Remove RoleHierarchyImpl Deprecations

ngocnhan-tran1996 · jzheaux · commit e52987d03c0c · 2025-07-07T13:22:22.000-06:00
Closes gh-17297 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -542,9 +542,7 @@ MethodSecurityService service() {
 
 		@Bean
 		RoleHierarchy roleHierarchy() {
-			RoleHierarchyImpl result = new RoleHierarchyImpl();
-			result.setHierarchy("ROLE_USER > ROLE_ADMIN");
-			return result;
+			return RoleHierarchyImpl.fromHierarchy("ROLE_USER > ROLE_ADMIN");
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostMethodSecurityConfigurationTests.java
@@ -1566,9 +1566,7 @@ static class RoleHierarchyConfig {
 
 		@Bean
 		static RoleHierarchy roleHierarchy() {
-			RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
-			roleHierarchyImpl.setHierarchy("ROLE_ADMIN > ROLE_USER");
-			return roleHierarchyImpl;
+			return RoleHierarchyImpl.fromHierarchy("ROLE_ADMIN > ROLE_USER");
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
@@ -571,9 +571,7 @@ static class WebSecurityExpressionHandlerRoleHierarchyBeanConfig {
 
 		@Bean
 		RoleHierarchy roleHierarchy() {
-			RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl();
-			roleHierarchy.setHierarchy("ROLE_ADMIN > ROLE_USER");
-			return roleHierarchy;
+			return RoleHierarchyImpl.fromHierarchy("ROLE_ADMIN > ROLE_USER");
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java
@@ -970,9 +970,7 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
 		@Bean
 		RoleHierarchy roleHierarchy() {
-			RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl();
-			roleHierarchy.setHierarchy("ROLE_ADMIN > ROLE_USER");
-			return roleHierarchy;
+			return RoleHierarchyImpl.fromHierarchy("ROLE_ADMIN > ROLE_USER");
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -311,9 +311,7 @@ UserDetailsService userDetailsService() {
 
 		@Bean
 		RoleHierarchy roleHiearchy() {
-			RoleHierarchyImpl result = new RoleHierarchyImpl();
-			result.setHierarchy("ROLE_USER > ROLE_ADMIN");
-			return result;
+			return RoleHierarchyImpl.fromHierarchy("ROLE_USER > ROLE_ADMIN");
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -1193,9 +1193,7 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
 		@Bean
 		RoleHierarchy roleHierarchy() {
-			RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl();
-			roleHierarchy.setHierarchy("ROLE_USER > ROLE_MEMBER");
-			return roleHierarchy;
+			return RoleHierarchyImpl.fromHierarchy("ROLE_USER > ROLE_MEMBER");
 		}
 
 	}
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -78,7 +78,7 @@
  * @author Michael Mayr
  * @author Josh Cummings
  */
-public class RoleHierarchyImpl implements RoleHierarchy {
+public final class RoleHierarchyImpl implements RoleHierarchy {
 
 	private static final Log logger = LogFactory.getLog(RoleHierarchyImpl.class);
 
@@ -88,14 +88,6 @@ public class RoleHierarchyImpl implements RoleHierarchy {
 	 */
 	private Map<String, Set<GrantedAuthority>> rolesReachableInOneOrMoreStepsMap = null;
 
-	/**
-	 * @deprecated Use {@link RoleHierarchyImpl#fromHierarchy} instead
-	 */
-	@Deprecated
-	public RoleHierarchyImpl() {
-
-	}
-
 	private RoleHierarchyImpl(Map<String, Set<GrantedAuthority>> hierarchy) {
 		this.rolesReachableInOneOrMoreStepsMap = buildRolesReachableInOneOrMoreStepsMap(hierarchy);
 	}
@@ -139,24 +131,6 @@ public static Builder withRolePrefix(String rolePrefix) {
 		return new Builder(rolePrefix);
 	}
 
-	/**
-	 * Set the role hierarchy and pre-calculate for every role the set of all reachable
-	 * roles, i.e. all roles lower in the hierarchy of every given role. Pre-calculation
-	 * is done for performance reasons (reachable roles can then be calculated in O(1)
-	 * time). During pre-calculation, cycles in role hierarchy are detected and will cause
-	 * a <tt>CycleInRoleHierarchyException</tt> to be thrown.
-	 * @param roleHierarchyStringRepresentation - String definition of the role hierarchy.
-	 * @deprecated Use {@link RoleHierarchyImpl#fromHierarchy} instead
-	 */
-	@Deprecated
-	public void setHierarchy(String roleHierarchyStringRepresentation) {
-		logger.debug(LogMessage.format("setHierarchy() - The following role hierarchy was set: %s",
-				roleHierarchyStringRepresentation));
-		Map<String, Set<GrantedAuthority>> hierarchy = buildRolesReachableInOneStepMap(
-				roleHierarchyStringRepresentation);
-		this.rolesReachableInOneOrMoreStepsMap = buildRolesReachableInOneOrMoreStepsMap(hierarchy);
-	}
-
 	@Override
 	public Collection<GrantedAuthority> getReachableGrantedAuthorities(
 			Collection<? extends GrantedAuthority> authorities) {
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -32,8 +32,7 @@ public class RoleHierarchyAuthoritiesMapperTests {
 
