Spring Security SEC-3022: GlobalMethodSecurityConfiguration should autowired RoleHierarchy as it does for PermissionEvaluator

Adrien SAUVEZ (Migrated from SEC-3022) said:

In GlobalMethodSecurityConfiguration.setPermissionEvaluator(), the config seeks a PermissionEvaluator from the context and inject it in defaultMethodExpressionHandler.

The defaultMethodExpressionHandler has also a setRoleHierarchy() method. We could expect the same behavior for the roleHierarchy: Seeking a RoleHierarchy and injecting it in defaultMethodExpressionHandler.

    @Autowired(required = false)
    public void setRoleHierarchy(
            List<RoleHierarchy> roleHierarchies) {
        if (roleHierarchies.size() != 1) {
            logger.debug("Not autwiring RoleHierarchy since size != 1. Got "
                    + roleHierarchies);
            return;
        }
        this.defaultMethodExpressionHandler.setRoleHierarchy(roleHierarchies
                .get(0));
    }

Comment From: spring-projects-issues

Adrien SAUVEZ said:

The behaviour for GlobalMethodSecurityConfiguration.setPermissionEvaluator() was created here: SEC-2305

Comment From: eleftherias

This behavior was added as part of gh-4020