.Authentication;
 
@@ -35,14 +34,6 @@ import org.springframework.security.core.Authentication;
 @SuppressWarnings("serial")
 public class AuthorizationDeniedEvent<T> extends AuthorizationEvent implements ResolvableTypeProvider {
 
-	/**
-	 * @deprecated Please use an {@link AuthorizationResult} constructor instead
-	 */
-	@Deprecated
-	public AuthorizationDeniedEvent(Supplier<Authentication> authentication, T object, AuthorizationDecision decision) {
-		super(authentication, object, decision);
-	}
-
 	/**
 	 * @since 6.4
 	 */

core/src/main/java/org/springframework/security/authorization/event/AuthorizationEvent.java

@@ -84,23 +84,6 @@ public class AuthorizationEvent extends ApplicationEvent {
 		return getSource();
 	}
 
-	/**
-	 * Get the response to the principal's request
-	 * @return the response to the principal's request
-	 * @deprecated please use {@link #getAuthorizationResult()}
-	 */
-	@Deprecated
-	public AuthorizationDecision getAuthorizationDecision() {
-		if (this.result == null) {
-			return null;
-		}
-		if (this.result instanceof AuthorizationDecision decision) {
-			return decision;
-		}
-		throw new IllegalArgumentException(
-				"Please either call getAuthorizationResult or ensure that the result is of type AuthorizationDecision");
-	}
-
 	/**
 	 * Get the response to the principal's request
 	 * @return the response to the principal's request

core/src/main/java/org/springframework/security/authorization/event/AuthorizationGrantedEvent.java

@@ -22,7 +22,6 @@ import java.util.function.Supplier;
 import org.springframework.context.ApplicationEvent;
 import org.springframework.core.ResolvableType;
 import org.springframework.core.ResolvableTypeProvider;
-import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.core.Authentication;
 
@@ -38,16 +37,6 @@ public class AuthorizationGrantedEvent<T> extends AuthorizationEvent implements
 	@Serial
 	private static final long serialVersionUID = -8690818228055810339L;
 
-	/**
-	 * @deprecated please use a constructor that takes an
-	 * {@link org.springframework.security.authorization.AuthorizationResult}
-	 */
-	@Deprecated
-	public AuthorizationGrantedEvent(Supplier<Authentication> authentication, T object,
-			AuthorizationDecision decision) {
-		super(authentication, object, decision);
-	}
-
 	/**
 	 * @since 6.4
 	 */

core/src/main/java/org/springframework/security/authorization/method/ExpressionAttributeAuthorizationDecision.java

@@ -1,50 +0,0 @@
-/*
- * Copyright 2002-2021 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.authorization.method;
-
-import org.springframework.security.authorization.AuthorizationDecision;
-
-/**
- * Represents an {@link AuthorizationDecision} based on a {@link ExpressionAttribute}
- *
- * @author Marcus Da Coregio
- * @since 5.6
- * @deprecated Use
- * {@link org.springframework.security.authorization.ExpressionAuthorizationDecision}
- * instead
- */
-@Deprecated
-public class ExpressionAttributeAuthorizationDecision extends AuthorizationDecision {
-
-	private final ExpressionAttribute expressionAttribute;
-
-	public ExpressionAttributeAuthorizationDecision(boolean granted, ExpressionAttribute expressionAttribute) {
-		super(granted);
-		this.expressionAttribute = expressionAttribute;
-	}
-
-	public ExpressionAttribute getExpressionAttribute() {
-		return this.expressionAttribute;
-	}
-
-	@Override
-	public String toString() {
-		return getClass().getSimpleName() + " [" + "granted=" + isGranted() + ", expressionAttribute="
-				+ this.expressionAttribute + ']';
-	}
-
-}

core/src/main/java/org/springframework/security/authorization/method/Jsr250AuthorizationManager.java

@@ -31,7 +31,6 @@ import org.aopalliance.intercept.MethodInvocation;
 
 import org.springframework.lang.NonNull;
 import org.springframework.security.authorization.AuthoritiesAuthorizationManager;
-import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.authorization.SingleResultAuthorizationManager;
@@ -81,20 +80,12 @@ public final class Jsr250AuthorizationManager implements AuthorizationManager<Me
 	}
 
 	/**
-	 * Determine if an {@link Authentication} has access to a method by evaluating the
-	 * {@link DenyAll}, {@link PermitAll}, and {@link RolesAllowed} annotations that
-	 * {@link MethodInvocation} specifies.
-	 * @param authentication the {@link Supplier} of the {@link Authentication} to check
-	 * @param methodInvocation the {@link MethodInvocation} to check
-	 * @return an {@link AuthorizationDecision} or null if the JSR-250 security
-	 * annotations is not present
-	 * @deprecated please use {@link #authorize(Supplier, Object)} instead
+	 * {@inheritDoc}
 	 */
-	@Deprecated
 	@Override
-	public AuthorizationDecision check(Supplier<Authentication> authentication, MethodInvocation methodInvocation) {
+	public AuthorizationResult authorize(Supplier<Authentication> authentication, MethodInvocation methodInvocation) {
 		AuthorizationManager<MethodInvocation> delegate = this.registry.getManager(methodInvocation);
-		return delegate.check(authentication, methodInvocation);
+		return delegate.authorize(authentication, methodInvocation);
 	}
 
 	private final class Jsr250AuthorizationManagerRegistry extends AbstractAuthorizationManagerRegistry {
@@ -138,18 +129,6 @@ public final class Jsr250AuthorizationManager implements AuthorizationManager<Me
 	private interface AuthorizationManagerCheckAdapter<T> extends AuthorizationManager<T> {
 
 		@Override
-		default AuthorizationDecision check(Supplier<Authentication> authentication, T object) {
-			AuthorizationResult result = authorize(authentication, object);
-			if (result == null) {
-				return null;
-			}
-			if (result instanceof AuthorizationDecision decision) {
-				return decision;
-			}
-			throw new IllegalArgumentException(
-					"please call #authorize or ensure that the result is of type AuthorizationDecision");
-		}
-
 		AuthorizationResult authorize(Supplier<Authentication> authentication, T object);
 
 	}

core/src/main/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,8 +25,8 @@ import org.springframework.expression.Expression;
 import org.springframework.security.access.expression.ExpressionUtils;
 import org.springframework.security.access.expression.SecurityExpressionHandler;
 import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
-import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationManager;
+import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.authorization.ExpressionAuthorizationDecision;
 import org.springframework.security.core.Authentication;
 import org.springframework.util.Assert;
@@ -73,7 +73,7 @@ public final class MethodExpressionAuthorizationManager implements Authorization
 	 * expression
 	 */
 	@Override
-	public AuthorizationDecision check(Supplier<Authentication> authentication, MethodInvocation context) {
+	public AuthorizationResult authorize(Supplier<Authentication> authentication, MethodInvocation context) {
 		EvaluationContext ctx = this.expressionHandler.createEvaluationContext(authentication, context);
 		boolean granted = ExpressionUtils.evaluateAsBoolean(this.expression, ctx);
 		return new ExpressionAuthorizationDecision(granted, this.expression);

core/src/main/java/org/springframework/security/authorization/method/NoOpAuthorizationEventPublisher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,7 +18,6 @@ package org.springframework.security.authorization.method;
 
 import java.util.function.Supplier;
 
-import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationEventPublisher;
 import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.core.Authentication;
@@ -31,11 +30,6 @@ import org.springframework.security.core.Authentication;
  */
 final class NoOpAuthorizationEventPublisher implements AuthorizationEventPublisher {
 
-	@Override
-	public <T> void publishAuthorizationEvent(Supplier<Authentication> authentication, T object,
-			AuthorizationDecision decision) {
-	}
-
 	@Override
 	public <T> void publishAuthorizationEvent(Supplier<Authentication> authentication, T object,
 			AuthorizationResult result) {

core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -100,7 +100,7 @@ public final class PostAuthorizeAuthorizationManager
 	 * {@link PostAuthorize} annotation is not present
 	 */
 	@Override
-	public AuthorizationDecision check(Supplier<Authentication> authentication, MethodInvocationResult mi) {
+	public AuthorizationResult authorize(Supplier<Authentication> authentication, MethodInvocationResult mi) {
 		ExpressionAttribute attribute = this.registry.getAttribute(mi.getMethodInvocation());
 		if (attribute == ExpressionAttribute.NULL_ATTRIBUTE) {
 			return null;
@@ -108,7 +108,7 @@ public final class PostAuthorizeAuthorizationManager
 		MethodSecurityExpressionHandler expressionHandler = this.registry.getExpressionHandler();
 		EvaluationContext ctx = expressionHandler.createEvaluationContext(authentication, mi.getMethodInvocation());
 		expressionHandler.setReturnObject(mi.getResult(), ctx);
-		return (AuthorizationDecision) ExpressionUtils.evaluate(attribute.getExpression(), ctx);
+		return ExpressionUtils.evaluate(attribute.getExpression(), ctx);
 	}
 
 	@Override

core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -93,7 +93,7 @@ public final class PostAuthorizeReactiveAuthorizationManager
 	 * {@link PostAuthorize} annotation is not present
 	 */
 	@Override
-	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, MethodInvocationResult result) {
+	public Mono<AuthorizationResult> authorize(Mono<Authentication> authentication, MethodInvocationResult result) {
 		MethodInvocation mi = result.getMethodInvocation();
 		ExpressionAttribute attribute = this.registry.getAttribute(mi);
 		if (attribute == ExpressionAttribute.NULL_ATTRIBUTE) {
@@ -106,7 +106,7 @@ public final class PostAuthorizeReactiveAuthorizationManager
 				.map((auth) -> expressionHandler.createEvaluationContext(auth, mi))
 				.doOnNext((ctx) -> expressionHandler.setReturnObject(result.getResult(), ctx))
 				.flatMap((ctx) -> ReactiveExpressionUtils.evaluate(attribute.getExpression(), ctx))
-				.cast(AuthorizationDecision.class);
+				.cast(AuthorizationResult.class);
 		// @formatter:on
 	}
 

core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -92,13 +92,13 @@ public final class PreAuthorizeAuthorizationManager
 	 * {@link PreAuthorize} annotation is not present
 	 */
 	@Override
-	public AuthorizationDecision check(Supplier<Authentication> authentication, MethodInvocation mi) {
+	public AuthorizationResult authorize(Supplier<Authentication> authentication, MethodInvocation mi) {
 		ExpressionAttribute attribute = this.registry.getAttribute(mi);
 		if (attribute == ExpressionAttribute.NULL_ATTRIBUTE) {
 			return null;
 		}
 		EvaluationContext ctx = this.registry.getExpressionHandler().createEvaluationContext(authentication, mi);
-		return (AuthorizationDecision) ExpressionUtils.evaluate(attribute.getExpression(), ctx);
+		return ExpressionUtils.evaluate(attribute.getExpression(), ctx);
 	}
 
 	@Override

core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,7 +23,6 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
 import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
 import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.authorization.ReactiveAuthorizationManager;
 import org.springframework.security.core.Authentication;
@@ -88,11 +87,11 @@ public final class PreAuthorizeReactiveAuthorizationManager
 	 * by evaluating an expression from the {@link PreAuthorize} annotation.
 	 * @param authentication the {@link Mono} of the {@link Authentication} to check
 	 * @param mi the {@link MethodInvocation} to check
-	 * @return a {@link Mono} of the {@link AuthorizationDecision} or an empty
-	 * {@link Mono} if the {@link PreAuthorize} annotation is not present
+	 * @return a {@link Mono} of the {@link AuthorizationResult} or an empty {@link Mono}
+	 * if the {@link PreAuthorize} annotation is not present
 	 */
 	@Override
-	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, MethodInvocation mi) {
+	public Mono<AuthorizationResult> authorize(Mono<Authentication> authentication, MethodInvocation mi) {
 		ExpressionAttribute attribute = this.registry.getAttribute(mi);
 		if (attribute == ExpressionAttribute.NULL_ATTRIBUTE) {
 			return Mono.empty();
@@ -101,7 +100,7 @@ public final class PreAuthorizeReactiveAuthorizationManager
 		return authentication
 				.map((auth) -> this.registry.getExpressionHandler().createEvaluationContext(auth, mi))
 				.flatMap((ctx) -> ReactiveExpressionUtils.evaluate(attribute.getExpression(), ctx))
-				.cast(AuthorizationDecision.class);
+				.cast(AuthorizationResult.class);
 		// @formatter:on
 	}
 

core/src/main/java/org/springframework/security/authorization/method/SecuredAuthorizationManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,8 +29,8 @@ import org.aopalliance.intercept.MethodInvocation;
 import org.springframework.core.MethodClassKey;
 import org.springframework.security.access.annotation.Secured;
 import org.springframework.security.authorization.AuthoritiesAuthorizationManager;
-import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationManager;
+import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.annotation.SecurityAnnotationScanner;
 import org.springframework.security.core.annotation.SecurityAnnotationScanners;
@@ -66,20 +66,11 @@ public final class SecuredAuthorizationManager implements AuthorizationManager<M
 		this.authoritiesAuthorizationManager = authoritiesAuthorizationManager;
 	}
 
-	/**
-	 * Determine if an {@link Authentication} has access to a method by evaluating the
-	 * {@link Secured} annotation that {@link MethodInvocation} specifies.
-	 * @param authentication the {@link Supplier} of the {@link Authentication} to check
-	 * @param mi the {@link MethodInvocation} to check
-	 * @return an {@link AuthorizationDecision} or null if the {@link Secured} annotation
-	 * is not present
-	 * @deprecated please use {@link #authorize(Supplier, Object)} instead
-	 */
-	@Deprecated
 	@Override
-	public AuthorizationDecision check(Supplier<Authentication> authentication, MethodInvocation mi) {
+	public AuthorizationResult authorize(Supplier<Authentication> authentication, MethodInvocation mi) {
 		Set<String> authorities = getAuthorities(mi);
-		return authorities.isEmpty() ? null : this.authoritiesAuthorizationManager.check(authentication, authorities);
+		return authorities.isEmpty() ? null
+				: this.authoritiesAuthorizationManager.authorize(authentication, authorities);
 	}
 
 	private Set<String> getAuthorities(MethodInvocation methodInvocation) {

core/src/test/java/org/springframework/security/authorization/AuthenticatedAuthorizationManagerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -43,7 +43,7 @@ public class AuthenticatedAuthorizationManagerTests {
 				"ROLE_USER");
 		Object object = new Object();
 
-		assertThat(manager.check(authentication, object).isGranted()).isTrue();
+		assertThat(manager.authorize(authentication, object).isGranted()).isTrue();
 	}
 
 	@Test
@@ -52,7 +52,7 @@ public class AuthenticatedAuthorizationManagerTests {
 		Supplier<Authentication> authentication = () -> null;
 		Object object = new Object();
 
-		assertThat(manager.check(authentication, object).isGranted()).isFalse();
+		assertThat(manager.authorize(authentication, object).isGranted()).isFalse();
 	}
 
 	@Test
@@ -62,7 +62,7 @@ public class AuthenticatedAuthorizationManagerTests {
 				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
 		Object object = new Object();
 
-		assertThat(manager.check(authentication, object).isGranted()).isFalse();
+		assertThat(manager.authorize(authentication, object).isGranted()).isFalse();
 	}
 
 	@Test
@@ -73,7 +73,7 @@ public class AuthenticatedAuthorizationManagerTests {
 		authentication.setAuthenticated(false);
 		Object object = new Object();
 
-		assertThat(manager.check(() -> authentication, object).isGranted()).isFalse();
+		assertThat(manager.authorize(() -> authentication, object).isGranted()).isFalse();
 	}
 
 	@Test
@@ -82,7 +82,7 @@ public class AuthenticatedAuthorizationManagerTests {
 		Supplier<Authentication> authentication = () -> new RememberMeAuthenticationToken("user", "password",
 				Collections.emptyList());
 		Object object = new Object();
-		assertThat(manager.check(authentication, object).isGranted()).isTrue();
+		assertThat(manager.authorize(authentication, object).isGranted()).isTrue();
 	}
 
 	@Test
@@ -91,7 +91,7 @@ public class AuthenticatedAuthorizationManagerTests {
 		Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN",
 				"ROLE_USER");
 		Object object = new Object();
-		assertThat(manager.check(authentication, object).isGranted()).isTrue();
+		assertThat(manager.authorize(authentication, object).isGranted()).isTrue();
 	}
 
 	@Test
@@ -99,7 +99,7 @@ public class AuthenticatedAuthorizationManagerTests {
 		AuthenticatedAuthorizationManager<Object> manager = AuthenticatedAuthorizationManager.fullyAuthenticated();
 		Supplier<Authentication> authentication = () -> null;
 		Object object = new Object();
-		assertThat(manager.check(authentication, object).isGranted()).isFalse();
+		assertThat(manager.authorize(authentication, object).isGranted()).isFalse();
 	}
 
 	@Test
@@ -108,7 +108,7 @@ public class AuthenticatedAuthorizationManagerTests {
 		Supplier<Authentication> authentication = () -> new RememberMeAuthenticationToken("user", "password",
 				Collections.emptyList());
 		Object object = new Object();
-		assertThat(manager.check(authentication, object).isGranted()).isFalse();
+		assertThat(manager.authorize(authentication, object).isGranted()).isFalse();
 	}
 
 	@Test
@@ -117,7 +117,7 @@ public class AuthenticatedAuthorizationManagerTests {
 		Supplier<Authentication> authentication = () -> new AnonymousAuthenticationToken("key", "principal",
 				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
 		Object object = new Object();
-		assertThat(manager.check(authentication, object).isGranted()).isFalse();
+		assertThat(manager.authorize(authentication, object).isGranted()).isFalse();
 	}
 
 	@Test
@@ -126,7 +126,7 @@ public class AuthenticatedAuthorizationManagerTests {
 		Supplier<Authentication> authentication = () -> new AnonymousAuthenticationToken("key", "principal",
 				AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
 		Object object = new Object();
-		assertThat(manager.check(authentication, object).isGranted()).isTrue();
+		assertThat(manager.authorize(authentication, object).isGranted()).isTrue();
 	}
 
 	@Test
@@ -135,7 +135,7 @@ public class AuthenticatedAuthorizationManagerTests {
 		Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN",
 				"ROLE_USER");
 		Object object = new Object();
-		assertThat(manager.check(authentication, object).isGranted()).isFalse();
+		assertThat(manager.authorize(authentication, object).isGranted()).isFalse();
 	}
 
 	@Test
@@ -144,7 +144,7 @@ public class AuthenticatedAuthorizationManagerTests {
 		Supplier<Authentication> authentication = () -> new RememberMeAuthenticationToken("user", "password",
 				Collections.emptyList());
 		Object object = new Object();
-		assertThat(manager.check(authentication, object).isGranted()).isTrue();
+		assertThat(manager.authorize(authentication, object).isGranted()).isTrue();
 	}
 
 	@Test
@@ -153,7 +153,7 @@ public class AuthenticatedAuthorizationManagerTests {
 		Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN",
 				"ROLE_USER");
 		Object object = new Object();
-		assertThat(manager.check(authentication, object).isGranted()).isFalse();
+		assertThat(manager.authorize(authentication, object).isGranted()).isFalse();
 	}
 
 }

core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -46,32 +46,32 @@ public class AuthenticatedReactiveAuthorizationManagerTests {
 	@Test
 	public void checkWhenAuthenticatedThenReturnTrue() {
 		given(this.authentication.isAuthenticated()).willReturn(true);
-		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
+		boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted();
 		assertThat(granted).isTrue();
 	}
 
 	@Test
 	public void checkWhenNotAuthenticatedThenReturnFalse() {
-		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
+		boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted();
 		assertThat(granted).isFalse();
 	}
 
