From eac1f846b39283dc9c1ea19bc8920eeb973923f0 Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Fri, 24 Feb 2023 12:00:35 -0700 Subject: [PATCH] Update RoleHierarchy Docs Closes gh-12766 --- .../servlet/authorization/architecture.adoc | 21 +++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/docs/modules/ROOT/pages/servlet/authorization/architecture.adoc b/docs/modules/ROOT/pages/servlet/authorization/architecture.adoc index f4ca5b07e9..cbdadfc1e6 100644 --- a/docs/modules/ROOT/pages/servlet/authorization/architecture.adoc +++ b/docs/modules/ROOT/pages/servlet/authorization/architecture.adoc @@ -196,22 +196,25 @@ A typical configuration might look like this: [source,java,role="primary"] ---- @Bean -AccessDecisionVoter hierarchyVoter() { +static RoleHierarchy roleHierarchy() { RoleHierarchy hierarchy = new RoleHierarchyImpl(); hierarchy.setHierarchy("ROLE_ADMIN > ROLE_STAFF\n" + "ROLE_STAFF > ROLE_USER\n" + "ROLE_USER > ROLE_GUEST"); - return new RoleHierarchyVoter(hierarchy); +} + +// and, if using method security also add +@Bean +static MethodSecurityExpressionHandler methodSecurityExpressionHandler(RoleHierarchy roleHierarchy) { + DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler(); + expressionHandler.setRoleHierarchy(roleHierarchy); + return expressionHandler; } ---- .Xml [source,java,role="secondary"] ---- - - - - @@ -222,6 +225,12 @@ AccessDecisionVoter hierarchyVoter() { + + + + + ---- ====