Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add Note about RoleHierarchy 

Closes gh-12766
This commit is contained in:
Josh Cummings 2023-02-24 13:43:43 -07:00
parent bbd31f0e33
commit 109f6e7028
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/modules/ROOT/pages/servlet/authorization/architecture.adoc
View File

@ -225,6 +225,11 @@ AccessDecisionVoter hierarchyVoter() {
----
====
[NOTE]
`RoleHierarchy` bean configuration is not yet ported over to `@EnableMethodSecurity`.
As such this example is using `AccessDecisionVoter`.
If you need `RoleHierarchy` support for method security, please continue using `@EnableGlobalMethodSecurity` until https://github.com/spring-projects/spring-security/issues/12783 is complete.
Here we have four roles in a hierarchy `ROLE_ADMIN => ROLE_STAFF => ROLE_USER => ROLE_GUEST`.
A user who is authenticated with `ROLE_ADMIN`, will behave as if they have all four roles when security constraints are evaluated against an `AuthorizationManager` adapted to call the above `RoleHierarchyVoter`.
The `>` symbol can be thought of as meaning "includes".