 	@Test
 	public void checkWhenEmptyThenReturnFalse() {
-		boolean granted = this.manager.check(Mono.empty(), null).block().isGranted();
+		boolean granted = this.manager.authorize(Mono.empty(), null).block().isGranted();
 		assertThat(granted).isFalse();
 	}
 
 	@Test
 	public void checkWhenAnonymousAuthenticatedThenReturnFalse() {
 		AnonymousAuthenticationToken anonymousAuthenticationToken = mock(AnonymousAuthenticationToken.class);
-		boolean granted = this.manager.check(Mono.just(anonymousAuthenticationToken), null).block().isGranted();
+		boolean granted = this.manager.authorize(Mono.just(anonymousAuthenticationToken), null).block().isGranted();
 		assertThat(granted).isFalse();
 	}
 
 	@Test
 	public void checkWhenErrorThenError() {
-		Mono<AuthorizationDecision> result = this.manager.check(Mono.error(new RuntimeException("ooops")), null);
+		Mono<AuthorizationResult> result = this.manager.authorize(Mono.error(new RuntimeException("ooops")), null);
 		// @formatter:off
 		StepVerifier.create(result)
 				.expectError()

core/src/test/java/org/springframework/security/authorization/AuthoritiesAuthorizationManagerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -63,14 +63,14 @@ class AuthoritiesAuthorizationManagerTests {
 	void checkWhenUserHasAnyAuthorityThenGrantedDecision() {
 		AuthoritiesAuthorizationManager manager = new AuthoritiesAuthorizationManager();
 		Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "USER");
-		assertThat(manager.check(authentication, Arrays.asList("ADMIN", "USER")).isGranted()).isTrue();
+		assertThat(manager.authorize(authentication, Arrays.asList("ADMIN", "USER")).isGranted()).isTrue();
 	}
 
 	@Test
 	void checkWhenUserHasNotAnyAuthorityThenDeniedDecision() {
 		AuthoritiesAuthorizationManager manager = new AuthoritiesAuthorizationManager();
 		Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ANONYMOUS");
-		assertThat(manager.check(authentication, Arrays.asList("ADMIN", "USER")).isGranted()).isFalse();
+		assertThat(manager.authorize(authentication, Arrays.asList("ADMIN", "USER")).isGranted()).isFalse();
 	}
 
 	@Test
@@ -81,7 +81,7 @@ class AuthoritiesAuthorizationManagerTests {
 		manager.setRoleHierarchy(roleHierarchy);
 		Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password",
 				"ROLE_ADMIN");
-		assertThat(manager.check(authentication, Collections.singleton("ROLE_USER")).isGranted()).isTrue();
+		assertThat(manager.authorize(authentication, Collections.singleton("ROLE_USER")).isGranted()).isTrue();
 	}
 
 }

core/src/test/java/org/springframework/security/authorization/AuthorityAuthorizationManagerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -123,7 +123,7 @@ public class AuthorityAuthorizationManagerTests {
 				"ROLE_USER");
 		Object object = new Object();
 
-		assertThat(manager.check(authentication, object).isGranted()).isTrue();
+		assertThat(manager.authorize(authentication, object).isGranted()).isTrue();
 	}
 
 	@Test
@@ -133,7 +133,7 @@ public class AuthorityAuthorizationManagerTests {
 		Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
 		Object object = new Object();
 
-		assertThat(manager.check(authentication, object).isGranted()).isFalse();
+		assertThat(manager.authorize(authentication, object).isGranted()).isFalse();
 	}
 
 	@Test
@@ -144,7 +144,7 @@ public class AuthorityAuthorizationManagerTests {
 				"USER");
 		Object object = new Object();
 
-		assertThat(manager.check(authentication, object).isGranted()).isTrue();
+		assertThat(manager.authorize(authentication, object).isGranted()).isTrue();
 	}
 
 	@Test
@@ -154,7 +154,7 @@ public class AuthorityAuthorizationManagerTests {
 		Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "USER");
 		Object object = new Object();
 
-		assertThat(manager.check(authentication, object).isGranted()).isFalse();
+		assertThat(manager.authorize(authentication, object).isGranted()).isFalse();
 	}
 
 	@Test
@@ -166,7 +166,7 @@ public class AuthorityAuthorizationManagerTests {
 				Collections.singletonList(customGrantedAuthority));
 		Object object = new Object();
 
-		assertThat(manager.check(authentication, object).isGranted()).isTrue();
+		assertThat(manager.authorize(authentication, object).isGranted()).isTrue();
 	}
 
 	@Test
@@ -178,7 +178,7 @@ public class AuthorityAuthorizationManagerTests {
 				Collections.singletonList(customGrantedAuthority));
 		Object object = new Object();
 
-		assertThat(manager.check(authentication, object).isGranted()).isFalse();
+		assertThat(manager.authorize(authentication, object).isGranted()).isFalse();
 	}
 
 	@Test
@@ -188,7 +188,7 @@ public class AuthorityAuthorizationManagerTests {
 		Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
 		Object object = new Object();
 
-		assertThat(manager.check(authentication, object).isGranted()).isTrue();
+		assertThat(manager.authorize(authentication, object).isGranted()).isTrue();
 	}
 
 	@Test
@@ -199,7 +199,7 @@ public class AuthorityAuthorizationManagerTests {
 				"ROLE_ANONYMOUS");
 		Object object = new Object();
 
-		assertThat(manager.check(authentication, object).isGranted()).isFalse();
+		assertThat(manager.authorize(authentication, object).isGranted()).isFalse();
 	}
 
 	@Test
@@ -210,7 +210,7 @@ public class AuthorityAuthorizationManagerTests {
 				"CUSTOM_USER");
 		Object object = new Object();
 
-		assertThat(manager.check(authentication, object).isGranted()).isTrue();
+		assertThat(manager.authorize(authentication, object).isGranted()).isTrue();
 	}
 
 	@Test
@@ -220,7 +220,7 @@ public class AuthorityAuthorizationManagerTests {
 		Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "USER");
 		Object object = new Object();
 
-		assertThat(manager.check(authentication, object).isGranted()).isTrue();
+		assertThat(manager.authorize(authentication, object).isGranted()).isTrue();
 	}
 
 	@Test
@@ -230,7 +230,7 @@ public class AuthorityAuthorizationManagerTests {
 		Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ANONYMOUS");
 		Object object = new Object();
 
-		assertThat(manager.check(authentication, object).isGranted()).isFalse();
+		assertThat(manager.authorize(authentication, object).isGranted()).isFalse();
 	}
 
 	@Test
@@ -263,7 +263,7 @@ public class AuthorityAuthorizationManagerTests {
 		Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password",
 				"ROLE_ADMIN");
 		Object object = new Object();
-		assertThat(manager.check(authentication, object).isGranted()).isTrue();
+		assertThat(manager.authorize(authentication, object).isGranted()).isTrue();
 	}
 
 	// gh-13079

core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -47,19 +47,19 @@ public class AuthorityReactiveAuthorizationManagerTests {
 
 	@Test
 	public void checkWhenHasAuthorityAndNotAuthenticatedThenReturnFalse() {
-		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
+		boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted();
 		assertThat(granted).isFalse();
 	}
 
 	@Test
 	public void checkWhenHasAuthorityAndEmptyThenReturnFalse() {
-		boolean granted = this.manager.check(Mono.empty(), null).block().isGranted();
+		boolean granted = this.manager.authorize(Mono.empty(), null).block().isGranted();
 		assertThat(granted).isFalse();
 	}
 
 	@Test
 	public void checkWhenHasAuthorityAndErrorThenError() {
-		Mono<AuthorizationDecision> result = this.manager.check(Mono.error(new RuntimeException("ooops")), null);
+		Mono<AuthorizationResult> result = this.manager.authorize(Mono.error(new RuntimeException("ooops")), null);
 		// @formatter:off
 		StepVerifier.create(result)
 				.expectError()
@@ -71,21 +71,21 @@ public class AuthorityReactiveAuthorizationManagerTests {
 	public void checkWhenHasAuthorityAndAuthenticatedAndNoAuthoritiesThenReturnFalse() {
 		given(this.authentication.isAuthenticated()).willReturn(true);
 		given(this.authentication.getAuthorities()).willReturn(Collections.emptyList());
-		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
+		boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted();
 		assertThat(granted).isFalse();
 	}
 
 	@Test
 	public void checkWhenHasAuthorityAndAuthenticatedAndWrongAuthoritiesThenReturnFalse() {
 		this.authentication = new TestingAuthenticationToken("rob", "secret", "ROLE_ADMIN");
-		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
+		boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted();
 		assertThat(granted).isFalse();
 	}
 
 	@Test
 	public void checkWhenHasAuthorityAndAuthorizedThenReturnTrue() {
 		this.authentication = new TestingAuthenticationToken("rob", "secret", "ADMIN");
-		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
+		boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted();
 		assertThat(granted).isTrue();
 	}
 
@@ -94,7 +94,7 @@ public class AuthorityReactiveAuthorizationManagerTests {
 		GrantedAuthority customGrantedAuthority = () -> "ADMIN";
 		this.authentication = new TestingAuthenticationToken("rob", "secret",
 				Collections.singletonList(customGrantedAuthority));
-		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
+		boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted();
 		assertThat(granted).isTrue();
 	}
 
@@ -103,7 +103,7 @@ public class AuthorityReactiveAuthorizationManagerTests {
 		GrantedAuthority customGrantedAuthority = () -> "USER";
 		this.authentication = new TestingAuthenticationToken("rob", "secret",
 				Collections.singletonList(customGrantedAuthority));
-		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
+		boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted();
 		assertThat(granted).isFalse();
 	}
 
@@ -111,7 +111,7 @@ public class AuthorityReactiveAuthorizationManagerTests {
 	public void checkWhenHasRoleAndAuthorizedThenReturnTrue() {
 		this.manager = AuthorityReactiveAuthorizationManager.hasRole("ADMIN");
 		this.authentication = new TestingAuthenticationToken("rob", "secret", "ROLE_ADMIN");
-		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
+		boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted();
 		assertThat(granted).isTrue();
 	}
 
@@ -119,7 +119,7 @@ public class AuthorityReactiveAuthorizationManagerTests {
 	public void checkWhenHasRoleAndNotAuthorizedThenReturnFalse() {
 		this.manager = AuthorityReactiveAuthorizationManager.hasRole("ADMIN");
 		this.authentication = new TestingAuthenticationToken("rob", "secret", "ADMIN");
-		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
+		boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted();
 		assertThat(granted).isFalse();
 	}
 
@@ -128,7 +128,7 @@ public class AuthorityReactiveAuthorizationManagerTests {
 		this.manager = AuthorityReactiveAuthorizationManager.hasAnyRole("GENERAL", "USER", "TEST");
 		this.authentication = new TestingAuthenticationToken("rob", "secret", "ROLE_USER", "ROLE_AUDITING",
 				"ROLE_ADMIN");
-		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
+		boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted();
 		assertThat(granted).isTrue();
 	}
 
@@ -136,7 +136,7 @@ public class AuthorityReactiveAuthorizationManagerTests {
 	public void checkWhenHasAnyRoleAndNotAuthorizedThenReturnFalse() {
 		this.manager = AuthorityReactiveAuthorizationManager.hasAnyRole("GENERAL", "USER", "TEST");
 		this.authentication = new TestingAuthenticationToken("rob", "secret", "USER", "AUDITING", "ADMIN");
-		boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted();
+		boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted();
 		assertThat(granted).isFalse();
 	}
 

core/src/test/java/org/springframework/security/authorization/AuthorizationManagersTests.java

@@ -31,7 +31,7 @@ class AuthorizationManagersTests {
 	void checkAnyOfWhenOneGrantedThenGrantedDecision() {
 		AuthorizationManager<?> composed = AuthorizationManagers.anyOf(SingleResultAuthorizationManager.permitAll(),
 				SingleResultAuthorizationManager.permitAll());
-		AuthorizationDecision decision = composed.check(null, null);
+		AuthorizationResult decision = composed.authorize(null, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -41,7 +41,7 @@ class AuthorizationManagersTests {
 		AuthorizationDecision allAbstainDefaultDecision = new AuthorizationDecision(false);
 		AuthorizationManager<?> composed = AuthorizationManagers.anyOf(allAbstainDefaultDecision,
 				(a, o) -> new AuthorizationDecision(false), (a, o) -> new AuthorizationDecision(true));
-		AuthorizationDecision decision = composed.check(null, null);
+		AuthorizationResult decision = composed.authorize(null, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -51,7 +51,7 @@ class AuthorizationManagersTests {
 	void checkAnyOfWhenAllNonAbstainingDeniesThenDeniedDecision() {
 		AuthorizationManager<?> composed = AuthorizationManagers.anyOf((a, o) -> new AuthorizationDecision(false),
 				(a, o) -> null);
-		AuthorizationDecision decision = composed.check(null, null);
+		AuthorizationResult decision = composed.authorize(null, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -59,7 +59,7 @@ class AuthorizationManagersTests {
 	@Test
 	void checkAnyOfWhenEmptyThenDeniedDecision() {
 		AuthorizationManager<?> composed = AuthorizationManagers.anyOf();
-		AuthorizationDecision decision = composed.check(null, null);
+		AuthorizationResult decision = composed.authorize(null, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -68,7 +68,7 @@ class AuthorizationManagersTests {
 	void checkAnyOfWithAllAbstainDefaultDecisionIsDeniedWhenEmptyThenDeniedDecision() {
 		AuthorizationDecision allAbstainDefaultDecision = new AuthorizationDecision(false);
 		AuthorizationManager<?> composed = AuthorizationManagers.anyOf(allAbstainDefaultDecision);
-		AuthorizationDecision decision = composed.check(null, null);
+		AuthorizationResult decision = composed.authorize(null, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -77,7 +77,7 @@ class AuthorizationManagersTests {
 	void checkAnyOfWithAllAbstainDefaultDecisionIsGrantedWhenEmptyThenGrantedDecision() {
 		AuthorizationDecision allAbstainDefaultDecision = new AuthorizationDecision(true);
 		AuthorizationManager<?> composed = AuthorizationManagers.anyOf(allAbstainDefaultDecision);
-		AuthorizationDecision decision = composed.check(null, null);
+		AuthorizationResult decision = composed.authorize(null, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -86,7 +86,7 @@ class AuthorizationManagersTests {
 	void checkAnyOfWithAllAbstainDefaultDecisionIsAbstainWhenEmptyThenAbstainDecision() {
 		AuthorizationDecision allAbstainDefaultDecision = null;
 		AuthorizationManager<?> composed = AuthorizationManagers.anyOf(allAbstainDefaultDecision);
-		AuthorizationDecision decision = composed.check(null, null);
+		AuthorizationResult decision = composed.authorize(null, null);
 		assertThat(decision).isNull();
 	}
 
@@ -94,7 +94,7 @@ class AuthorizationManagersTests {
 	void checkAnyOfWhenAllAbstainDefaultDecisionIsGrantedAndAllManagersAbstainThenGrantedDecision() {
 		AuthorizationDecision allAbstainDefaultDecision = new AuthorizationDecision(true);
 		AuthorizationManager<?> composed = AuthorizationManagers.anyOf(allAbstainDefaultDecision, (a, o) -> null);
-		AuthorizationDecision decision = composed.check(null, null);
+		AuthorizationResult decision = composed.authorize(null, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -103,7 +103,7 @@ class AuthorizationManagersTests {
 	void checkAnyOfWhenAllAbstainDefaultDecisionIsDeniedAndAllManagersAbstainThenDeniedDecision() {
 		AuthorizationDecision allAbstainDefaultDecision = new AuthorizationDecision(false);
 		AuthorizationManager<?> composed = AuthorizationManagers.anyOf(allAbstainDefaultDecision, (a, o) -> null);
-		AuthorizationDecision decision = composed.check(null, null);
+		AuthorizationResult decision = composed.authorize(null, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -112,7 +112,7 @@ class AuthorizationManagersTests {
 	void checkAnyOfWhenAllAbstainDefaultDecisionIsAbstainAndAllManagersAbstainThenAbstainDecision() {
 		AuthorizationDecision allAbstainDefaultDecision = null;
 		AuthorizationManager<?> composed = AuthorizationManagers.anyOf(allAbstainDefaultDecision, (a, o) -> null);
-		AuthorizationDecision decision = composed.check(null, null);
+		AuthorizationResult decision = composed.authorize(null, null);
 		assertThat(decision).isNull();
 	}
 
@@ -120,7 +120,7 @@ class AuthorizationManagersTests {
 	void checkAllOfWhenAllGrantedThenGrantedDecision() {
 		AuthorizationManager<?> composed = AuthorizationManagers.allOf(SingleResultAuthorizationManager.permitAll(),
 				SingleResultAuthorizationManager.permitAll());
-		AuthorizationDecision decision = composed.check(null, null);
+		AuthorizationResult decision = composed.authorize(null, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -130,7 +130,7 @@ class AuthorizationManagersTests {
 		AuthorizationDecision allAbstainDefaultDecision = new AuthorizationDecision(false);
 		AuthorizationManager<?> composed = AuthorizationManagers.allOf(allAbstainDefaultDecision,
 				(a, o) -> new AuthorizationDecision(true), (a, o) -> new AuthorizationDecision(true));
-		AuthorizationDecision decision = composed.check(null, null);
+		AuthorizationResult decision = composed.authorize(null, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -140,7 +140,7 @@ class AuthorizationManagersTests {
 	void checkAllOfWhenAllNonAbstainingGrantsThenGrantedDecision() {
 		AuthorizationManager<?> composed = AuthorizationManagers.allOf((a, o) -> new AuthorizationDecision(true),
 				(a, o) -> null);
-		AuthorizationDecision decision = composed.check(null, null);
+		AuthorizationResult decision = composed.authorize(null, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -149,7 +149,7 @@ class AuthorizationManagersTests {
 	void checkAllOfWhenOneDeniedThenDeniedDecision() {
 		AuthorizationManager<?> composed = AuthorizationManagers.allOf((a, o) -> new AuthorizationDecision(true),
 				(a, o) -> new AuthorizationDecision(false));
-		AuthorizationDecision decision = composed.check(null, null);
+		AuthorizationResult decision = composed.authorize(null, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -159,7 +159,7 @@ class AuthorizationManagersTests {
 		AuthorizationDecision allAbstainDefaultDecision = new AuthorizationDecision(true);
 		AuthorizationManager<?> composed = AuthorizationManagers.allOf(allAbstainDefaultDecision,
 				SingleResultAuthorizationManager.permitAll(), SingleResultAuthorizationManager.denyAll());
-		AuthorizationDecision decision = composed.check(null, null);
+		AuthorizationResult decision = composed.authorize(null, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -167,7 +167,7 @@ class AuthorizationManagersTests {
 	@Test
 	void checkAllOfWhenEmptyThenGrantedDecision() {
 		AuthorizationManager<?> composed = AuthorizationManagers.allOf();
-		AuthorizationDecision decision = composed.check(null, null);
+		AuthorizationResult decision = composed.authorize(null, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -176,7 +176,7 @@ class AuthorizationManagersTests {
 	void checkAllOfWithAllAbstainDefaultDecisionIsDeniedWhenEmptyThenDeniedDecision() {
 		AuthorizationDecision allAbstainDefaultDecision = new AuthorizationDecision(false);
 		AuthorizationManager<?> composed = AuthorizationManagers.allOf(allAbstainDefaultDecision);
-		AuthorizationDecision decision = composed.check(null, null);
+		AuthorizationResult decision = composed.authorize(null, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -185,7 +185,7 @@ class AuthorizationManagersTests {
 	void checkAllOfWithAllAbstainDefaultDecisionIsGrantedWhenEmptyThenGrantedDecision() {
 		AuthorizationDecision allAbstainDefaultDecision = new AuthorizationDecision(true);
 		AuthorizationManager<?> composed = AuthorizationManagers.allOf(allAbstainDefaultDecision);
-		AuthorizationDecision decision = composed.check(null, null);
+		AuthorizationResult decision = composed.authorize(null, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -194,7 +194,7 @@ class AuthorizationManagersTests {
 	void checkAllOfWithAllAbstainDefaultDecisionIsAbstainWhenEmptyThenAbstainDecision() {
 		AuthorizationDecision allAbstainDefaultDecision = null;
 		AuthorizationManager<?> composed = AuthorizationManagers.allOf(allAbstainDefaultDecision);
-		AuthorizationDecision decision = composed.check(null, null);
+		AuthorizationResult decision = composed.authorize(null, null);
 		assertThat(decision).isNull();
 	}
 
