SEC-1492: Added RoleHierarchyAuthoritiesMapper as the new preferred way of using a RoleHierarchy.

core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapper.java

@@ -0,0 +1,21 @@
+package org.springframework.security.access.hierarchicalroles;
+
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
+
+import java.util.*;
+
+/**
+ * @author Luke Taylor
+ */
+public class RoleHierarchyAuthoritiesMapper implements GrantedAuthoritiesMapper {
+    private final RoleHierarchy roleHierarchy;
+
+    public RoleHierarchyAuthoritiesMapper(RoleHierarchy roleHierarchy) {
+        this.roleHierarchy = roleHierarchy;
+    }
+
+    public Collection<? extends GrantedAuthority> mapAuthorities(Collection<? extends GrantedAuthority> authorities) {
+        return roleHierarchy.getReachableGrantedAuthorities(authorities);
+    }
+}

core/src/main/java/org/springframework/security/access/hierarchicalroles/UserDetailsServiceWrapper.java

@@ -23,8 +23,8 @@ import org.springframework.security.core.userdetails.UserDetailsService;
  * instead of only the directly assigned authorities.
  *
  * @author Michael Mayr
- * @deprecated use a {@code RoleHierarchyVoter} instead of populating the user Authentication object
+ * @deprecated use a {@code RoleHierarchyVoter} or use a {@code RoleHierarchyAuthoritiesMapper} to populate the
- * with the additional authorities.
+ * Authentication object with the additional authorities.
  */
 public class UserDetailsServiceWrapper implements UserDetailsService {
 

core/src/main/java/org/springframework/security/access/hierarchicalroles/UserDetailsWrapper.java

@@ -26,7 +26,7 @@ import org.springframework.security.core.userdetails.UserDetails;
  * delegated to the <tt>UserDetails</tt> implementation.
  *
  * @author Michael Mayr
- * @deprecated use a {@link RoleHierarchyVoter} instead.
+ * @deprecated use a {@link RoleHierarchyVoter} or {@code RoleHierarchyAuthoritiesMapper} instead.
  */
 public class UserDetailsWrapper implements UserDetails {
 

core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java

@@ -0,0 +1,33 @@
+package org.springframework.security.access.hierarchicalroles;
+
+import static junit.framework.Assert.assertEquals;
+
+import org.junit.*;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
+
+import java.util.*;
+
+/**
+ * @author Luke Taylor
+ */
+public class RoleHierarchyAuthoritiesMapperTests {
+
+    @Test
+    public void expectedAuthoritiesAreReturned() {
+        RoleHierarchyImpl rh = new RoleHierarchyImpl();
+        rh.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C");
+        RoleHierarchyAuthoritiesMapper mapper = new RoleHierarchyAuthoritiesMapper(rh);
+
+        Collection<? extends GrantedAuthority> authorities =
+                mapper.mapAuthorities(AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_D"));
+
+        assertEquals(4, authorities.size());
+
+        mapper = new RoleHierarchyAuthoritiesMapper(new NullRoleHierarchy());
+
+        authorities = mapper.mapAuthorities(AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_D"));
+
+        assertEquals(2, authorities.size());
+    }
+}