| java.lang.Object | |
| ↳ | org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl |
Class Overview
This class defines a role hierarchy for use with the UserDetailsServiceWrapper.
Here is an example configuration of a role hierarchy (hint: read the ">" sign as "includes"):
<property name="hierarchy">
<value>
ROLE_A > ROLE_B
ROLE_B > ROLE_AUTHENTICATED
ROLE_AUTHENTICATED > ROLE_UNAUTHENTICATED
</value>
</property>
Explanation of the above:
In effect every user with ROLE_A also has ROLE_B, ROLE_AUTHENTICATED and ROLE_UNAUTHENTICATED;
every user with ROLE_B also has ROLE_AUTHENTICATED and ROLE_UNAUTHENTICATED;
every user with ROLE_AUTHENTICATED also has ROLE_UNAUTHENTICATED.
Hierarchical Roles will dramatically shorten your access rules (and also make the access rules much more elegant).
Consider this access rule for Spring Security's RoleVoter (background: every user that is authenticated should be
able to log out):
/logout.html=ROLE_A,ROLE_B,ROLE_AUTHENTICATED
With hierarchical roles this can now be shortened to:
/logout.html=ROLE_AUTHENTICATED
In addition to shorter rules this will also make your access rules more readable and your intentions clearer.
Summary
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Returns an array of all reachable authorities.
| |||||||||||
Set the role hierarchy and pre-calculate for every role the set of all reachable roles, i.e.
| |||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
|
From interface
org.springframework.security.access.hierarchicalroles.RoleHierarchy
| |||||||||||
Public Constructors
public RoleHierarchyImpl ()
Public Methods
public Collection<GrantedAuthority> getReachableGrantedAuthorities (Collection<? extends GrantedAuthority> authorities)
Returns an array of all reachable authorities.
Reachable authorities are the directly assigned authorities plus all authorities that are (transitively) reachable from them in the role hierarchy.
Example:
Role hierarchy: ROLE_A > ROLE_B and ROLE_B > ROLE_C.
Directly assigned authority: ROLE_A.
Reachable authorities: ROLE_A, ROLE_B, ROLE_C.
Parameters
| authorities | - List of the directly assigned authorities. |
|---|
Returns
- List of all reachable authorities given the assigned authorities.
public void setHierarchy (String roleHierarchyStringRepresentation)
Set the role hierarchy and pre-calculate for every role the set of all reachable roles, i.e. all roles lower in the hierarchy of every given role. Pre-calculation is done for performance reasons (reachable roles can then be calculated in O(1) time). During pre-calculation, cycles in role hierarchy are detected and will cause a CycleInRoleHierarchyException to be thrown.
Parameters
| roleHierarchyStringRepresentation | - String definition of the role hierarchy. |
|---|