@@ -202,7 +202,7 @@ class AuthorizationManagersTests {
 	void checkAllOfWhenAllAbstainDefaultDecisionIsDeniedAndAllManagersAbstainThenDeniedDecision() {
 		AuthorizationDecision allAbstainDefaultDecision = new AuthorizationDecision(false);
 		AuthorizationManager<?> composed = AuthorizationManagers.allOf(allAbstainDefaultDecision, (a, o) -> null);
-		AuthorizationDecision decision = composed.check(null, null);
+		AuthorizationResult decision = composed.authorize(null, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -211,7 +211,7 @@ class AuthorizationManagersTests {
 	void checkAllOfWhenAllAbstainDefaultDecisionIsGrantedAndAllManagersAbstainThenGrantedDecision() {
 		AuthorizationDecision allAbstainDefaultDecision = new AuthorizationDecision(true);
 		AuthorizationManager<?> composed = AuthorizationManagers.allOf(allAbstainDefaultDecision, (a, o) -> null);
-		AuthorizationDecision decision = composed.check(null, null);
+		AuthorizationResult decision = composed.authorize(null, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -220,21 +220,21 @@ class AuthorizationManagersTests {
 	void checkAllOfWhenAllAbstainDefaultDecisionIsAbstainAndAllManagersAbstainThenAbstainDecision() {
 		AuthorizationDecision allAbstainDefaultDecision = null;
 		AuthorizationManager<?> composed = AuthorizationManagers.allOf(allAbstainDefaultDecision, (a, o) -> null);
-		AuthorizationDecision decision = composed.check(null, null);
+		AuthorizationResult decision = composed.authorize(null, null);
 		assertThat(decision).isNull();
 	}
 
 	@Test
 	void checkNotWhenEmptyThenAbstainedDecision() {
 		AuthorizationManager<?> negated = AuthorizationManagers.not((a, o) -> null);
-		AuthorizationDecision decision = negated.check(null, null);
+		AuthorizationResult decision = negated.authorize(null, null);
 		assertThat(decision).isNull();
 	}
 
 	@Test
 	void checkNotWhenGrantedThenDeniedDecision() {
 		AuthorizationManager<?> negated = AuthorizationManagers.not((a, o) -> new AuthorizationDecision(true));
-		AuthorizationDecision decision = negated.check(null, null);
+		AuthorizationResult decision = negated.authorize(null, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}

core/src/test/java/org/springframework/security/authorization/ObservationAuthorizationManagerTests.java

@@ -73,8 +73,7 @@ public class ObservationAuthorizationManagerTests {
 	@Test
 	void verifyWhenDefaultsThenObserves() {
 		given(this.handler.supportsContext(any())).willReturn(true);
-		given(this.authorizationManager.check(any(), any())).willReturn(this.grant);
-		given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(this.authorizationManager.authorize(any(), any())).willReturn(this.grant);
 		this.tested.verify(this.token, this.object);
 		ArgumentCaptor<Observation.Context> captor = ArgumentCaptor.forClass(Observation.Context.class);
 		verify(this.handler).onStart(captor.capture());
@@ -84,7 +83,7 @@ public class ObservationAuthorizationManagerTests {
 		AuthorizationObservationContext<?> context = (AuthorizationObservationContext<?>) captor.getValue();
 		assertThat(context.getAuthentication()).isNull();
 		assertThat(context.getObject()).isEqualTo(this.object);
-		assertThat(context.getDecision()).isEqualTo(this.grant);
+		assertThat(context.getAuthorizationResult()).isEqualTo(this.grant);
 	}
 
 	@Test
@@ -92,8 +91,7 @@ public class ObservationAuthorizationManagerTests {
 		MessageSource source = mock(MessageSource.class);
 		this.tested.setMessageSource(source);
 		given(this.handler.supportsContext(any())).willReturn(true);
-		given(this.authorizationManager.check(any(), any())).willReturn(this.deny);
-		given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(this.authorizationManager.authorize(any(), any())).willReturn(this.deny);
 		given(source.getMessage(eq("AbstractAccessDecisionManager.accessDenied"), any(), any(), any()))
 			.willReturn("accessDenied");
 		assertThatExceptionOfType(AccessDeniedException.class)
@@ -108,17 +106,16 @@ public class ObservationAuthorizationManagerTests {
 		AuthorizationObservationContext<?> context = (AuthorizationObservationContext<?>) captor.getValue();
 		assertThat(context.getAuthentication()).isNull();
 		assertThat(context.getObject()).isEqualTo(this.object);
-		assertThat(context.getDecision()).isEqualTo(this.deny);
+		assertThat(context.getAuthorizationResult()).isEqualTo(this.deny);
 	}
 
 	@Test
 	void verifyWhenLooksUpAuthenticationThenObserves() {
 		given(this.handler.supportsContext(any())).willReturn(true);
-		given(this.authorizationManager.check(any(), any())).willAnswer((invocation) -> {
+		given(this.authorizationManager.authorize(any(), any())).willAnswer((invocation) -> {
 			((Supplier<Authentication>) invocation.getArgument(0)).get();
 			return this.grant;
 		});
-		given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
 		this.tested.verify(this.token, this.object);
 		ArgumentCaptor<Observation.Context> captor = ArgumentCaptor.forClass(Observation.Context.class);
 		verify(this.handler).onStart(captor.capture());
@@ -127,7 +124,7 @@ public class ObservationAuthorizationManagerTests {
 		AuthorizationObservationContext<?> context = (AuthorizationObservationContext<?>) captor.getValue();
 		assertThat(context.getAuthentication()).isEqualTo(this.token.get());
 		assertThat(context.getObject()).isEqualTo(this.object);
-		assertThat(context.getDecision()).isEqualTo(this.grant);
+		assertThat(context.getAuthorizationResult()).isEqualTo(this.grant);
 	}
 
 	@Test

core/src/test/java/org/springframework/security/authorization/ObservationReactiveAuthorizationManagerTests.java

@@ -69,8 +69,7 @@ public class ObservationReactiveAuthorizationManagerTests {
 	@Test
 	void verifyWhenDefaultsThenObserves() {
 		given(this.handler.supportsContext(any())).willReturn(true);
-		given(this.authorizationManager.check(any(), any())).willReturn(Mono.just(this.grant));
-		given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(this.authorizationManager.authorize(any(), any())).willReturn(Mono.just(this.grant));
 		this.tested.verify(this.token, this.object).block();
 		ArgumentCaptor<Observation.Context> captor = ArgumentCaptor.forClass(Observation.Context.class);
 		verify(this.handler).onStart(captor.capture());
@@ -80,14 +79,13 @@ public class ObservationReactiveAuthorizationManagerTests {
 		AuthorizationObservationContext<?> context = (AuthorizationObservationContext<?>) captor.getValue();
 		assertThat(context.getAuthentication()).isNull();
 		assertThat(context.getObject()).isEqualTo(this.object);
-		assertThat(context.getDecision()).isEqualTo(this.grant);
+		assertThat(context.getAuthorizationResult()).isEqualTo(this.grant);
 	}
 
 	@Test
 	void verifyWhenErrorsThenObserves() {
 		given(this.handler.supportsContext(any())).willReturn(true);
-		given(this.authorizationManager.check(any(), any())).willReturn(Mono.just(this.deny));
-		given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(this.authorizationManager.authorize(any(), any())).willReturn(Mono.just(this.deny));
 		assertThatExceptionOfType(AccessDeniedException.class)
 			.isThrownBy(() -> this.tested.verify(this.token, this.object).block());
 		ArgumentCaptor<Observation.Context> captor = ArgumentCaptor.forClass(Observation.Context.class);
@@ -98,17 +96,16 @@ public class ObservationReactiveAuthorizationManagerTests {
 		AuthorizationObservationContext<?> context = (AuthorizationObservationContext<?>) captor.getValue();
 		assertThat(context.getAuthentication()).isNull();
 		assertThat(context.getObject()).isEqualTo(this.object);
-		assertThat(context.getDecision()).isEqualTo(this.deny);
+		assertThat(context.getAuthorizationResult()).isEqualTo(this.deny);
 	}
 
 	@Test
 	void verifyWhenLooksUpAuthenticationThenObserves() {
 		given(this.handler.supportsContext(any())).willReturn(true);
-		given(this.authorizationManager.check(any(), any())).willAnswer((invocation) -> {
+		given(this.authorizationManager.authorize(any(), any())).willAnswer((invocation) -> {
 			((Mono<Authentication>) invocation.getArgument(0)).block();
 			return Mono.just(this.grant);
 		});
-		given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
 		this.tested.verify(this.token, this.object).block();
 		ArgumentCaptor<Observation.Context> captor = ArgumentCaptor.forClass(Observation.Context.class);
 		verify(this.handler).onStart(captor.capture());
@@ -117,7 +114,7 @@ public class ObservationReactiveAuthorizationManagerTests {
 		AuthorizationObservationContext<?> context = (AuthorizationObservationContext<?>) captor.getValue();
 		assertThat(context.getAuthentication()).isEqualTo(this.token.block());
 		assertThat(context.getObject()).isEqualTo(this.object);
-		assertThat(context.getDecision()).isEqualTo(this.grant);
+		assertThat(context.getAuthorizationResult()).isEqualTo(this.grant);
 	}
 
 	@Test

core/src/test/java/org/springframework/security/authorization/SingleResultAuthorizationManagerTests.java

@@ -43,7 +43,7 @@ public class SingleResultAuthorizationManagerTests {
 	void checkWhenManagerWithGrantedDecisionIsCreatedThenAuthorizes() {
 		this.manager = new SingleResultAuthorizationManager<>(new AuthorizationDecision(true));
 
-		AuthorizationResult result = this.manager.check(null, null);
+		AuthorizationResult result = this.manager.authorize(null, null);
 
 		assertThat(result.isGranted()).isTrue();
 	}
@@ -52,7 +52,7 @@ public class SingleResultAuthorizationManagerTests {
 	void checkWhenManagerWithGrantedCustomAuthorizationResultIsCreatedThenFails() {
 		this.manager = new SingleResultAuthorizationManager<>((AuthorizationResult) () -> true);
 
-		assertThatIllegalArgumentException().isThrownBy(() -> this.manager.check(null, null));
+		assertThatIllegalArgumentException().isThrownBy(() -> this.manager.authorize(null, null));
 	}
 
 	@Test

core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterMethodInterceptorTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -42,7 +42,6 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
-import static org.mockito.Mockito.doCallRealMethod;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 
@@ -75,12 +74,11 @@ public class AuthorizationManagerAfterMethodInterceptorTests {
 		MethodInvocationResult result = new MethodInvocationResult(mockMethodInvocation, new Object());
 		given(mockMethodInvocation.proceed()).willReturn(result.getResult());
 		AuthorizationManager<MethodInvocationResult> mockAuthorizationManager = mock(AuthorizationManager.class);
-		given(mockAuthorizationManager.authorize(any(), any())).willCallRealMethod();
 		AuthorizationManagerAfterMethodInterceptor advice = new AuthorizationManagerAfterMethodInterceptor(
 				Pointcut.TRUE, mockAuthorizationManager);
 		Object returnedObject = advice.invoke(mockMethodInvocation);
 		assertThat(returnedObject).isEqualTo(result.getResult());
-		verify(mockAuthorizationManager).check(any(Supplier.class), any(MethodInvocationResult.class));
+		verify(mockAuthorizationManager).authorize(any(Supplier.class), any(MethodInvocationResult.class));
 	}
 
 	@Test
@@ -130,8 +128,6 @@ public class AuthorizationManagerAfterMethodInterceptorTests {
 		AuthorizationManagerAfterMethodInterceptor advice = new AuthorizationManagerAfterMethodInterceptor(
 				Pointcut.TRUE, AuthenticatedAuthorizationManager.authenticated());
 		AuthorizationEventPublisher eventPublisher = mock(AuthorizationEventPublisher.class);
-		doCallRealMethod().when(eventPublisher)
-			.publishAuthorizationEvent(any(Supplier.class), any(), any(AuthorizationResult.class));
 		advice.setAuthorizationEventPublisher(eventPublisher);
 
 		SecurityContext securityContext = new SecurityContextImpl();
@@ -152,9 +148,8 @@ public class AuthorizationManagerAfterMethodInterceptorTests {
 		MethodInvocation mi = mock(MethodInvocation.class);
 		given(mi.proceed()).willReturn("ok");
 		AuthorizationManager<MethodInvocationResult> manager = mock(AuthorizationManager.class);
-		given(manager.check(any(), any()))
+		given(manager.authorize(any(), any()))
 			.willThrow(new MyAuthzDeniedException("denied", new AuthorizationDecision(false)));
-		given(manager.authorize(any(), any())).willCallRealMethod();
 		AuthorizationManagerAfterMethodInterceptor advice = new AuthorizationManagerAfterMethodInterceptor(
 				Pointcut.TRUE, manager);
 		assertThatExceptionOfType(MyAuthzDeniedException.class).isThrownBy(() -> advice.invoke(mi));

core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterReactiveMethodInterceptorTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -70,16 +70,15 @@ public class AuthorizationManagerAfterReactiveMethodInterceptorTests {
 		given(mockMethodInvocation.proceed()).willReturn(Mono.just("john"));
 		ReactiveAuthorizationManager<MethodInvocationResult> mockReactiveAuthorizationManager = mock(
 				ReactiveAuthorizationManager.class);
-		given(mockReactiveAuthorizationManager.check(any(), any()))
+		given(mockReactiveAuthorizationManager.authorize(any(), any()))
 			.willReturn(Mono.just(new AuthorizationDecision(true)));
-		given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod();
 		AuthorizationManagerAfterReactiveMethodInterceptor interceptor = new AuthorizationManagerAfterReactiveMethodInterceptor(
 				Pointcut.TRUE, mockReactiveAuthorizationManager);
 		Object result = interceptor.invoke(mockMethodInvocation);
 		assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class))
 			.extracting(Mono::block)
 			.isEqualTo("john");
-		verify(mockReactiveAuthorizationManager).check(any(), any());
+		verify(mockReactiveAuthorizationManager).authorize(any(), any());
 	}
 
 	@Test
@@ -89,9 +88,8 @@ public class AuthorizationManagerAfterReactiveMethodInterceptorTests {
 		given(mockMethodInvocation.proceed()).willReturn(Flux.just("john", "bob"));
 		ReactiveAuthorizationManager<MethodInvocationResult> mockReactiveAuthorizationManager = mock(
 				ReactiveAuthorizationManager.class);
-		given(mockReactiveAuthorizationManager.check(any(), any()))
+		given(mockReactiveAuthorizationManager.authorize(any(), any()))
 			.willReturn(Mono.just(new AuthorizationDecision(true)));
-		given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod();
 		AuthorizationManagerAfterReactiveMethodInterceptor interceptor = new AuthorizationManagerAfterReactiveMethodInterceptor(
 				Pointcut.TRUE, mockReactiveAuthorizationManager);
 		Object result = interceptor.invoke(mockMethodInvocation);
@@ -99,7 +97,7 @@ public class AuthorizationManagerAfterReactiveMethodInterceptorTests {
 			.extracting(Flux::collectList)
 			.extracting(Mono::block, InstanceOfAssertFactories.list(String.class))
 			.containsExactly("john", "bob");
-		verify(mockReactiveAuthorizationManager, times(2)).check(any(), any());
+		verify(mockReactiveAuthorizationManager, times(2)).authorize(any(), any());
 	}
 
 	@Test
@@ -109,9 +107,8 @@ public class AuthorizationManagerAfterReactiveMethodInterceptorTests {
 		given(mockMethodInvocation.proceed()).willReturn(Mono.just("john"));
 		ReactiveAuthorizationManager<MethodInvocationResult> mockReactiveAuthorizationManager = mock(
 				ReactiveAuthorizationManager.class);
-		given(mockReactiveAuthorizationManager.check(any(), any()))
+		given(mockReactiveAuthorizationManager.authorize(any(), any()))
 			.willReturn(Mono.just(new AuthorizationDecision(false)));
-		given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod();
 		AuthorizationManagerAfterReactiveMethodInterceptor interceptor = new AuthorizationManagerAfterReactiveMethodInterceptor(
 				Pointcut.TRUE, mockReactiveAuthorizationManager);
 		Object result = interceptor.invoke(mockMethodInvocation);
@@ -119,7 +116,7 @@ public class AuthorizationManagerAfterReactiveMethodInterceptorTests {
 			.isThrownBy(() -> assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class))
 				.extracting(Mono::block))
 			.withMessage("Access Denied");
-		verify(mockReactiveAuthorizationManager).check(any(), any());
+		verify(mockReactiveAuthorizationManager).authorize(any(), any());
 	}
 
 	@Test
@@ -132,8 +129,7 @@ public class AuthorizationManagerAfterReactiveMethodInterceptorTests {
 				HandlingReactiveAuthorizationManager.class);
 		given(mockReactiveAuthorizationManager.handleDeniedInvocationResult(any(), any(AuthorizationResult.class)))
 			.willAnswer(this::masking);
-		given(mockReactiveAuthorizationManager.check(any(), any())).willReturn(Mono.empty());
-		given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(mockReactiveAuthorizationManager.authorize(any(), any())).willReturn(Mono.empty());
 		AuthorizationManagerAfterReactiveMethodInterceptor interceptor = new AuthorizationManagerAfterReactiveMethodInterceptor(
 				Pointcut.TRUE, mockReactiveAuthorizationManager);
 		Object result = interceptor.invoke(mockMethodInvocation);
@@ -141,7 +137,7 @@ public class AuthorizationManagerAfterReactiveMethodInterceptorTests {
 			.extracting(Flux::collectList)
 			.extracting(Mono::block, InstanceOfAssertFactories.list(String.class))
 			.containsExactly("john-masked", "bob-masked");
-		verify(mockReactiveAuthorizationManager, times(2)).check(any(), any());
+		verify(mockReactiveAuthorizationManager, times(2)).authorize(any(), any());
 	}
 
 	@Test
@@ -159,8 +155,7 @@ public class AuthorizationManagerAfterReactiveMethodInterceptorTests {
 				}
 				return Mono.just(argument.getResult());
 			});
-		given(mockReactiveAuthorizationManager.check(any(), any())).willReturn(Mono.empty());
-		given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(mockReactiveAuthorizationManager.authorize(any(), any())).willReturn(Mono.empty());
 		AuthorizationManagerAfterReactiveMethodInterceptor interceptor = new AuthorizationManagerAfterReactiveMethodInterceptor(
 				Pointcut.TRUE, mockReactiveAuthorizationManager);
 		Object result = interceptor.invoke(mockMethodInvocation);
@@ -168,7 +163,7 @@ public class AuthorizationManagerAfterReactiveMethodInterceptorTests {
 			.extracting(Flux::collectList)
 			.extracting(Mono::block, InstanceOfAssertFactories.list(String.class))
 			.containsExactly("john", "bob-masked");
-		verify(mockReactiveAuthorizationManager, times(2)).check(any(), any());
+		verify(mockReactiveAuthorizationManager, times(2)).authorize(any(), any());
 	}
 
