Update RoleHierarchy Docs

jzheaux · jzheaux · commit eac1f846b392 · 2023-02-24T12:00:35.000-07:00
Closes gh-12766
diff --git a/docs/modules/ROOT/pages/servlet/authorization/architecture.adoc b/docs/modules/ROOT/pages/servlet/authorization/architecture.adoc
@@ -196,22 +196,25 @@ A typical configuration might look like this:
 [source,java,role="primary"]
 ----
 @Bean
-AccessDecisionVoter hierarchyVoter() {
+static RoleHierarchy roleHierarchy() {
     RoleHierarchy hierarchy = new RoleHierarchyImpl();
     hierarchy.setHierarchy("ROLE_ADMIN > ROLE_STAFF\n" +
             "ROLE_STAFF > ROLE_USER\n" +
             "ROLE_USER > ROLE_GUEST");
-    return new RoleHierarchyVoter(hierarchy);
+}
+
+// and, if using method security also add
+@Bean
+static MethodSecurityExpressionHandler methodSecurityExpressionHandler(RoleHierarchy roleHierarchy) {
+	DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
+	expressionHandler.setRoleHierarchy(roleHierarchy);
+	return expressionHandler;
 }
 ----
 
 .Xml
 [source,java,role="secondary"]
 ----
-
-<bean id="roleVoter" class="org.springframework.security.access.vote.RoleHierarchyVoter">
-	<constructor-arg ref="roleHierarchy" />
-</bean>
 <bean id="roleHierarchy"
 		class="org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl">
 	<property name="hierarchy">
@@ -222,6 +225,12 @@ AccessDecisionVoter hierarchyVoter() {
 		</value>
 	</property>
 </bean>
+
+<!-- and, if using method security also add -->
+<bean id="methodSecurityExpressionHandler"
+        class="org.springframework.security.access.expression.method.MethodSecurityExpressionHandler">
+    <property ref="roleHierarchy"/>
+</bean>
 ----
 ====
 
