Update RoleHierarchy Docs

Closes gh-12766
spring-projects · Feb 24, 2023 · eac1f84 · eac1f84
1 parent f5a4b52
commit eac1f84
Showing 1 changed file with 15 additions and 6 deletions.
diff --git a/docs/modules/ROOT/pages/servlet/authorization/architecture.adoc b/docs/modules/ROOT/pages/servlet/authorization/architecture.adoc
@@ -196,22 +196,25 @@ A typical configuration might look like this:
 [source,java,role="primary"]
 ----
 @Bean
-AccessDecisionVoter hierarchyVoter() {
+static RoleHierarchy roleHierarchy() {
     RoleHierarchy hierarchy = new RoleHierarchyImpl();
     hierarchy.setHierarchy("ROLE_ADMIN > ROLE_STAFF\n" +
             "ROLE_STAFF > ROLE_USER\n" +
             "ROLE_USER > ROLE_GUEST");
-    return new RoleHierarchyVoter(hierarchy);
+}
+
+// and, if using method security also add
+@Bean
+static MethodSecurityExpressionHandler methodSecurityExpressionHandler(RoleHierarchy roleHierarchy) {
+	DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
+	expressionHandler.setRoleHierarchy(roleHierarchy);
+	return expressionHandler;
 }
 ----
 
 .Xml
 [source,java,role="secondary"]
 ----
-
-<bean id="roleVoter" class="org.springframework.security.access.vote.RoleHierarchyVoter">
-	<constructor-arg ref="roleHierarchy" />
-</bean>
 <bean id="roleHierarchy"
 		class="org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl">
 	<property name="hierarchy">
@@ -222,6 +225,12 @@ AccessDecisionVoter hierarchyVoter() {
 		</value>
 	</property>
 </bean>
+
+<!-- and, if using method security also add -->
+<bean id="methodSecurityExpressionHandler"
+        class="org.springframework.security.access.expression.method.MethodSecurityExpressionHandler">
+    <property ref="roleHierarchy"/>
+</bean>
 ----
 ====