 	@Test
@@ -180,15 +175,14 @@ public class AuthorizationManagerAfterReactiveMethodInterceptorTests {
 				HandlingReactiveAuthorizationManager.class);
 		given(mockReactiveAuthorizationManager.handleDeniedInvocationResult(any(), any(AuthorizationResult.class)))
 			.willAnswer(this::masking);
-		given(mockReactiveAuthorizationManager.check(any(), any())).willReturn(Mono.empty());
-		given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(mockReactiveAuthorizationManager.authorize(any(), any())).willReturn(Mono.empty());
 		AuthorizationManagerAfterReactiveMethodInterceptor interceptor = new AuthorizationManagerAfterReactiveMethodInterceptor(
 				Pointcut.TRUE, mockReactiveAuthorizationManager);
 		Object result = interceptor.invoke(mockMethodInvocation);
 		assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class))
 			.extracting(Mono::block)
 			.isEqualTo("john-masked");
-		verify(mockReactiveAuthorizationManager).check(any(), any());
+		verify(mockReactiveAuthorizationManager).authorize(any(), any());
 	}
 
 	@Test
@@ -200,15 +194,14 @@ public class AuthorizationManagerAfterReactiveMethodInterceptorTests {
 				HandlingReactiveAuthorizationManager.class);
 		given(mockReactiveAuthorizationManager.handleDeniedInvocationResult(any(), any(AuthorizationResult.class)))
 			.willAnswer(this::monoMasking);
-		given(mockReactiveAuthorizationManager.check(any(), any())).willReturn(Mono.empty());
-		given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(mockReactiveAuthorizationManager.authorize(any(), any())).willReturn(Mono.empty());
 		AuthorizationManagerAfterReactiveMethodInterceptor interceptor = new AuthorizationManagerAfterReactiveMethodInterceptor(
 				Pointcut.TRUE, mockReactiveAuthorizationManager);
 		Object result = interceptor.invoke(mockMethodInvocation);
 		assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class))
 			.extracting(Mono::block)
 			.isEqualTo("john-masked");
-		verify(mockReactiveAuthorizationManager).check(any(), any());
+		verify(mockReactiveAuthorizationManager).authorize(any(), any());
 	}
 
 	@Test
@@ -220,15 +213,14 @@ public class AuthorizationManagerAfterReactiveMethodInterceptorTests {
 				HandlingReactiveAuthorizationManager.class);
 		given(mockReactiveAuthorizationManager.handleDeniedInvocationResult(any(), any(AuthorizationResult.class)))
 			.willReturn(null);
-		given(mockReactiveAuthorizationManager.check(any(), any())).willReturn(Mono.empty());
-		given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(mockReactiveAuthorizationManager.authorize(any(), any())).willReturn(Mono.empty());
 		AuthorizationManagerAfterReactiveMethodInterceptor interceptor = new AuthorizationManagerAfterReactiveMethodInterceptor(
 				Pointcut.TRUE, mockReactiveAuthorizationManager);
 		Object result = interceptor.invoke(mockMethodInvocation);
 		assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class))
 			.extracting(Mono::block)
 			.isEqualTo(null);
-		verify(mockReactiveAuthorizationManager).check(any(), any());
+		verify(mockReactiveAuthorizationManager).authorize(any(), any());
 	}
 
 	@Test
@@ -238,8 +230,7 @@ public class AuthorizationManagerAfterReactiveMethodInterceptorTests {
 		given(mockMethodInvocation.proceed()).willReturn(Mono.just("john"));
 		ReactiveAuthorizationManager<MethodInvocationResult> mockReactiveAuthorizationManager = mock(
 				ReactiveAuthorizationManager.class);
-		given(mockReactiveAuthorizationManager.check(any(), any())).willReturn(Mono.empty());
-		given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(mockReactiveAuthorizationManager.authorize(any(), any())).willReturn(Mono.empty());
 		AuthorizationManagerAfterReactiveMethodInterceptor interceptor = new AuthorizationManagerAfterReactiveMethodInterceptor(
 				Pointcut.TRUE, mockReactiveAuthorizationManager);
 		Object result = interceptor.invoke(mockMethodInvocation);
@@ -247,7 +238,7 @@ public class AuthorizationManagerAfterReactiveMethodInterceptorTests {
 			.isThrownBy(() -> assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class))
 				.extracting(Mono::block))
 			.withMessage("Access Denied");
-		verify(mockReactiveAuthorizationManager).check(any(), any());
+		verify(mockReactiveAuthorizationManager).authorize(any(), any());
 	}
 
 	@Test
@@ -256,9 +247,8 @@ public class AuthorizationManagerAfterReactiveMethodInterceptorTests {
 				new MockMethodInvocation(new Sample(), Sample.class.getDeclaredMethod("mono")));
 		given(mockMethodInvocation.proceed()).willReturn(Mono.just("ok"));
 		ReactiveAuthorizationManager<MethodInvocationResult> manager = mock(ReactiveAuthorizationManager.class);
-		given(manager.check(any(), any()))
+		given(manager.authorize(any(), any()))
 			.willReturn(Mono.error(new MyAuthzDeniedException("denied", new AuthorizationDecision(false))));
-		given(manager.authorize(any(), any())).willCallRealMethod();
 		AuthorizationManagerAfterReactiveMethodInterceptor advice = new AuthorizationManagerAfterReactiveMethodInterceptor(
 				Pointcut.TRUE, manager);
 		assertThatExceptionOfType(MyAuthzDeniedException.class)

core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeMethodInterceptorTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -41,7 +41,6 @@ import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
-import static org.mockito.Mockito.doCallRealMethod;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 
@@ -71,11 +70,10 @@ public class AuthorizationManagerBeforeMethodInterceptorTests {
 	public void beforeWhenMockAuthorizationManagerThenCheck() throws Throwable {
 		MethodInvocation mockMethodInvocation = mock(MethodInvocation.class);
 		AuthorizationManager<MethodInvocation> mockAuthorizationManager = mock(AuthorizationManager.class);
-		given(mockAuthorizationManager.authorize(any(), any())).willCallRealMethod();
 		AuthorizationManagerBeforeMethodInterceptor advice = new AuthorizationManagerBeforeMethodInterceptor(
 				Pointcut.TRUE, mockAuthorizationManager);
 		advice.invoke(mockMethodInvocation);
-		verify(mockAuthorizationManager).check(any(Supplier.class), eq(mockMethodInvocation));
+		verify(mockAuthorizationManager).authorize(any(Supplier.class), eq(mockMethodInvocation));
 	}
 
 	@Test
@@ -125,7 +123,6 @@ public class AuthorizationManagerBeforeMethodInterceptorTests {
 		AuthorizationManagerBeforeMethodInterceptor advice = new AuthorizationManagerBeforeMethodInterceptor(
 				Pointcut.TRUE, AuthenticatedAuthorizationManager.authenticated());
 		AuthorizationEventPublisher eventPublisher = mock(AuthorizationEventPublisher.class);
-		doCallRealMethod().when(eventPublisher).publishAuthorizationEvent(any(), any(), any(AuthorizationResult.class));
 		advice.setAuthorizationEventPublisher(eventPublisher);
 
 		SecurityContext securityContext = new SecurityContextImpl();
@@ -144,9 +141,8 @@ public class AuthorizationManagerBeforeMethodInterceptorTests {
 	@Test
 	public void invokeWhenCustomAuthorizationDeniedExceptionThenThrows() {
 		AuthorizationManager<MethodInvocation> manager = mock(AuthorizationManager.class);
-		given(manager.check(any(), any()))
+		given(manager.authorize(any(), any()))
 			.willThrow(new MyAuthzDeniedException("denied", new AuthorizationDecision(false)));
-		given(manager.authorize(any(), any())).willCallRealMethod();
 		AuthorizationManagerBeforeMethodInterceptor advice = new AuthorizationManagerBeforeMethodInterceptor(
 				Pointcut.TRUE, manager);
 		assertThatExceptionOfType(MyAuthzDeniedException.class).isThrownBy(() -> advice.invoke(null));

core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeReactiveMethodInterceptorTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -70,16 +70,15 @@ public class AuthorizationManagerBeforeReactiveMethodInterceptorTests {
 		given(mockMethodInvocation.proceed()).willReturn(Mono.just("john"));
 		ReactiveAuthorizationManager<MethodInvocation> mockReactiveAuthorizationManager = mock(
 				ReactiveAuthorizationManager.class);
-		given(mockReactiveAuthorizationManager.check(any(), eq(mockMethodInvocation)))
+		given(mockReactiveAuthorizationManager.authorize(any(), eq(mockMethodInvocation)))
 			.willReturn(Mono.just(new AuthorizationDecision(true)));
-		given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod();
 		AuthorizationManagerBeforeReactiveMethodInterceptor interceptor = new AuthorizationManagerBeforeReactiveMethodInterceptor(
 				Pointcut.TRUE, mockReactiveAuthorizationManager);
 		Object result = interceptor.invoke(mockMethodInvocation);
 		assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class))
 			.extracting(Mono::block)
 			.isEqualTo("john");
-		verify(mockReactiveAuthorizationManager).check(any(), eq(mockMethodInvocation));
+		verify(mockReactiveAuthorizationManager).authorize(any(), eq(mockMethodInvocation));
 	}
 
 	@Test
@@ -89,9 +88,8 @@ public class AuthorizationManagerBeforeReactiveMethodInterceptorTests {
 		given(mockMethodInvocation.proceed()).willReturn(Flux.just("john", "bob"));
 		ReactiveAuthorizationManager<MethodInvocation> mockReactiveAuthorizationManager = mock(
 				ReactiveAuthorizationManager.class);
-		given(mockReactiveAuthorizationManager.check(any(), eq(mockMethodInvocation)))
+		given(mockReactiveAuthorizationManager.authorize(any(), eq(mockMethodInvocation)))
 			.willReturn(Mono.just(new AuthorizationDecision((true))));
-		given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod();
 		AuthorizationManagerBeforeReactiveMethodInterceptor interceptor = new AuthorizationManagerBeforeReactiveMethodInterceptor(
 				Pointcut.TRUE, mockReactiveAuthorizationManager);
 		Object result = interceptor.invoke(mockMethodInvocation);
@@ -99,7 +97,7 @@ public class AuthorizationManagerBeforeReactiveMethodInterceptorTests {
 			.extracting(Flux::collectList)
 			.extracting(Mono::block, InstanceOfAssertFactories.list(String.class))
 			.containsExactly("john", "bob");
-		verify(mockReactiveAuthorizationManager).check(any(), eq(mockMethodInvocation));
+		verify(mockReactiveAuthorizationManager).authorize(any(), eq(mockMethodInvocation));
 	}
 
 	@Test
@@ -109,9 +107,8 @@ public class AuthorizationManagerBeforeReactiveMethodInterceptorTests {
 		given(mockMethodInvocation.proceed()).willReturn(Mono.just("john"));
 		ReactiveAuthorizationManager<MethodInvocation> mockReactiveAuthorizationManager = mock(
 				ReactiveAuthorizationManager.class);
-		given(mockReactiveAuthorizationManager.check(any(), eq(mockMethodInvocation)))
+		given(mockReactiveAuthorizationManager.authorize(any(), eq(mockMethodInvocation)))
 			.willReturn(Mono.just(new AuthorizationDecision(false)));
-		given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod();
 		AuthorizationManagerBeforeReactiveMethodInterceptor interceptor = new AuthorizationManagerBeforeReactiveMethodInterceptor(
 				Pointcut.TRUE, mockReactiveAuthorizationManager);
 		Object result = interceptor.invoke(mockMethodInvocation);
@@ -119,7 +116,7 @@ public class AuthorizationManagerBeforeReactiveMethodInterceptorTests {
 			.isThrownBy(() -> assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class))
 				.extracting(Mono::block))
 			.withMessage("Access Denied");
-		verify(mockReactiveAuthorizationManager).check(any(), eq(mockMethodInvocation));
+		verify(mockReactiveAuthorizationManager).authorize(any(), eq(mockMethodInvocation));
 	}
 
 	@Test
@@ -129,8 +126,7 @@ public class AuthorizationManagerBeforeReactiveMethodInterceptorTests {
 		given(mockMethodInvocation.proceed()).willReturn(Mono.just("john"));
 		HandlingReactiveAuthorizationManager mockReactiveAuthorizationManager = mock(
 				HandlingReactiveAuthorizationManager.class);
-		given(mockReactiveAuthorizationManager.check(any(), eq(mockMethodInvocation))).willReturn(Mono.empty());
-		given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(mockReactiveAuthorizationManager.authorize(any(), eq(mockMethodInvocation))).willReturn(Mono.empty());
 		given(mockReactiveAuthorizationManager.handleDeniedInvocation(any(), any(AuthorizationResult.class)))
 			.willReturn("***");
 		AuthorizationManagerBeforeReactiveMethodInterceptor interceptor = new AuthorizationManagerBeforeReactiveMethodInterceptor(
@@ -139,7 +135,7 @@ public class AuthorizationManagerBeforeReactiveMethodInterceptorTests {
 		assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class))
 			.extracting(Mono::block)
 			.isEqualTo("***");
-		verify(mockReactiveAuthorizationManager).check(any(), eq(mockMethodInvocation));
+		verify(mockReactiveAuthorizationManager).authorize(any(), eq(mockMethodInvocation));
 	}
 
 	@Test
@@ -149,8 +145,7 @@ public class AuthorizationManagerBeforeReactiveMethodInterceptorTests {
 		given(mockMethodInvocation.proceed()).willReturn(Mono.just("john"));
 		HandlingReactiveAuthorizationManager mockReactiveAuthorizationManager = mock(
 				HandlingReactiveAuthorizationManager.class);
-		given(mockReactiveAuthorizationManager.check(any(), eq(mockMethodInvocation))).willReturn(Mono.empty());
-		given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(mockReactiveAuthorizationManager.authorize(any(), eq(mockMethodInvocation))).willReturn(Mono.empty());
 		given(mockReactiveAuthorizationManager.handleDeniedInvocation(any(), any(AuthorizationResult.class)))
 			.willReturn(Mono.just("***"));
 		AuthorizationManagerBeforeReactiveMethodInterceptor interceptor = new AuthorizationManagerBeforeReactiveMethodInterceptor(
@@ -159,7 +154,7 @@ public class AuthorizationManagerBeforeReactiveMethodInterceptorTests {
 		assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class))
 			.extracting(Mono::block)
 			.isEqualTo("***");
-		verify(mockReactiveAuthorizationManager).check(any(), eq(mockMethodInvocation));
+		verify(mockReactiveAuthorizationManager).authorize(any(), eq(mockMethodInvocation));
 	}
 
 	@Test
@@ -169,8 +164,7 @@ public class AuthorizationManagerBeforeReactiveMethodInterceptorTests {
 		given(mockMethodInvocation.proceed()).willReturn(Flux.just("john", "bob"));
 		HandlingReactiveAuthorizationManager mockReactiveAuthorizationManager = mock(
 				HandlingReactiveAuthorizationManager.class);
-		given(mockReactiveAuthorizationManager.check(any(), eq(mockMethodInvocation))).willReturn(Mono.empty());
-		given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(mockReactiveAuthorizationManager.authorize(any(), eq(mockMethodInvocation))).willReturn(Mono.empty());
 		given(mockReactiveAuthorizationManager.handleDeniedInvocation(any(), any(AuthorizationResult.class)))
 			.willReturn(Mono.just("***"));
 		AuthorizationManagerBeforeReactiveMethodInterceptor interceptor = new AuthorizationManagerBeforeReactiveMethodInterceptor(
@@ -180,7 +174,7 @@ public class AuthorizationManagerBeforeReactiveMethodInterceptorTests {
 			.extracting(Flux::collectList)
 			.extracting(Mono::block, InstanceOfAssertFactories.list(String.class))
 			.containsExactly("***");
-		verify(mockReactiveAuthorizationManager).check(any(), eq(mockMethodInvocation));
+		verify(mockReactiveAuthorizationManager).authorize(any(), eq(mockMethodInvocation));
 	}
 
 	@Test
@@ -190,8 +184,7 @@ public class AuthorizationManagerBeforeReactiveMethodInterceptorTests {
 		given(mockMethodInvocation.proceed()).willReturn(Mono.just("john"));
 		ReactiveAuthorizationManager<MethodInvocation> mockReactiveAuthorizationManager = mock(
 				ReactiveAuthorizationManager.class);
-		given(mockReactiveAuthorizationManager.check(any(), eq(mockMethodInvocation))).willReturn(Mono.empty());
-		given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(mockReactiveAuthorizationManager.authorize(any(), eq(mockMethodInvocation))).willReturn(Mono.empty());
 		AuthorizationManagerBeforeReactiveMethodInterceptor interceptor = new AuthorizationManagerBeforeReactiveMethodInterceptor(
 				Pointcut.TRUE, mockReactiveAuthorizationManager);
 		Object result = interceptor.invoke(mockMethodInvocation);
@@ -199,7 +192,7 @@ public class AuthorizationManagerBeforeReactiveMethodInterceptorTests {
 			.isThrownBy(() -> assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class))
 				.extracting(Mono::block))
 			.withMessage("Access Denied");
-		verify(mockReactiveAuthorizationManager).check(any(), eq(mockMethodInvocation));
+		verify(mockReactiveAuthorizationManager).authorize(any(), eq(mockMethodInvocation));
 	}
 
 	@Test
@@ -209,8 +202,7 @@ public class AuthorizationManagerBeforeReactiveMethodInterceptorTests {
 		given(mockMethodInvocation.proceed()).willReturn(Flux.just("john", "bob"));
 		ReactiveAuthorizationManager<MethodInvocation> mockReactiveAuthorizationManager = mock(
 				ReactiveAuthorizationManager.class);
-		given(mockReactiveAuthorizationManager.check(any(), eq(mockMethodInvocation))).willReturn(Mono.empty());
-		given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(mockReactiveAuthorizationManager.authorize(any(), eq(mockMethodInvocation))).willReturn(Mono.empty());
 		AuthorizationManagerBeforeReactiveMethodInterceptor interceptor = new AuthorizationManagerBeforeReactiveMethodInterceptor(
 				Pointcut.TRUE, mockReactiveAuthorizationManager);
 		Object result = interceptor.invoke(mockMethodInvocation);
@@ -218,7 +210,7 @@ public class AuthorizationManagerBeforeReactiveMethodInterceptorTests {
 			.isThrownBy(() -> assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Flux.class))
 				.extracting(Flux::blockFirst))
 			.withMessage("Access Denied");
-		verify(mockReactiveAuthorizationManager).check(any(), eq(mockMethodInvocation));
+		verify(mockReactiveAuthorizationManager).authorize(any(), eq(mockMethodInvocation));
 	}
 
