Dynamic Role Hierarchy in Spring Security

Question

I can't believe all I find to define role hierarchies is some strange .xml notation of ">" assignments. There has to be a way to create a RoleHierarchy object from a database defined role hierarchy.. ?!

I'm thinking of a table that has the columns:

• role_id
• child_role_id

defining a many-to-many relationship between Role and Role saying: which role has which children? I think I'd prefer children over parents as that's the way the hierarchy is set up in those .xml files: ADMIN > USER, USER > VISITOR.

(This by the way makes me wonder if the standard implementation also supports things like ADMIN > USER, VISITOR meaning USER and VISITOR are "on the same level".)

Now if I want to call

roleHierarchy.getReachableGrantedAuthorities(authentication.getAuthorities()));

I need a RoleHierarchy Implementation object. spring-security provides one but the setter accepts only this weird string representation. I don't really want to transform my database results into a string representation but rather work with some kind of tree structure.

So the only way seems to be extending the Implementation and writing my own setter to work with my database result set to build the rolesReachableInOneStepMap and rolesReachableInOneOrMoreStepMap.

Or does anyone know of a different solution?

Thanks for any pointers or confirmation!