 	@Test
@@ -226,9 +218,8 @@ public class AuthorizationManagerBeforeReactiveMethodInterceptorTests {
 		MethodInvocation mockMethodInvocation = spy(
 				new MockMethodInvocation(new Sample(), Sample.class.getDeclaredMethod("flux")));
 		ReactiveAuthorizationManager<MethodInvocation> manager = mock(ReactiveAuthorizationManager.class);
-		given(manager.check(any(), any()))
+		given(manager.authorize(any(), any()))
 			.willThrow(new MyAuthzDeniedException("denied", new AuthorizationDecision(false)));
-		given(manager.authorize(any(), any())).willCallRealMethod();
 		AuthorizationManagerBeforeReactiveMethodInterceptor advice = new AuthorizationManagerBeforeReactiveMethodInterceptor(
 				Pointcut.TRUE, manager);
 		assertThatExceptionOfType(MyAuthzDeniedException.class)

core/src/test/java/org/springframework/security/authorization/method/Jsr250AuthorizationManagerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,15 +31,13 @@ import org.springframework.core.annotation.AnnotationConfigurationException;
 import org.springframework.security.access.intercept.method.MockMethodInvocation;
 import org.springframework.security.authentication.TestAuthentication;
 import org.springframework.security.authentication.TestingAuthenticationToken;
-import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationManager;
+import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 
@@ -80,16 +78,15 @@ public class Jsr250AuthorizationManagerTests {
 	@Test
 	public void setAuthoritiesAuthorizationManagerWhenNotNullThenVerifyUsage() throws Exception {
 		AuthorizationManager<Collection<String>> authoritiesAuthorizationManager = mock(AuthorizationManager.class);
-		given(authoritiesAuthorizationManager.authorize(any(), any())).willCallRealMethod();
 		Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager();
 		manager.setAuthoritiesAuthorizationManager(authoritiesAuthorizationManager);
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(),
 				ClassLevelAnnotations.class, "rolesAllowedAdmin");
 		Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password",
 				"ROLE_ADMIN");
-		AuthorizationDecision decision = manager.check(authentication, methodInvocation);
+		AuthorizationResult decision = manager.authorize(authentication, methodInvocation);
 		assertThat(decision).isNull();
-		verify(authoritiesAuthorizationManager).check(authentication, Set.of("ROLE_ADMIN"));
+		verify(authoritiesAuthorizationManager).authorize(authentication, Set.of("ROLE_ADMIN"));
 	}
 
 	@Test
@@ -97,7 +94,7 @@ public class Jsr250AuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomething");
 		Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, methodInvocation);
 		assertThat(decision).isNull();
 	}
 
@@ -105,7 +102,7 @@ public class Jsr250AuthorizationManagerTests {
 	public void checkPermitAllWhenRoleUserThenGrantedDecision() throws Exception {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "permitAll");
 		Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, methodInvocation);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -114,7 +111,7 @@ public class Jsr250AuthorizationManagerTests {
 	public void checkDenyAllWhenRoleAdminThenDeniedDecision() throws Exception {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "denyAll");
 		Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, methodInvocation);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedAdmin, methodInvocation);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -124,7 +121,7 @@ public class Jsr250AuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"rolesAllowedUserOrAdmin");
 		Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, methodInvocation);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -134,7 +131,7 @@ public class Jsr250AuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"rolesAllowedUserOrAdmin");
 		Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, methodInvocation);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedAdmin, methodInvocation);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -146,7 +143,7 @@ public class Jsr250AuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"rolesAllowedUserOrAdmin");
 		Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager();
-		AuthorizationDecision decision = manager.check(authentication, methodInvocation);
+		AuthorizationResult decision = manager.authorize(authentication, methodInvocation);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -159,7 +156,7 @@ public class Jsr250AuthorizationManagerTests {
 				"multipleAnnotations");
 		Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager();
 		assertThatExceptionOfType(AnnotationConfigurationException.class)
-			.isThrownBy(() -> manager.check(authentication, methodInvocation));
+			.isThrownBy(() -> manager.authorize(authentication, methodInvocation));
 	}
 
 	@Test
@@ -169,7 +166,7 @@ public class Jsr250AuthorizationManagerTests {
 				ClassLevelIllegalAnnotations.class, "inheritedAnnotations");
 		Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager();
 		assertThatExceptionOfType(AnnotationConfigurationException.class)
-			.isThrownBy(() -> manager.check(authentication, methodInvocation));
+			.isThrownBy(() -> manager.authorize(authentication, methodInvocation));
 	}
 
 	@Test
@@ -178,10 +175,10 @@ public class Jsr250AuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(),
 				ClassLevelAnnotations.class, "rolesAllowedAdmin");
 		Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager();
-		AuthorizationDecision decision = manager.check(authentication, methodInvocation);
+		AuthorizationResult decision = manager.authorize(authentication, methodInvocation);
 		assertThat(decision.isGranted()).isFalse();
 		authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN");
-		decision = manager.check(authentication, methodInvocation);
+		decision = manager.authorize(authentication, methodInvocation);
 		assertThat(decision.isGranted()).isTrue();
 	}
 
@@ -191,7 +188,7 @@ public class Jsr250AuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(),
 				ClassLevelAnnotations.class, "denyAll");
 		Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager();
-		AuthorizationDecision decision = manager.check(authentication, methodInvocation);
+		AuthorizationResult decision = manager.authorize(authentication, methodInvocation);
 		assertThat(decision.isGranted()).isFalse();
 	}
 
@@ -201,10 +198,10 @@ public class Jsr250AuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(),
 				ClassLevelAnnotations.class, "rolesAllowedUser");
 		Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager();
-		AuthorizationDecision decision = manager.check(authentication, methodInvocation);
+		AuthorizationResult decision = manager.authorize(authentication, methodInvocation);
 		assertThat(decision.isGranted()).isTrue();
 		authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN");
-		decision = manager.check(authentication, methodInvocation);
+		decision = manager.authorize(authentication, methodInvocation);
 		assertThat(decision.isGranted()).isFalse();
 	}
 
@@ -215,7 +212,7 @@ public class Jsr250AuthorizationManagerTests {
 				"inheritedAnnotations");
 		Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager();
 		assertThatExceptionOfType(AnnotationConfigurationException.class)
-			.isThrownBy(() -> manager.check(authentication, methodInvocation));
+			.isThrownBy(() -> manager.authorize(authentication, methodInvocation));
 	}
 
 	public static class TestClass implements InterfaceAnnotationsOne, InterfaceAnnotationsTwo {

core/src/test/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManagerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,7 +24,7 @@ import org.springframework.expression.ExpressionParser;
 import org.springframework.security.access.annotation.BusinessService;
 import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
 import org.springframework.security.authentication.TestAuthentication;
-import org.springframework.security.authorization.AuthorizationDecision;
+import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.util.SimpleMethodInvocation;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -84,7 +84,7 @@ class MethodExpressionAuthorizationManagerTests {
 	@Test
 	void checkWhenExpressionHasRoleAdminConfiguredAndRoleAdminThenGrantedDecision() {
 		MethodExpressionAuthorizationManager manager = new MethodExpressionAuthorizationManager("hasRole('ADMIN')");
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin,
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedAdmin,
 				new SimpleMethodInvocation(new Object(),
 						ReflectionUtils.getRequiredMethod(BusinessService.class, "someAdminMethod")));
 		assertThat(decision).isNotNull();
@@ -94,7 +94,7 @@ class MethodExpressionAuthorizationManagerTests {
 	@Test
 	void checkWhenExpressionHasRoleAdminConfiguredAndRoleUserThenDeniedDecision() {
 		MethodExpressionAuthorizationManager manager = new MethodExpressionAuthorizationManager("hasRole('ADMIN')");
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser,
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser,
 				new SimpleMethodInvocation(new Object(),
 						ReflectionUtils.getRequiredMethod(BusinessService.class, "someAdminMethod")));
 		assertThat(decision).isNotNull();

core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManagerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,7 +34,6 @@ import org.springframework.security.access.intercept.method.MockMethodInvocation
 import org.springframework.security.access.prepost.PostAuthorize;
 import org.springframework.security.authentication.TestAuthentication;
 import org.springframework.security.authentication.TestingAuthenticationToken;
-import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.core.Authentication;
 
@@ -70,7 +69,7 @@ public class PostAuthorizeAuthorizationManagerTests {
 				"doSomething", new Class[] {}, new Object[] {});
 		PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager();
 		MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null);
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, result);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, result);
 		assertThat(decision).isNull();
 	}
 
@@ -80,7 +79,7 @@ public class PostAuthorizeAuthorizationManagerTests {
 				"doSomethingString", new Class[] { String.class }, new Object[] { "grant" });
 		PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager();
 		MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null);
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, result);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, result);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -91,7 +90,7 @@ public class PostAuthorizeAuthorizationManagerTests {
 				"doSomethingString", new Class[] { String.class }, new Object[] { "deny" });
 		MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null);
 		PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, result);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, result);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -103,7 +102,7 @@ public class PostAuthorizeAuthorizationManagerTests {
 				"doSomethingList", new Class[] { List.class }, new Object[] { list });
 		MethodInvocationResult result = new MethodInvocationResult(methodInvocation, list);
 		PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, result);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, result);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -115,7 +114,7 @@ public class PostAuthorizeAuthorizationManagerTests {
 				"doSomethingList", new Class[] { List.class }, new Object[] { list });
 		MethodInvocationResult result = new MethodInvocationResult(methodInvocation, list);
 		PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, result);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, result);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -127,10 +126,10 @@ public class PostAuthorizeAuthorizationManagerTests {
 				ClassLevelAnnotations.class, "securedAdmin");
 		MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null);
 		PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager();
-		AuthorizationDecision decision = manager.check(authentication, result);
+		AuthorizationResult decision = manager.authorize(authentication, result);
 		assertThat(decision.isGranted()).isFalse();
 		authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN");
-		decision = manager.check(authentication, result);
+		decision = manager.authorize(authentication, result);
 		assertThat(decision.isGranted()).isTrue();
 	}
 
@@ -141,10 +140,10 @@ public class PostAuthorizeAuthorizationManagerTests {
 				ClassLevelAnnotations.class, "securedUser");
 		MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null);
 		PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager();
-		AuthorizationDecision decision = manager.check(authentication, result);
+		AuthorizationResult decision = manager.authorize(authentication, result);
 		assertThat(decision.isGranted()).isTrue();
 		authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN");
-		decision = manager.check(authentication, result);
+		decision = manager.authorize(authentication, result);
 		assertThat(decision.isGranted()).isFalse();
 	}
 
@@ -156,7 +155,7 @@ public class PostAuthorizeAuthorizationManagerTests {
 		MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null);
 		PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager();
 		assertThatExceptionOfType(AnnotationConfigurationException.class)
-			.isThrownBy(() -> manager.check(authentication, result));
+			.isThrownBy(() -> manager.authorize(authentication, result));
 	}
 
 	@Test

core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManagerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,7 +31,7 @@ import org.springframework.security.access.expression.method.MethodSecurityExpre
 import org.springframework.security.access.intercept.method.MockMethodInvocation;
 import org.springframework.security.access.prepost.PostAuthorize;
 import org.springframework.security.authentication.TestingAuthenticationToken;
-import org.springframework.security.authorization.AuthorizationDecision;
+import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -65,7 +65,8 @@ public class PostAuthorizeReactiveAuthorizationManagerTests {
 				"doSomething", new Class[] {}, new Object[] {});
 		PostAuthorizeReactiveAuthorizationManager manager = new PostAuthorizeReactiveAuthorizationManager();
 		MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null);
-		AuthorizationDecision decision = manager.check(ReactiveAuthenticationUtils.getAuthentication(), result).block();
+		AuthorizationResult decision = manager.authorize(ReactiveAuthenticationUtils.getAuthentication(), result)
+			.block();
 		assertThat(decision).isNull();
 	}
 
@@ -75,7 +76,8 @@ public class PostAuthorizeReactiveAuthorizationManagerTests {
 				"doSomethingString", new Class[] { String.class }, new Object[] { "grant" });
 		PostAuthorizeReactiveAuthorizationManager manager = new PostAuthorizeReactiveAuthorizationManager();
 		MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null);
-		AuthorizationDecision decision = manager.check(ReactiveAuthenticationUtils.getAuthentication(), result).block();
+		AuthorizationResult decision = manager.authorize(ReactiveAuthenticationUtils.getAuthentication(), result)
+			.block();
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -86,7 +88,8 @@ public class PostAuthorizeReactiveAuthorizationManagerTests {
 				"doSomethingString", new Class[] { String.class }, new Object[] { "deny" });
 		MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null);
 		PostAuthorizeReactiveAuthorizationManager manager = new PostAuthorizeReactiveAuthorizationManager();
-		AuthorizationDecision decision = manager.check(ReactiveAuthenticationUtils.getAuthentication(), result).block();
+		AuthorizationResult decision = manager.authorize(ReactiveAuthenticationUtils.getAuthentication(), result)
+			.block();
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -98,7 +101,8 @@ public class PostAuthorizeReactiveAuthorizationManagerTests {
 				"doSomethingList", new Class[] { List.class }, new Object[] { list });
 		MethodInvocationResult result = new MethodInvocationResult(methodInvocation, list);
 		PostAuthorizeReactiveAuthorizationManager manager = new PostAuthorizeReactiveAuthorizationManager();
-		AuthorizationDecision decision = manager.check(ReactiveAuthenticationUtils.getAuthentication(), result).block();
+		AuthorizationResult decision = manager.authorize(ReactiveAuthenticationUtils.getAuthentication(), result)
+			.block();
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -110,7 +114,8 @@ public class PostAuthorizeReactiveAuthorizationManagerTests {
 				"doSomethingList", new Class[] { List.class }, new Object[] { list });
 		MethodInvocationResult result = new MethodInvocationResult(methodInvocation, list);
 		PostAuthorizeReactiveAuthorizationManager manager = new PostAuthorizeReactiveAuthorizationManager();
-		AuthorizationDecision decision = manager.check(ReactiveAuthenticationUtils.getAuthentication(), result).block();
+		AuthorizationResult decision = manager.authorize(ReactiveAuthenticationUtils.getAuthentication(), result)
+			.block();
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -123,11 +128,11 @@ public class PostAuthorizeReactiveAuthorizationManagerTests {
 				ClassLevelAnnotations.class, "securedAdmin");
 		MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null);
 		PostAuthorizeReactiveAuthorizationManager manager = new PostAuthorizeReactiveAuthorizationManager();
-		AuthorizationDecision decision = manager.check(authentication, result).block();
+		AuthorizationResult decision = manager.authorize(authentication, result).block();
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 		authentication = Mono.just(new TestingAuthenticationToken("user", "password", "ROLE_ADMIN"));
-		decision = manager.check(authentication, result).block();
+		decision = manager.authorize(authentication, result).block();
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -140,11 +145,11 @@ public class PostAuthorizeReactiveAuthorizationManagerTests {
 				ClassLevelAnnotations.class, "securedUser");
 		MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null);
 		PostAuthorizeReactiveAuthorizationManager manager = new PostAuthorizeReactiveAuthorizationManager();
-		AuthorizationDecision decision = manager.check(authentication, result).block();
+		AuthorizationResult decision = manager.authorize(authentication, result).block();
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 		authentication = Mono.just(new TestingAuthenticationToken("user", "password", "ROLE_ADMIN"));
-		decision = manager.check(authentication, result).block();
+		decision = manager.authorize(authentication, result).block();
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -158,7 +163,7 @@ public class PostAuthorizeReactiveAuthorizationManagerTests {
 		MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null);
 		PostAuthorizeReactiveAuthorizationManager manager = new PostAuthorizeReactiveAuthorizationManager();
 		assertThatExceptionOfType(AnnotationConfigurationException.class)
-			.isThrownBy(() -> manager.check(authentication, result));
+			.isThrownBy(() -> manager.authorize(authentication, result));
 	}
 
 	public static class TestClass implements InterfaceAnnotationsOne, InterfaceAnnotationsTwo {

core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManagerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -32,7 +32,6 @@ import org.springframework.security.access.intercept.method.MockMethodInvocation
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.authentication.TestAuthentication;
 import org.springframework.security.authentication.TestingAuthenticationToken;
-import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.core.Authentication;
 
@@ -67,7 +66,7 @@ public class PreAuthorizeAuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomething", new Class[] {}, new Object[] {});
 		PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, methodInvocation);
 		assertThat(decision).isNull();
 	}
 
@@ -76,7 +75,7 @@ public class PreAuthorizeAuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingString", new Class[] { String.class }, new Object[] { "grant" });
 		PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, methodInvocation);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -86,7 +85,7 @@ public class PreAuthorizeAuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingString", new Class[] { String.class }, new Object[] { "deny" });
 		PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, methodInvocation);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -97,10 +96,10 @@ public class PreAuthorizeAuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(),
 				ClassLevelAnnotations.class, "securedAdmin");
 		PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager();
-		AuthorizationDecision decision = manager.check(authentication, methodInvocation);
+		AuthorizationResult decision = manager.authorize(authentication, methodInvocation);
 		assertThat(decision.isGranted()).isFalse();
 		authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN");
-		decision = manager.check(authentication, methodInvocation);
+		decision = manager.authorize(authentication, methodInvocation);
 		assertThat(decision.isGranted()).isTrue();
 	}
 
@@ -110,10 +109,10 @@ public class PreAuthorizeAuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(),
 				ClassLevelAnnotations.class, "securedUser");
 		PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager();
-		AuthorizationDecision decision = manager.check(authentication, methodInvocation);
+		AuthorizationResult decision = manager.authorize(authentication, methodInvocation);
 		assertThat(decision.isGranted()).isTrue();
 		authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN");
-		decision = manager.check(authentication, methodInvocation);
+		decision = manager.authorize(authentication, methodInvocation);
 		assertThat(decision.isGranted()).isFalse();
 	}
 
@@ -124,7 +123,7 @@ public class PreAuthorizeAuthorizationManagerTests {
 				ConflictingAnnotations.class, "inheritedAnnotations");
 		PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager();
 		assertThatExceptionOfType(AnnotationConfigurationException.class)
-			.isThrownBy(() -> manager.check(authentication, methodInvocation));
+			.isThrownBy(() -> manager.authorize(authentication, methodInvocation));
 	}
 
 	@Test
@@ -132,10 +131,10 @@ public class PreAuthorizeAuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestTargetClassAware(),
 				TestTargetClassAware.class, "doSomething");
 		PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, methodInvocation);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
-		decision = manager.check(TestAuthentication::authenticatedAdmin, methodInvocation);
+		decision = manager.authorize(TestAuthentication::authenticatedAdmin, methodInvocation);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}

core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManagerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -28,7 +28,7 @@ import org.springframework.security.access.expression.method.MethodSecurityExpre
 import org.springframework.security.access.intercept.method.MockMethodInvocation;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.authentication.TestingAuthenticationToken;
-import org.springframework.security.authorization.AuthorizationDecision;
+import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -61,8 +61,8 @@ public class PreAuthorizeReactiveAuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomething", new Class[] {}, new Object[] {});
 		PreAuthorizeReactiveAuthorizationManager manager = new PreAuthorizeReactiveAuthorizationManager();
-		AuthorizationDecision decision = manager
-			.check(ReactiveAuthenticationUtils.getAuthentication(), methodInvocation)
+		AuthorizationResult decision = manager
+			.authorize(ReactiveAuthenticationUtils.getAuthentication(), methodInvocation)
 			.block();
 		assertThat(decision).isNull();
 	}
@@ -72,8 +72,8 @@ public class PreAuthorizeReactiveAuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingString", new Class[] { String.class }, new Object[] { "grant" });
 		PreAuthorizeReactiveAuthorizationManager manager = new PreAuthorizeReactiveAuthorizationManager();
-		AuthorizationDecision decision = manager
-			.check(ReactiveAuthenticationUtils.getAuthentication(), methodInvocation)
+		AuthorizationResult decision = manager
+			.authorize(ReactiveAuthenticationUtils.getAuthentication(), methodInvocation)
 			.block();
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
@@ -84,8 +84,8 @@ public class PreAuthorizeReactiveAuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomethingString", new Class[] { String.class }, new Object[] { "deny" });
 		PreAuthorizeReactiveAuthorizationManager manager = new PreAuthorizeReactiveAuthorizationManager();
-		AuthorizationDecision decision = manager
-			.check(ReactiveAuthenticationUtils.getAuthentication(), methodInvocation)
+		AuthorizationResult decision = manager
+			.authorize(ReactiveAuthenticationUtils.getAuthentication(), methodInvocation)
 			.block();
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
@@ -98,11 +98,11 @@ public class PreAuthorizeReactiveAuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(),
 				ClassLevelAnnotations.class, "securedAdmin");
 		PreAuthorizeReactiveAuthorizationManager manager = new PreAuthorizeReactiveAuthorizationManager();
-		AuthorizationDecision decision = manager.check(authentication, methodInvocation).block();
+		AuthorizationResult decision = manager.authorize(authentication, methodInvocation).block();
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 		authentication = Mono.just(new TestingAuthenticationToken("user", "password", "ROLE_ADMIN"));
-		decision = manager.check(authentication, methodInvocation).block();
+		decision = manager.authorize(authentication, methodInvocation).block();
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -114,11 +114,11 @@ public class PreAuthorizeReactiveAuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(),
 				ClassLevelAnnotations.class, "securedUser");
 		PreAuthorizeReactiveAuthorizationManager manager = new PreAuthorizeReactiveAuthorizationManager();
-		AuthorizationDecision decision = manager.check(authentication, methodInvocation).block();
+		AuthorizationResult decision = manager.authorize(authentication, methodInvocation).block();
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 		authentication = Mono.just(new TestingAuthenticationToken("user", "password", "ROLE_ADMIN"));
-		decision = manager.check(authentication, methodInvocation).block();
+		decision = manager.authorize(authentication, methodInvocation).block();
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -131,7 +131,7 @@ public class PreAuthorizeReactiveAuthorizationManagerTests {
 				ConflictingAnnotations.class, "inheritedAnnotations");
 		PreAuthorizeReactiveAuthorizationManager manager = new PreAuthorizeReactiveAuthorizationManager();
 		assertThatExceptionOfType(AnnotationConfigurationException.class)
-			.isThrownBy(() -> manager.check(authentication, methodInvocation));
+			.isThrownBy(() -> manager.authorize(authentication, methodInvocation));
 	}
 
 	public static class TestClass implements InterfaceAnnotationsOne, InterfaceAnnotationsTwo {

core/src/test/java/org/springframework/security/authorization/method/SecuredAuthorizationManagerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -30,8 +30,8 @@ import org.springframework.security.access.annotation.Secured;
 import org.springframework.security.access.intercept.method.MockMethodInvocation;
 import org.springframework.security.authentication.TestAuthentication;
 import org.springframework.security.authentication.TestingAuthenticationToken;
-import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationManager;
+import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.core.Authentication;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -62,9 +62,9 @@ public class SecuredAuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"securedUserOrAdmin");
 		Supplier<Authentication> authentication = TestAuthentication::authenticatedUser;
-		AuthorizationDecision decision = manager.check(authentication, methodInvocation);
+		AuthorizationResult decision = manager.authorize(authentication, methodInvocation);
 		assertThat(decision).isNull();
-		verify(authoritiesAuthorizationManager).check(authentication, Set.of("ROLE_USER", "ROLE_ADMIN"));
+		verify(authoritiesAuthorizationManager).authorize(authentication, Set.of("ROLE_USER", "ROLE_ADMIN"));
 	}
 
 	@Test
@@ -72,7 +72,7 @@ public class SecuredAuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"doSomething");
 		SecuredAuthorizationManager manager = new SecuredAuthorizationManager();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, methodInvocation);
 		assertThat(decision).isNull();
 	}
 
@@ -81,7 +81,7 @@ public class SecuredAuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"securedUserOrAdmin");
 		SecuredAuthorizationManager manager = new SecuredAuthorizationManager();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, methodInvocation);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -91,7 +91,7 @@ public class SecuredAuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"securedUserOrAdmin");
 		SecuredAuthorizationManager manager = new SecuredAuthorizationManager();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, methodInvocation);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedAdmin, methodInvocation);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -103,7 +103,7 @@ public class SecuredAuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
 				"securedUserOrAdmin");
 		SecuredAuthorizationManager manager = new SecuredAuthorizationManager();
-		AuthorizationDecision decision = manager.check(authentication, methodInvocation);
+		AuthorizationResult decision = manager.authorize(authentication, methodInvocation);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -114,10 +114,10 @@ public class SecuredAuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(),
 				ClassLevelAnnotations.class, "securedAdmin");
 		SecuredAuthorizationManager manager = new SecuredAuthorizationManager();
-		AuthorizationDecision decision = manager.check(authentication, methodInvocation);
+		AuthorizationResult decision = manager.authorize(authentication, methodInvocation);
 		assertThat(decision.isGranted()).isFalse();
 		authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN");
-		decision = manager.check(authentication, methodInvocation);
+		decision = manager.authorize(authentication, methodInvocation);
 		assertThat(decision.isGranted()).isTrue();
 	}
 
@@ -127,10 +127,10 @@ public class SecuredAuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(),
 				ClassLevelAnnotations.class, "securedUser");
 		SecuredAuthorizationManager manager = new SecuredAuthorizationManager();
-		AuthorizationDecision decision = manager.check(authentication, methodInvocation);
+		AuthorizationResult decision = manager.authorize(authentication, methodInvocation);
 		assertThat(decision.isGranted()).isTrue();
 		authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN");
-		decision = manager.check(authentication, methodInvocation);
+		decision = manager.authorize(authentication, methodInvocation);
 		assertThat(decision.isGranted()).isFalse();
 	}
 
@@ -141,7 +141,7 @@ public class SecuredAuthorizationManagerTests {
 				"inheritedAnnotations");
 		SecuredAuthorizationManager manager = new SecuredAuthorizationManager();
 		assertThatExceptionOfType(AnnotationConfigurationException.class)
-			.isThrownBy(() -> manager.check(authentication, methodInvocation));
+			.isThrownBy(() -> manager.authorize(authentication, methodInvocation));
 	}
 
 	@Test
@@ -151,7 +151,7 @@ public class SecuredAuthorizationManagerTests {
 				"inheritedAnnotations");
 		SecuredAuthorizationManager manager = new SecuredAuthorizationManager();
 		assertThatExceptionOfType(AnnotationConfigurationException.class)
-			.isThrownBy(() -> manager.check(authentication, methodInvocation));
+			.isThrownBy(() -> manager.authorize(authentication, methodInvocation));
 	}
 
 	@Test
@@ -159,10 +159,10 @@ public class SecuredAuthorizationManagerTests {
 		MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestTargetClassAware(),
 				TestTargetClassAware.class, "doSomething");
 		SecuredAuthorizationManager manager = new SecuredAuthorizationManager();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, methodInvocation);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
-		decision = manager.check(TestAuthentication::authenticatedAdmin, methodInvocation);
+		decision = manager.authorize(TestAuthentication::authenticatedAdmin, methodInvocation);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}

docs/modules/ROOT/pages/reactive/authorization/method.adoc

@@ -308,7 +308,7 @@ Java::
 @Component
 public class MyPreAuthorizeAuthorizationManager implements ReactiveAuthorizationManager<MethodInvocation> {
     @Override
-    public Mono<AuthorizationDecision> check(Supplier<Authentication> authentication, MethodInvocation invocation) {
+    public Mono<AuthorizationResult> authorize(Supplier<Authentication> authentication, MethodInvocation invocation) {
         // ... authorization logic
     }
 
@@ -321,7 +321,7 @@ Kotlin::
 ----
 @Component
 class MyPreAuthorizeAuthorizationManager : ReactiveAuthorizationManager<MethodInvocation> {
-    override fun check(authentication: Supplier<Authentication>, invocation: MethodInvocation): Mono<AuthorizationDecision> {
+    override fun authorize(authentication: Supplier<Authentication>, invocation: MethodInvocation): Mono<AuthorizationResult> {
         // ... authorization logic
     }
 

docs/modules/ROOT/pages/servlet/appendix/faq.adoc

@@ -544,7 +544,7 @@ public class DynamicAuthorizationManager implements AuthorizationManager<Request
 	// ...
 
     @Override
-    public AuthorizationDecision check(Supplier<Authentication> authentication, RequestAuthorizationContext context) {
+    public AuthorizationResult authorize(Supplier<Authentication> authentication, RequestAuthorizationContext context) {
 		// query the external service
     }
 }
@@ -565,7 +565,7 @@ class DynamicAuthorizationManager : AuthorizationManager<RequestAuthorizationCon
 
     // ...
 
-    override fun check(authentication: Supplier<Authentication?>?, context: RequestAuthorizationContext?): AuthorizationDecision {
+    override fun authorize(authentication: Supplier<Authentication?>?, context: RequestAuthorizationContext?): AuthorizationResult {
 		// look up rules from the database
     }
 }
@@ -595,7 +595,7 @@ public class DynamicAuthorizationManager implements AuthorizationManager<MethodI
 	// ...
 
     @Override
-    public AuthorizationDecision check(Supplier<Authentication> authentication, MethodInvocation invocation) {
+    public AuthorizationResult authorize(Supplier<Authentication> authentication, MethodInvocation invocation) {
 		// query the external service
     }
 }
@@ -617,7 +617,7 @@ class DynamicAuthorizationManager : AuthorizationManager<MethodInvocation?> {
     private val authz: MyExternalAuthorizationService? = null
 
      // ...
-    override fun check(authentication: Supplier<Authentication?>?, invocation: MethodInvocation?): AuthorizationDecision {
+    override fun authorize(authentication: Supplier<Authentication?>?, invocation: MethodInvocation?): AuthorizationResult {
 		// query the external service
     }
 }

docs/modules/ROOT/pages/servlet/authorization/architecture.adoc

@@ -99,7 +99,7 @@ The `AuthorizationManager` interface contains two methods:
 
 [source,java]
 ----
-AuthorizationDecision check(Supplier<Authentication> authentication, Object secureObject);
+AuthorizationResult authorize(Supplier<Authentication> authentication, Object secureObject);
 
 default void verify(Supplier<Authentication> authentication, Object secureObject)
         throws AccessDeniedException {
@@ -113,7 +113,7 @@ For example, let's assume the secure object was a `MethodInvocation`.
 It would be easy to query the `MethodInvocation` for any `Customer` argument, and then implement some sort of security logic in the `AuthorizationManager` to ensure the principal is permitted to operate on that customer.
 Implementations are expected to return a positive `AuthorizationDecision` if access is granted, negative `AuthorizationDecision` if access is denied, and a null `AuthorizationDecision` when abstaining from making a decision.
 
-`verify` calls `check` and subsequently throws an `AccessDeniedException` in the case of a negative `AuthorizationDecision`.
+`verify` calls `authorize` and subsequently throws an `AccessDeniedException` in the case of a negative `AuthorizationDecision`.
 
 [[authz-delegate-authorization-manager]]
 === Delegate-based AuthorizationManager Implementations
@@ -180,7 +180,7 @@ public class AccessDecisionManagerAuthorizationManagerAdapter implements Authori
     private final SecurityMetadataSource securityMetadataSource;
 
     @Override
-    public AuthorizationDecision check(Supplier<Authentication> authentication, Object object) {
+    public AuthorizationResult authorize(Supplier<Authentication> authentication, Object object) {
         try {
             Collection<ConfigAttribute> attributes = this.securityMetadataSource.getAttributes(object);
             this.accessDecisionManager.decide(authentication.get(), object, attributes);
@@ -216,7 +216,7 @@ public class AccessDecisionVoterAuthorizationManagerAdapter implements Authoriza
     private final SecurityMetadataSource securityMetadataSource;
 
     @Override
-    public AuthorizationDecision check(Supplier<Authentication> authentication, Object object) {
+    public AuthorizationResult authorize(Supplier<Authentication> authentication, Object object) {
         Collection<ConfigAttribute> attributes = this.securityMetadataSource.getAttributes(object);
         int decision = this.accessDecisionVoter.vote(authentication.get(), object, attributes);
         switch (decision) {

docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc

@@ -861,7 +861,7 @@ Java::
 @Component
 public final class OpenPolicyAgentAuthorizationManager implements AuthorizationManager<RequestAuthorizationContext> {
     @Override
-    public AuthorizationDecision check(Supplier<Authentication> authentication, RequestAuthorizationContext context) {
+    public AuthorizationResult authorize(Supplier<Authentication> authentication, RequestAuthorizationContext context) {
         // make request to Open Policy Agent
     }
 }

docs/modules/ROOT/pages/servlet/authorization/events.adoc

@@ -95,29 +95,28 @@ public class MyAuthorizationEventPublisher implements AuthorizationEventPublishe
 
     @Override
     public <T> void publishAuthorizationEvent(Supplier<Authentication> authentication,
-            T object, AuthorizationDecision decision) {
-        if (decision == null) {
+        T object, AuthorizationResult result) {
+        if (result == null) {
             return;
         }
-        if (!decision.isGranted()) {
-            this.delegate.publishAuthorizationEvent(authentication, object, decision);
+        if (!result.isGranted()) {
+            this.delegate.publishAuthorizationEvent(authentication, object, result);
             return;
         }
-        if (shouldThisEventBePublished(decision)) {
+        if (shouldThisEventBePublished(result)) {
             AuthorizationGrantedEvent granted = new AuthorizationGrantedEvent(
-                    authentication, object, decision);
+                authentication, object, result);
             this.publisher.publishEvent(granted);
         }
     }
 
-    private boolean shouldThisEventBePublished(AuthorizationDecision decision) {
-        if (!(decision instanceof AuthorityAuthorizationDecision)) {
-            return false;
-        }
-        Collection<GrantedAuthority> authorities = ((AuthorityAuthorizationDecision) decision).getAuthorities();
-        for (GrantedAuthority authority : authorities) {
-            if ("ROLE_ADMIN".equals(authority.getAuthority())) {
-                return true;
+    private boolean shouldThisEventBePublished(AuthorizationResult result) {
+        if (result instanceof AuthorityAuthorizationDecision authorityAuthorizationDecision) {
+            Collection<GrantedAuthority> authorities = authorityAuthorizationDecision.getAuthorities();
+            for (GrantedAuthority authority : authorities) {
+                if ("ROLE_ADMIN".equals(authority.getAuthority())) {
+                    return true;
+                }
             }
         }
         return false;
@@ -137,22 +136,22 @@ class MyAuthorizationEventPublisher(val publisher: ApplicationEventPublisher,
     override fun <T : Any?> publishAuthorizationEvent(
         authentication: Supplier<Authentication>?,
         `object`: T,
-        decision: AuthorizationDecision?
+        result: AuthorizationResult?
     ) {
-        if (decision == null) {
+        if (result == null) {
             return
         }
-        if (!decision.isGranted) {
-            this.delegate.publishAuthorizationEvent(authentication, `object`, decision)
+        if (!result.isGranted) {
+            this.delegate.publishAuthorizationEvent(authentication, `object`, result)
             return
         }
-        if (shouldThisEventBePublished(decision)) {
-            val granted = AuthorizationGrantedEvent(authentication, `object`, decision)
+        if (shouldThisEventBePublished(result)) {
+            val granted = AuthorizationGrantedEvent(authentication, `object`, result)
             this.publisher.publishEvent(granted)
         }
     }
 
-    private fun shouldThisEventBePublished(decision: AuthorizationDecision): Boolean {
+    private fun shouldThisEventBePublished(result: AuthorizationResult): Boolean {
         if (decision !is AuthorityAuthorizationDecision) {
             return false
         }

docs/modules/ROOT/pages/servlet/authorization/method-security.adoc

@@ -1371,12 +1371,12 @@ Java::
 @Component
 public class MyAuthorizationManager implements AuthorizationManager<MethodInvocation>, AuthorizationManager<MethodInvocationResult> {
     @Override
-    public AuthorizationDecision check(Supplier<Authentication> authentication, MethodInvocation invocation) {
+    public AuthorizationResult authorize(Supplier<Authentication> authentication, MethodInvocation invocation) {
         // ... authorization logic
     }
 
     @Override
-    public AuthorizationDecision check(Supplier<Authentication> authentication, MethodInvocationResult invocation) {
+    public AuthorizationResult authorize(Supplier<Authentication> authentication, MethodInvocationResult invocation) {
         // ... authorization logic
     }
 }
@@ -1388,11 +1388,11 @@ Kotlin::
 ----
 @Component
 class MyAuthorizationManager : AuthorizationManager<MethodInvocation>, AuthorizationManager<MethodInvocationResult> {
-    override fun check(authentication: Supplier<Authentication>, invocation: MethodInvocation): AuthorizationDecision {
+    override fun authorize(authentication: Supplier<Authentication>, invocation: MethodInvocation): AuthorizationResult {
         // ... authorization logic
     }
 
-    override fun check(authentication: Supplier<Authentication>, invocation: MethodInvocationResult): AuthorizationDecision {
+    override fun authorize(authentication: Supplier<Authentication>, invocation: MethodInvocationResult): AuthorizationResult {
         // ... authorization logic
     }
 }

docs/modules/ROOT/pages/servlet/integrations/websocket.adoc

@@ -227,7 +227,7 @@ public final class MessageExpressionAuthorizationManager implements Authorizatio
 	}
 
 	@Override
-	public AuthorizationDecision check(Supplier<Authentication> authentication, MessageAuthorizationContext<?> context) {
+	public AuthorizationResult authorize(Supplier<Authentication> authentication, MessageAuthorizationContext<?> context) {
 		EvaluationContext ctx = this.expressionHandler.createEvaluationContext(authentication, context.getMessage());
 		boolean granted = ExpressionUtils.evaluateAsBoolean(this.expression, ctx);
 		return new ExpressionAuthorizationDecision(granted, this.expression);

messaging/src/main/java/org/springframework/security/messaging/access/intercept/AuthorizationChannelInterceptor.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,7 +27,6 @@ import org.springframework.messaging.MessageChannel;
 import org.springframework.messaging.support.ChannelInterceptor;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
-import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationEventPublisher;
 import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.security.authorization.AuthorizationResult;
@@ -109,12 +108,6 @@ public final class AuthorizationChannelInterceptor implements ChannelInterceptor
 
 	private static class NoopAuthorizationEventPublisher implements AuthorizationEventPublisher {
 
-		@Override
-		public <T> void publishAuthorizationEvent(Supplier<Authentication> authentication, T object,
-				AuthorizationDecision decision) {
-
-		}
-
 		@Override
 		public <T> void publishAuthorizationEvent(Supplier<Authentication> authentication, T object,
 				AuthorizationResult result) {

messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManager.java

@@ -28,7 +28,6 @@ import org.springframework.messaging.Message;
 import org.springframework.messaging.simp.SimpMessageType;
 import org.springframework.security.authorization.AuthenticatedAuthorizationManager;
 import org.springframework.security.authorization.AuthorityAuthorizationManager;
-import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.authorization.SingleResultAuthorizationManager;
@@ -56,30 +55,6 @@ public final class MessageMatcherDelegatingAuthorizationManager implements Autho
 		this.mappings = mappings;
 	}
 
-	/**
-	 * Delegates to a specific {@link AuthorizationManager} based on a
-	 * {@link MessageMatcher} evaluation.
-	 * @param authentication the {@link Supplier} of the {@link Authentication} to check
-	 * @param message the {@link Message} to check
-	 * @return an {@link AuthorizationDecision}. If there is no {@link MessageMatcher}
-	 * matching the message, or the {@link AuthorizationManager} could not decide, then
-	 * null is returned
-	 * @deprecated please use {@link #authorize(Supplier, Message)} instead
-	 */
-	@Deprecated
-	@Override
-	public AuthorizationDecision check(Supplier<Authentication> authentication, Message<?> message) {
-		AuthorizationResult result = authorize(authentication, message);
-		if (result == null) {
-			return null;
-		}
-		if (result instanceof AuthorizationDecision decision) {
-			return decision;
-		}
-		throw new IllegalArgumentException(
-				"Please call #authorize or ensure that the returned result is of type AuthorizationDecision");
-	}
-
 	@Override
 	public AuthorizationResult authorize(Supplier<Authentication> authentication, Message<?> message) {
 		if (this.logger.isTraceEnabled()) {

messaging/src/test/java/org/springframework/security/messaging/access/intercept/AuthorizationChannelInterceptorTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -30,7 +30,6 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationEventPublisher;
 import org.springframework.security.authorization.AuthorizationManager;
-import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 
@@ -39,7 +38,6 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
-import static org.mockito.Mockito.lenient;
 import static org.mockito.Mockito.verify;
 
 /**
@@ -83,15 +81,13 @@ public class AuthorizationChannelInterceptorTests {
 
 	@Test
 	public void preSendWhenAllowThenSameMessage() {
-		given(this.authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(true));
-		given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(this.authorizationManager.authorize(any(), any())).willReturn(new AuthorizationDecision(true));
 		assertThat(this.interceptor.preSend(this.message, this.channel)).isSameAs(this.message);
 	}
 
 	@Test
 	public void preSendWhenDenyThenException() {
-		given(this.authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(false));
-		given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(this.authorizationManager.authorize(any(), any())).willReturn(new AuthorizationDecision(false));
 		assertThatExceptionOfType(AccessDeniedException.class)
 			.isThrownBy(() -> this.interceptor.preSend(this.message, this.channel));
 	}
@@ -105,11 +101,7 @@ public class AuthorizationChannelInterceptorTests {
 	@Test
 	public void preSendWhenAuthorizationEventPublisherThenPublishes() {
 		this.interceptor.setAuthorizationEventPublisher(this.eventPublisher);
-		given(this.authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(true));
-		given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
-		lenient().doCallRealMethod()
-			.when(this.eventPublisher)
-			.publishAuthorizationEvent(any(), any(), any(AuthorizationResult.class));
+		given(this.authorizationManager.authorize(any(), any())).willReturn(new AuthorizationDecision(true));
 		this.interceptor.preSend(this.message, this.channel);
 		verify(this.eventPublisher).publishAuthorizationEvent(any(), any(), any());
 	}

messaging/src/test/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManagerTests.java

@@ -65,7 +65,7 @@ public final class MessageMatcherDelegatingAuthorizationManagerTests {
 	void checkWhenPermitAllThenPermits() {
 		AuthorizationManager<Message<?>> authorizationManager = builder().anyMessage().permitAll().build();
 		Message<?> message = new GenericMessage<>(new Object());
-		assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isTrue();
+		assertThat(authorizationManager.authorize(mock(Supplier.class), message).isGranted()).isTrue();
 	}
 
 	@Test
@@ -73,9 +73,9 @@ public final class MessageMatcherDelegatingAuthorizationManagerTests {
 		AuthorizationManager<Message<?>> authorizationManager = builder().anyMessage().hasRole("USER").build();
 		Message<?> message = new GenericMessage<>(new Object());
 		Authentication user = new TestingAuthenticationToken("user", "password", "ROLE_USER");
-		assertThat(authorizationManager.check(() -> user, message).isGranted()).isTrue();
+		assertThat(authorizationManager.authorize(() -> user, message).isGranted()).isTrue();
 		Authentication admin = new TestingAuthenticationToken("user", "password", "ROLE_ADMIN");
-		assertThat(authorizationManager.check(() -> admin, message).isGranted()).isFalse();
+		assertThat(authorizationManager.authorize(() -> admin, message).isGranted()).isFalse();
 	}
 
 	@Test
@@ -88,7 +88,7 @@ public final class MessageMatcherDelegatingAuthorizationManagerTests {
 		MessageHeaders headers = new MessageHeaders(
 				Map.of(SimpMessageHeaderAccessor.DESTINATION_HEADER, "destination"));
 		Message<?> message = new GenericMessage<>(new Object(), headers);
-		assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isTrue();
+		assertThat(authorizationManager.authorize(mock(Supplier.class), message).isGranted()).isTrue();
 	}
 
 	@Test
@@ -99,11 +99,11 @@ public final class MessageMatcherDelegatingAuthorizationManagerTests {
 			.denyAll()
 			.build();
 		Message<?> message = new GenericMessage<>(new Object());
-		assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isTrue();
+		assertThat(authorizationManager.authorize(mock(Supplier.class), message).isGranted()).isTrue();
 		MessageHeaders headers = new MessageHeaders(
 				Map.of(SimpMessageHeaderAccessor.DESTINATION_HEADER, "destination"));
 		message = new GenericMessage<>(new Object(), headers);
-		assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isFalse();
+		assertThat(authorizationManager.authorize(mock(Supplier.class), message).isGranted()).isFalse();
 	}
 
 	@Test
@@ -116,7 +116,7 @@ public final class MessageMatcherDelegatingAuthorizationManagerTests {
 		MessageHeaders headers = new MessageHeaders(
 				Map.of(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.CONNECT));
 		Message<?> message = new GenericMessage<>(new Object(), headers);
-		assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isTrue();
+		assertThat(authorizationManager.authorize(mock(Supplier.class), message).isGranted()).isTrue();
 	}
 
 	// gh-12540
@@ -130,7 +130,7 @@ public final class MessageMatcherDelegatingAuthorizationManagerTests {
 		MessageHeaders headers = new MessageHeaders(
 				Map.of(SimpMessageHeaderAccessor.DESTINATION_HEADER, "destination/3"));
 		Message<?> message = new GenericMessage<>(new Object(), headers);
-		assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isTrue();
+		assertThat(authorizationManager.authorize(mock(Supplier.class), message).isGranted()).isTrue();
 	}
 
 	@Test
@@ -151,7 +151,7 @@ public final class MessageMatcherDelegatingAuthorizationManagerTests {
 		MessageHeaders headers2 = new MessageHeaders(Map.of(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER,
 				SimpMessageType.SUBSCRIBE, SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination"));
 		Message<?> message2 = new GenericMessage<>(new Object(), headers2);
-		assertThat(authorizationManager.check(mock(Supplier.class), message2).isGranted()).isFalse();
+		assertThat(authorizationManager.authorize(mock(Supplier.class), message2).isGranted()).isFalse();
 	}
 
 	@Test
@@ -166,7 +166,7 @@ public final class MessageMatcherDelegatingAuthorizationManagerTests {
 		MessageHeaders headers = new MessageHeaders(
 				Map.of(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination/sub/asdf"));
 		Message<?> message = new GenericMessage<>(new Object(), headers);
-		assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isFalse();
+		assertThat(authorizationManager.authorize(mock(Supplier.class), message).isGranted()).isFalse();
 	}
 
 	private MessageMatcherDelegatingAuthorizationManager.Builder builder() {

rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java

@@ -51,21 +51,6 @@ public final class PayloadExchangeMatcherReactiveAuthorizationManager
 		this.mappings = mappings;
 	}
 
-	/**
-	 * @deprecated please use {@link #authorize(Mono, PayloadExchange)} instead
-	 */
-	@Deprecated
-	@Override
-	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, PayloadExchange exchange) {
-		return authorize(authentication, exchange).flatMap((result) -> {
-			if (result instanceof AuthorizationDecision decision) {
-				return Mono.just(decision);
-			}
-			return Mono.error(new IllegalArgumentException(
-					"Please call #authorize or ensure that the returned result is of type Mono<AuthorizationDecision>"));
-		});
-	}
-
 	@Override
 	public Mono<AuthorizationResult> authorize(Mono<Authentication> authentication, PayloadExchange exchange) {
 		return Flux.fromIterable(this.mappings)

rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java

@@ -52,51 +52,47 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests {
 	@Test
 	public void checkWhenGrantedThenGranted() {
 		AuthorizationDecision expected = new AuthorizationDecision(true);
-		given(this.authz.check(any(), any())).willReturn(Mono.just(expected));
-		given(this.authz.authorize(any(), any())).willCallRealMethod();
+		given(this.authz.authorize(any(), any())).willReturn(Mono.just(expected));
 		PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager
 			.builder()
 			.add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz))
 			.build();
-		assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected);
+		assertThat(manager.authorize(Mono.empty(), this.exchange).block()).isEqualTo(expected);
 	}
 
 	@Test
 	public void checkWhenDeniedThenDenied() {
 		AuthorizationDecision expected = new AuthorizationDecision(false);
-		given(this.authz.check(any(), any())).willReturn(Mono.just(expected));
-		given(this.authz.authorize(any(), any())).willCallRealMethod();
+		given(this.authz.authorize(any(), any())).willReturn(Mono.just(expected));
 		PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager
 			.builder()
 			.add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz))
 			.build();
-		assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected);
+		assertThat(manager.authorize(Mono.empty(), this.exchange).block()).isEqualTo(expected);
 	}
 
 	@Test
 	public void checkWhenFirstMatchThenSecondUsed() {
 		AuthorizationDecision expected = new AuthorizationDecision(true);
-		given(this.authz.check(any(), any())).willReturn(Mono.just(expected));
-		given(this.authz.authorize(any(), any())).willCallRealMethod();
+		given(this.authz.authorize(any(), any())).willReturn(Mono.just(expected));
 		PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager
 			.builder()
 			.add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz))
 			.add(new PayloadExchangeMatcherEntry<>((e) -> PayloadExchangeMatcher.MatchResult.notMatch(), this.authz2))
 			.build();
-		assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected);
+		assertThat(manager.authorize(Mono.empty(), this.exchange).block()).isEqualTo(expected);
 	}
 
 	@Test
 	public void checkWhenSecondMatchThenSecondUsed() {
 		AuthorizationDecision expected = new AuthorizationDecision(true);
-		given(this.authz2.check(any(), any())).willReturn(Mono.just(expected));
-		given(this.authz2.authorize(any(), any())).willCallRealMethod();
+		given(this.authz2.authorize(any(), any())).willReturn(Mono.just(expected));
 		PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager
 			.builder()
 			.add(new PayloadExchangeMatcherEntry<>((e) -> PayloadExchangeMatcher.MatchResult.notMatch(), this.authz))
 			.add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz2))
 			.build();
-		assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected);
+		assertThat(manager.authorize(Mono.empty(), this.exchange).block()).isEqualTo(expected);
 	}
 
 }

web/src/main/java/org/springframework/security/web/access/IpAddressAuthorizationManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@ import java.util.function.Supplier;
 
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationManager;
+import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
 import org.springframework.security.web.util.matcher.IpAddressMatcher;
@@ -52,7 +53,7 @@ public final class IpAddressAuthorizationManager implements AuthorizationManager
 	}
 
 	@Override
-	public AuthorizationDecision check(Supplier<Authentication> authentication,
+	public AuthorizationResult authorize(Supplier<Authentication> authentication,
 			RequestAuthorizationContext requestAuthorizationContext) {
 		return new AuthorizationDecision(
 				this.ipAddressMatcher.matcher(requestAuthorizationContext.getRequest()).isMatch());

web/src/main/java/org/springframework/security/web/access/expression/WebExpressionAuthorizationManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,8 +22,8 @@ import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
 import org.springframework.security.access.expression.ExpressionUtils;
 import org.springframework.security.access.expression.SecurityExpressionHandler;
-import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationManager;
+import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.authorization.ExpressionAuthorizationDecision;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
@@ -71,7 +71,7 @@ public final class WebExpressionAuthorizationManager implements AuthorizationMan
 	 * expression
 	 */
 	@Override
-	public AuthorizationDecision check(Supplier<Authentication> authentication, RequestAuthorizationContext context) {
+	public AuthorizationResult authorize(Supplier<Authentication> authentication, RequestAuthorizationContext context) {
 		EvaluationContext ctx = this.expressionHandler.createEvaluationContext(authentication, context);
 		boolean granted = ExpressionUtils.evaluateAsBoolean(this.expression, ctx);
 		return new ExpressionAuthorizationDecision(granted, this.expression);

web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,7 +29,6 @@ import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
-import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationDeniedException;
 import org.springframework.security.authorization.AuthorizationEventPublisher;
 import org.springframework.security.authorization.AuthorizationManager;
@@ -231,12 +230,6 @@ public class AuthorizationFilter extends GenericFilterBean {
 
 	private static class NoopAuthorizationEventPublisher implements AuthorizationEventPublisher {
 
-		@Override
-		public <T> void publishAuthorizationEvent(Supplier<Authentication> authentication, T object,
-				AuthorizationDecision decision) {
-
-		}
-
 		@Override
 		public <T> void publishAuthorizationEvent(Supplier<Authentication> authentication, T object,
 				AuthorizationResult result) {

web/src/main/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManager.java

@@ -62,30 +62,6 @@ public final class RequestMatcherDelegatingAuthorizationManager implements Autho
 		this.mappings = mappings;
 	}
 
-	/**
-	 * Delegates to a specific {@link AuthorizationManager} based on a
-	 * {@link RequestMatcher} evaluation.
-	 * @param authentication the {@link Supplier} of the {@link Authentication} to check
-	 * @param request the {@link HttpServletRequest} to check
-	 * @return an {@link AuthorizationDecision}. If there is no {@link RequestMatcher}
-	 * matching the request, or the {@link AuthorizationManager} could not decide, then
-	 * null is returned
-	 * @deprecated please use {@link #authorize(Supplier, HttpServletRequest)} instead
-	 */
-	@Deprecated
-	@Override
-	public AuthorizationDecision check(Supplier<Authentication> authentication, HttpServletRequest request) {
-		AuthorizationResult result = authorize(authentication, request);
-		if (result == null) {
-			return null;
-		}
-		if (result instanceof AuthorizationDecision decision) {
-			return decision;
-		}
-		throw new IllegalArgumentException(
-				"Please call #authorize or ensure that the returned result is of type AuthorizationDecision");
-	}
-
 	@Override
 	public AuthorizationResult authorize(Supplier<Authentication> authentication, HttpServletRequest request) {
 		if (this.logger.isTraceEnabled()) {

web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java

@@ -50,21 +50,6 @@ public final class DelegatingReactiveAuthorizationManager implements ReactiveAut
 		this.mappings = mappings;
 	}
 
-	/**
-	 * @deprecated please use {@link #authorize(Mono, ServerWebExchange)} instead
-	 */
-	@Deprecated
-	@Override
-	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, ServerWebExchange exchange) {
-		return authorize(authentication, exchange).flatMap((result) -> {
-			if (result instanceof AuthorizationDecision decision) {
-				return Mono.just(decision);
-			}
-			return Mono.error(new IllegalArgumentException(
-					"Please call #authorize or ensure that the returned result is of type Mono<AuthorizationDecision>"));
-		});
-	}
-
 	@Override
 	public Mono<AuthorizationResult> authorize(Mono<Authentication> authentication, ServerWebExchange exchange) {
 		return Flux.fromIterable(this.mappings)

web/src/main/java/org/springframework/security/web/server/authorization/IpAddressReactiveAuthorizationManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ package org.springframework.security.web.server.authorization;
 import reactor.core.publisher.Mono;
 
 import org.springframework.security.authorization.AuthorizationDecision;
+import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.authorization.ReactiveAuthorizationManager;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.server.util.matcher.IpAddressServerWebExchangeMatcher;
@@ -40,7 +41,7 @@ public final class IpAddressReactiveAuthorizationManager implements ReactiveAuth
 	}
 
 	@Override
-	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, AuthorizationContext context) {
+	public Mono<AuthorizationResult> authorize(Mono<Authentication> authentication, AuthorizationContext context) {
 		return Mono.just(context.getExchange())
 			.flatMap(this.ipAddressExchangeMatcher::matches)
 			.map((matchResult) -> new AuthorizationDecision(matchResult.isMatch()));

web/src/test/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluatorTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -62,25 +62,22 @@ class AuthorizationManagerWebInvocationPrivilegeEvaluatorTests {
 
 	@Test
 	void isAllowedWhenAuthorizationManagerAllowsThenAllowedTrue() {
-		given(this.authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(true));
-		given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(this.authorizationManager.authorize(any(), any())).willReturn(new AuthorizationDecision(true));
 		boolean allowed = this.privilegeEvaluator.isAllowed("/test", TestAuthentication.authenticatedUser());
 		assertThat(allowed).isTrue();
-		verify(this.authorizationManager).check(any(), any());
+		verify(this.authorizationManager).authorize(any(), any());
 	}
 
 	@Test
 	void isAllowedWhenAuthorizationManagerDeniesAllowedFalse() {
-		given(this.authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(false));
-		given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(this.authorizationManager.authorize(any(), any())).willReturn(new AuthorizationDecision(false));
 		boolean allowed = this.privilegeEvaluator.isAllowed("/test", TestAuthentication.authenticatedUser());
 		assertThat(allowed).isFalse();
 	}
 
 	@Test
 	void isAllowedWhenAuthorizationManagerAbstainsThenAllowedTrue() {
-		given(this.authorizationManager.check(any(), any())).willReturn(null);
-		given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
+		given(this.authorizationManager.authorize(any(), any())).willReturn(null);
 		boolean allowed = this.privilegeEvaluator.isAllowed("/test", TestAuthentication.authenticatedUser());
 		assertThat(allowed).isTrue();
 	}
@@ -88,11 +85,10 @@ class AuthorizationManagerWebInvocationPrivilegeEvaluatorTests {
 	@Test
 	void isAllowedWhenServletContextExistsThenFilterInvocationHasServletContext() {
 		ServletContext servletContext = new MockServletContext();
-		given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
 		this.privilegeEvaluator.setServletContext(servletContext);
 		this.privilegeEvaluator.isAllowed("/test", TestAuthentication.authenticatedUser());
 		ArgumentCaptor<HttpServletRequest> captor = ArgumentCaptor.forClass(HttpServletRequest.class);
-		verify(this.authorizationManager).check(any(), captor.capture());
+		verify(this.authorizationManager).authorize(any(), captor.capture());
 		assertThat(captor.getValue().getServletContext()).isSameAs(servletContext);
 	}
 
@@ -105,12 +101,11 @@ class AuthorizationManagerWebInvocationPrivilegeEvaluatorTests {
 	void isAllowedWhenRequestTransformerThenUsesRequestTransformerResult() {
 		HttpServletRequest request = new MockHttpServletRequest();
 		given(this.requestTransformer.transform(any())).willReturn(request);
-		given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
 		this.privilegeEvaluator.setRequestTransformer(this.requestTransformer);
 
 		this.privilegeEvaluator.isAllowed("/test", TestAuthentication.authenticatedUser());
 
-		verify(this.authorizationManager).check(any(), eq(request));
+		verify(this.authorizationManager).authorize(any(), eq(request));
 	}
 
 	// gh-16771
@@ -119,13 +114,13 @@ class AuthorizationManagerWebInvocationPrivilegeEvaluatorTests {
 		RequestMatcherDelegatingAuthorizationManager authorizationManager = RequestMatcherDelegatingAuthorizationManager
 			.builder()
 			.add(pathPattern("/test/**"),
-					(authentication, context) -> this.authorizationManager.check(authentication, context.getRequest()))
+					(authentication, ctx) -> this.authorizationManager.authorize(authentication, ctx.getRequest()))
 			.build();
 		AuthorizationManagerWebInvocationPrivilegeEvaluator privilegeEvaluator = new AuthorizationManagerWebInvocationPrivilegeEvaluator(
 				authorizationManager);
 		privilegeEvaluator.setRequestTransformer(new PathPatternRequestTransformer());
 		privilegeEvaluator.isAllowed("/test", TestAuthentication.authenticatedUser());
-		verify(this.authorizationManager).check(any(), any());
+		verify(this.authorizationManager).authorize(any(), any());
 	}
 
 }

web/src/test/java/org/springframework/security/web/access/expression/WebExpressionAuthorizationManagerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,7 +22,7 @@ import org.springframework.expression.Expression;
 import org.springframework.expression.ExpressionParser;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.authentication.TestAuthentication;
-import org.springframework.security.authorization.AuthorizationDecision;
+import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -87,7 +87,7 @@ class WebExpressionAuthorizationManagerTests {
 	@Test
 	void checkWhenExpressionHasRoleAdminConfiguredAndRoleAdminThenGrantedDecision() {
 		WebExpressionAuthorizationManager manager = new WebExpressionAuthorizationManager("hasRole('ADMIN')");
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin,
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedAdmin,
 				new RequestAuthorizationContext(new MockHttpServletRequest()));
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
@@ -96,7 +96,7 @@ class WebExpressionAuthorizationManagerTests {
 	@Test
 	void checkWhenExpressionHasRoleAdminConfiguredAndRoleUserThenDeniedDecision() {
 		WebExpressionAuthorizationManager manager = new WebExpressionAuthorizationManager("hasRole('ADMIN')");
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser,
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser,
 				new RequestAuthorizationContext(new MockHttpServletRequest()));
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();

web/src/test/java/org/springframework/security/web/access/intercept/AuthorizationFilterTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -38,7 +38,6 @@ import org.springframework.security.authorization.AuthenticatedAuthorizationMana
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationEventPublisher;
 import org.springframework.security.authorization.AuthorizationManager;
-import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -54,7 +53,6 @@ import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.BDDMockito.willThrow;
-import static org.mockito.Mockito.doCallRealMethod;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
@@ -93,8 +91,7 @@ public class AuthorizationFilterTests {
 	@Test
 	public void filterWhenAuthorizationManagerVerifyPassesThenNextFilter() throws Exception {
 		AuthorizationManager<HttpServletRequest> mockAuthorizationManager = mock(AuthorizationManager.class);
-		given(mockAuthorizationManager.authorize(any(), any())).willCallRealMethod();
-		given(mockAuthorizationManager.check(any(Supplier.class), any(HttpServletRequest.class)))
+		given(mockAuthorizationManager.authorize(any(Supplier.class), any(HttpServletRequest.class)))
 			.willReturn(new AuthorizationDecision(true));
 		AuthorizationFilter filter = new AuthorizationFilter(mockAuthorizationManager);
 		TestingAuthenticationToken authenticationToken = new TestingAuthenticationToken("user", "password");
@@ -110,7 +107,7 @@ public class AuthorizationFilterTests {
 		filter.doFilter(mockRequest, mockResponse, mockFilterChain);
 
 		ArgumentCaptor<Supplier<Authentication>> authenticationCaptor = ArgumentCaptor.forClass(Supplier.class);
-		verify(mockAuthorizationManager).check(authenticationCaptor.capture(), eq(mockRequest));
+		verify(mockAuthorizationManager).authorize(authenticationCaptor.capture(), eq(mockRequest));
 		Supplier<Authentication> authentication = authenticationCaptor.getValue();
 		assertThat(authentication.get()).isEqualTo(authenticationToken);
 
@@ -121,7 +118,6 @@ public class AuthorizationFilterTests {
 	@Test
 	public void filterWhenAuthorizationManagerVerifyThrowsAccessDeniedExceptionThenStopFilterChain() {
 		AuthorizationManager<HttpServletRequest> mockAuthorizationManager = mock(AuthorizationManager.class);
-		given(mockAuthorizationManager.authorize(any(), any())).willCallRealMethod();
 		AuthorizationFilter filter = new AuthorizationFilter(mockAuthorizationManager);
 		TestingAuthenticationToken authenticationToken = new TestingAuthenticationToken("user", "password");
 
@@ -134,14 +130,14 @@ public class AuthorizationFilterTests {
 		FilterChain mockFilterChain = mock(FilterChain.class);
 
 		willThrow(new AccessDeniedException("Access Denied")).given(mockAuthorizationManager)
-			.check(any(), eq(mockRequest));
+			.authorize(any(), eq(mockRequest));
 
 		assertThatExceptionOfType(AccessDeniedException.class)
 			.isThrownBy(() -> filter.doFilter(mockRequest, mockResponse, mockFilterChain))
 			.withMessage("Access Denied");
 
 		ArgumentCaptor<Supplier<Authentication>> authenticationCaptor = ArgumentCaptor.forClass(Supplier.class);
-		verify(mockAuthorizationManager).check(authenticationCaptor.capture(), eq(mockRequest));
+		verify(mockAuthorizationManager).authorize(authenticationCaptor.capture(), eq(mockRequest));
 		Supplier<Authentication> authentication = authenticationCaptor.getValue();
 		assertThat(authentication.get()).isEqualTo(authenticationToken);
 
@@ -190,7 +186,6 @@ public class AuthorizationFilterTests {
 		SecurityContextHolder.setContext(securityContext);
 
 		AuthorizationEventPublisher eventPublisher = mock(AuthorizationEventPublisher.class);
-		doCallRealMethod().when(eventPublisher).publishAuthorizationEvent(any(), any(), any(AuthorizationResult.class));
 		authorizationFilter.setAuthorizationEventPublisher(eventPublisher);
 		authorizationFilter.doFilter(mockRequest, mockResponse, mockFilterChain);
 		verify(eventPublisher).publishAuthorizationEvent(any(Supplier.class), any(HttpServletRequest.class),
@@ -200,7 +195,6 @@ public class AuthorizationFilterTests {
 	@Test
 	public void doFilterWhenErrorThenDoFilter() throws Exception {
 		AuthorizationManager<HttpServletRequest> authorizationManager = mock(AuthorizationManager.class);
-		given(authorizationManager.authorize(any(), any())).willCallRealMethod();
 		AuthorizationFilter authorizationFilter = new AuthorizationFilter(authorizationManager);
 		MockHttpServletRequest mockRequest = new MockHttpServletRequest(null, "/path");
 		mockRequest.setDispatcherType(DispatcherType.ERROR);
@@ -209,7 +203,7 @@ public class AuthorizationFilterTests {
 		FilterChain mockFilterChain = mock(FilterChain.class);
 
 		authorizationFilter.doFilter(mockRequest, mockResponse, mockFilterChain);
-		verify(authorizationManager).check(any(Supplier.class), eq(mockRequest));
+		verify(authorizationManager).authorize(any(Supplier.class), eq(mockRequest));
 	}
 
 	@Test
@@ -237,27 +231,24 @@ public class AuthorizationFilterTests {
 
 	@Test
 	public void doFilterWhenObserveOncePerRequestTrueAndNotAppliedThenInvoked() throws ServletException, IOException {
-		given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
 		this.filter.setObserveOncePerRequest(true);
 		this.filter.doFilter(this.request, this.response, this.chain);
-		verify(this.authorizationManager).check(any(), any());
+		verify(this.authorizationManager).authorize(any(), any());
 	}
 
 	@Test
 	public void doFilterWhenObserveOncePerRequestFalseAndIsAppliedThenInvoked() throws ServletException, IOException {
 		setIsAppliedTrue();
-		given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
 		this.filter.setObserveOncePerRequest(false);
 		this.filter.doFilter(this.request, this.response, this.chain);
-		verify(this.authorizationManager).check(any(), any());
+		verify(this.authorizationManager).authorize(any(), any());
 	}
 
 	@Test
 	public void doFilterWhenObserveOncePerRequestFalseAndNotAppliedThenInvoked() throws ServletException, IOException {
-		given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
 		this.filter.setObserveOncePerRequest(false);
 		this.filter.doFilter(this.request, this.response, this.chain);
-		verify(this.authorizationManager).check(any(), any());
+		verify(this.authorizationManager).authorize(any(), any());
 	}
 
 	@Test
@@ -270,11 +261,10 @@ public class AuthorizationFilterTests {
 
 	@Test
 	public void doFilterWhenFilterErrorDispatchTrueAndIsErrorThenInvoked() throws ServletException, IOException {
-		given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
 		this.request.setDispatcherType(DispatcherType.ERROR);
 		this.filter.setFilterErrorDispatch(true);
 		this.filter.doFilter(this.request, this.response, this.chain);
-		verify(this.authorizationManager).check(any(), any());
+		verify(this.authorizationManager).authorize(any(), any());
 	}
 
 	@Test
@@ -294,11 +284,10 @@ public class AuthorizationFilterTests {
 
 	@Test
 	public void doFilterWhenFilterAsyncDispatchTrueAndIsAsyncThenInvoked() throws ServletException, IOException {
-		given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
 		this.request.setDispatcherType(DispatcherType.ASYNC);
 		this.filter.setFilterAsyncDispatch(true);
 		this.filter.doFilter(this.request, this.response, this.chain);
-		verify(this.authorizationManager).check(any(), any());
+		verify(this.authorizationManager).authorize(any(), any());
 	}
 
 	@Test

web/src/test/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManagerTests.java

@@ -25,7 +25,7 @@ import org.springframework.security.authentication.TestAuthentication;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.authorization.AuthenticatedAuthorizationManager;
 import org.springframework.security.authorization.AuthorityAuthorizationManager;
-import org.springframework.security.authorization.AuthorizationDecision;
+import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.authorization.SingleResultAuthorizationManager;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.util.matcher.AnyRequestMatcher;
@@ -76,15 +76,15 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 
 		Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
 
-		AuthorizationDecision grant = manager.check(authentication, new MockHttpServletRequest(null, "/grant"));
+		AuthorizationResult grant = manager.authorize(authentication, new MockHttpServletRequest(null, "/grant"));
 		assertThat(grant).isNotNull();
 		assertThat(grant.isGranted()).isTrue();
 
-		AuthorizationDecision deny = manager.check(authentication, new MockHttpServletRequest(null, "/deny"));
+		AuthorizationResult deny = manager.authorize(authentication, new MockHttpServletRequest(null, "/deny"));
 		assertThat(deny).isNotNull();
 		assertThat(deny.isGranted()).isFalse();
 
-		AuthorizationDecision defaultDeny = manager.check(authentication,
+		AuthorizationResult defaultDeny = manager.authorize(authentication,
 				new MockHttpServletRequest(null, "/unmapped"));
 		assertThat(defaultDeny).isNotNull();
 		assertThat(defaultDeny.isGranted()).isFalse();
@@ -104,16 +104,16 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 
 		Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
 
-		AuthorizationDecision grant = manager.check(authentication, new MockHttpServletRequest(null, "/grant"));
+		AuthorizationResult grant = manager.authorize(authentication, new MockHttpServletRequest(null, "/grant"));
 
 		assertThat(grant).isNotNull();
 		assertThat(grant.isGranted()).isTrue();
 
-		AuthorizationDecision afterAny = manager.check(authentication, new MockHttpServletRequest(null, "/afterAny"));
+		AuthorizationResult afterAny = manager.authorize(authentication, new MockHttpServletRequest(null, "/afterAny"));
 		assertThat(afterAny).isNotNull();
 		assertThat(afterAny.isGranted()).isFalse();
 
-		AuthorizationDecision unmapped = manager.check(authentication, new MockHttpServletRequest(null, "/unmapped"));
+		AuthorizationResult unmapped = manager.authorize(authentication, new MockHttpServletRequest(null, "/unmapped"));
 		assertThat(unmapped).isNotNull();
 		assertThat(unmapped.isGranted()).isFalse();
 	}
@@ -176,7 +176,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 			.anyRequest()
 			.permitAll()
 			.build();
-		AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::anonymousUser, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -187,7 +187,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 			.anyRequest()
 			.denyAll()
 			.build();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, null);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedAdmin, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -198,7 +198,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 			.anyRequest()
 			.authenticated()
 			.build();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -209,7 +209,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 			.anyRequest()
 			.authenticated()
 			.build();
-		AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::anonymousUser, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -220,7 +220,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 			.anyRequest()
 			.fullyAuthenticated()
 			.build();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -231,7 +231,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 			.anyRequest()
 			.fullyAuthenticated()
 			.build();
-		AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::anonymousUser, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -242,7 +242,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 			.anyRequest()
 			.fullyAuthenticated()
 			.build();
-		AuthorizationDecision decision = manager.check(TestAuthentication::rememberMeUser, null);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::rememberMeUser, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -253,7 +253,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 			.anyRequest()
 			.rememberMe()
 			.build();
-		AuthorizationDecision decision = manager.check(TestAuthentication::rememberMeUser, null);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::rememberMeUser, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -264,7 +264,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 			.anyRequest()
 			.rememberMe()
 			.build();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -275,7 +275,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 			.anyRequest()
 			.anonymous()
 			.build();
-		AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::anonymousUser, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -286,7 +286,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 			.anyRequest()
 			.anonymous()
 			.build();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -297,7 +297,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 			.anyRequest()
 			.hasRole("ADMIN")
 			.build();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -308,7 +308,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 			.anyRequest()
 			.hasRole("ADMIN")
 			.build();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, null);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedAdmin, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -319,7 +319,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 			.anyRequest()
 			.hasAnyRole("USER", "ADMIN")
 			.build();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -330,7 +330,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 			.anyRequest()
 			.hasAnyRole("USER", "ADMIN")
 			.build();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, null);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedAdmin, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -341,7 +341,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 			.anyRequest()
 			.hasAnyRole("USER", "ADMIN")
 			.build();
-		AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::anonymousUser, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -352,7 +352,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 			.anyRequest()
 			.hasAuthority("ROLE_ADMIN")
 			.build();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}
@@ -363,7 +363,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 			.anyRequest()
 			.hasAuthority("ROLE_ADMIN")
 			.build();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, null);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedAdmin, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -374,7 +374,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 			.anyRequest()
 			.hasAnyAuthority("ROLE_USER", "ROLE_ADMIN")
 			.build();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -385,7 +385,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 			.anyRequest()
 			.hasAnyAuthority("ROLE_USER", "ROLE_ADMIN")
 			.build();
-		AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, null);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedAdmin, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isTrue();
 	}
@@ -396,7 +396,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 			.anyRequest()
 			.hasAnyRole("USER", "ADMIN")
 			.build();
-		AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null);
+		AuthorizationResult decision = manager.authorize(TestAuthentication::anonymousUser, null);
 		assertThat(decision).isNotNull();
 		assertThat(decision.isGranted()).isFalse();
 	}

web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,6 +27,7 @@ import reactor.test.publisher.PublisherProbe;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.authorization.AuthorizationDecision;
+import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextImpl;
@@ -113,8 +114,9 @@ public class AuthorizationWebFilterTests {
 	public void filterWhenGrantedAndDoeAccessAuthenticationThenChainSubscribedAndSecurityContextSubscribed() {
 		PublisherProbe<SecurityContext> context = PublisherProbe.empty();
 		given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono());
-		AuthorizationWebFilter filter = new AuthorizationWebFilter((a,
-				e) -> a.map((auth) -> new AuthorizationDecision(true)).defaultIfEmpty(new AuthorizationDecision(true)));
+		AuthorizationWebFilter filter = new AuthorizationWebFilter(
+				(a, e) -> a.map((auth) -> (AuthorizationResult) new AuthorizationDecision(true))
+					.defaultIfEmpty(new AuthorizationDecision(true)));
 		Mono<Void> result = filter.filter(this.exchange, this.chain)
 			.contextWrite(ReactiveSecurityContextHolder.withSecurityContext(context.mono()));
 		StepVerifier.create(result).verifyComplete();

web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java

@@ -79,10 +79,9 @@ public class DelegatingReactiveAuthorizationManagerTests {
 	@Test
 	public void checkWhenFirstMatchesThenNoMoreMatchersAndNoMoreDelegatesInvoked() {
 		given(this.match1.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match());
-		given(this.delegate1.check(eq(this.authentication), any(AuthorizationContext.class)))
+		given(this.delegate1.authorize(eq(this.authentication), any(AuthorizationContext.class)))
 			.willReturn(Mono.just(this.decision));
-		given(this.delegate1.authorize(eq(this.authentication), any(AuthorizationContext.class))).willCallRealMethod();
-		assertThat(this.manager.check(this.authentication, this.exchange).block()).isEqualTo(this.decision);
+		assertThat(this.manager.authorize(this.authentication, this.exchange).block()).isEqualTo(this.decision);
 		verifyNoMoreInteractions(this.match2, this.delegate2);
 	}
 
@@ -90,10 +89,9 @@ public class DelegatingReactiveAuthorizationManagerTests {
 	public void checkWhenSecondMatchesThenNoMoreMatchersAndNoMoreDelegatesInvoked() {
 		given(this.match1.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
 		given(this.match2.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match());
-		given(this.delegate2.check(eq(this.authentication), any(AuthorizationContext.class)))
+		given(this.delegate2.authorize(eq(this.authentication), any(AuthorizationContext.class)))
 			.willReturn(Mono.just(this.decision));
-		given(this.delegate2.authorize(eq(this.authentication), any(AuthorizationContext.class))).willCallRealMethod();
-		assertThat(this.manager.check(this.authentication, this.exchange).block()).isEqualTo(this.decision);
+		assertThat(this.manager.authorize(this.authentication, this.exchange).block()).isEqualTo(this.decision);
 		verifyNoMoreInteractions(this.delegate1);
 	}
 

web/src/test/java/org/springframework/security/web/server/authorization/IpAddressReactiveAuthorizationManagerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -38,7 +38,7 @@ public class IpAddressReactiveAuthorizationManagerTests {
 	public void checkWhenHasIpv6AddressThenReturnTrue() throws UnknownHostException {
 		IpAddressReactiveAuthorizationManager v6manager = IpAddressReactiveAuthorizationManager
 			.hasIpAddress("fe80::21f:5bff:fe33:bd68");
-		boolean granted = v6manager.check(null, context("fe80::21f:5bff:fe33:bd68")).block().isGranted();
+		boolean granted = v6manager.authorize(null, context("fe80::21f:5bff:fe33:bd68")).block().isGranted();
 		assertThat(granted).isTrue();
 	}
 
@@ -46,7 +46,7 @@ public class IpAddressReactiveAuthorizationManagerTests {
 	public void checkWhenHasIpv6AddressThenReturnFalse() throws UnknownHostException {
 		IpAddressReactiveAuthorizationManager v6manager = IpAddressReactiveAuthorizationManager
 			.hasIpAddress("fe80::21f:5bff:fe33:bd68");
-		boolean granted = v6manager.check(null, context("fe80::1c9a:7cfd:29a8:a91e")).block().isGranted();
+		boolean granted = v6manager.authorize(null, context("fe80::1c9a:7cfd:29a8:a91e")).block().isGranted();
 		assertThat(granted).isFalse();
 	}
 
@@ -54,7 +54,7 @@ public class IpAddressReactiveAuthorizationManagerTests {
 	public void checkWhenHasIpv4AddressThenReturnTrue() throws UnknownHostException {
 		IpAddressReactiveAuthorizationManager v4manager = IpAddressReactiveAuthorizationManager
 			.hasIpAddress("192.168.1.104");
-		boolean granted = v4manager.check(null, context("192.168.1.104")).block().isGranted();
+		boolean granted = v4manager.authorize(null, context("192.168.1.104")).block().isGranted();
 		assertThat(granted).isTrue();
 	}
 
@@ -62,7 +62,7 @@ public class IpAddressReactiveAuthorizationManagerTests {
 	public void checkWhenHasIpv4AddressThenReturnFalse() throws UnknownHostException {
 		IpAddressReactiveAuthorizationManager v4manager = IpAddressReactiveAuthorizationManager
 			.hasIpAddress("192.168.1.104");
-		boolean granted = v4manager.check(null, context("192.168.100.15")).block().isGranted();
+		boolean granted = v4manager.authorize(null, context("192.168.100.15")).block().isGranted();
 		assertThat(granted).isFalse();
 	}