 	@Test
 	public void expectedAuthoritiesAreReturned() {
-		RoleHierarchyImpl rh = new RoleHierarchyImpl();
-		rh.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C");
+		RoleHierarchyImpl rh = RoleHierarchyImpl.fromHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C");
 		RoleHierarchyAuthoritiesMapper mapper = new RoleHierarchyAuthoritiesMapper(rh);
 		Collection<? extends GrantedAuthority> authorities = mapper
 			.mapAuthorities(AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_D"));
diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -40,8 +40,7 @@ public class RoleHierarchyImplTests {
 	public void testRoleHierarchyWithNullOrEmptyAuthorities() {
 		List<GrantedAuthority> authorities0 = null;
 		List<GrantedAuthority> authorities1 = new ArrayList<>();
-		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
-		roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B");
+		RoleHierarchyImpl roleHierarchyImpl = RoleHierarchyImpl.fromHierarchy("ROLE_A > ROLE_B");
 		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(authorities0)).isNotNull();
 		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(authorities0)).isEmpty();
 		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(authorities1)).isNotNull();
@@ -53,8 +52,7 @@ public void testSimpleRoleHierarchy() {
 		List<GrantedAuthority> authorities0 = AuthorityUtils.createAuthorityList("ROLE_0");
 		List<GrantedAuthority> authorities1 = AuthorityUtils.createAuthorityList("ROLE_A");
 		List<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B");
-		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
-		roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B");
+		RoleHierarchyImpl roleHierarchyImpl = RoleHierarchyImpl.fromHierarchy("ROLE_A > ROLE_B");
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
 				roleHierarchyImpl.getReachableGrantedAuthorities(authorities0), authorities0))
 			.isTrue();
@@ -72,12 +70,11 @@ public void testTransitiveRoleHierarchies() {
 		List<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B", "ROLE_C");
 		List<GrantedAuthority> authorities3 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B", "ROLE_C",
 				"ROLE_D");
-		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
-		roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C");
+		RoleHierarchyImpl roleHierarchyImpl = RoleHierarchyImpl.fromHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C");
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
 				roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2))
 			.isTrue();
-		roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_D");
+		roleHierarchyImpl = RoleHierarchyImpl.fromHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_D");
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
 				roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities3))
 			.isTrue();
@@ -94,8 +91,8 @@ public void testComplexRoleHierarchy() {
 		List<GrantedAuthority> authoritiesOutput3 = AuthorityUtils.createAuthorityList("ROLE_C", "ROLE_D");
 		List<GrantedAuthority> authoritiesInput4 = AuthorityUtils.createAuthorityList("ROLE_D");
 		List<GrantedAuthority> authoritiesOutput4 = AuthorityUtils.createAuthorityList("ROLE_D");
-		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
-		roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_A > ROLE_C\nROLE_C > ROLE_D\nROLE_B > ROLE_D");
+		RoleHierarchyImpl roleHierarchyImpl = RoleHierarchyImpl
+			.fromHierarchy("ROLE_A > ROLE_B\nROLE_A > ROLE_C\nROLE_C > ROLE_D\nROLE_B > ROLE_D");
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
 				roleHierarchyImpl.getReachableGrantedAuthorities(authoritiesInput1), authoritiesOutput1))
 			.isTrue();
@@ -112,24 +109,22 @@ public void testComplexRoleHierarchy() {
 
 	@Test
 	public void testCyclesInRoleHierarchy() {
-		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
 		assertThatExceptionOfType(CycleInRoleHierarchyException.class)
-			.isThrownBy(() -> roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_A"));
+			.isThrownBy(() -> RoleHierarchyImpl.fromHierarchy("ROLE_A > ROLE_A"));
 		assertThatExceptionOfType(CycleInRoleHierarchyException.class)
-			.isThrownBy(() -> roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_A"));
+			.isThrownBy(() -> RoleHierarchyImpl.fromHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_A"));
 		assertThatExceptionOfType(CycleInRoleHierarchyException.class)
-			.isThrownBy(() -> roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_A"));
-		assertThatExceptionOfType(CycleInRoleHierarchyException.class).isThrownBy(() -> roleHierarchyImpl
-			.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_E\nROLE_E > ROLE_D\nROLE_D > ROLE_B"));
+			.isThrownBy(() -> RoleHierarchyImpl.fromHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_A"));
+		assertThatExceptionOfType(CycleInRoleHierarchyException.class).isThrownBy(() -> RoleHierarchyImpl
+			.fromHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_E\nROLE_E > ROLE_D\nROLE_D > ROLE_B"));
 		assertThatExceptionOfType(CycleInRoleHierarchyException.class)
-			.isThrownBy(() -> roleHierarchyImpl.setHierarchy("ROLE_C > ROLE_B\nROLE_B > ROLE_A\nROLE_A > ROLE_B"));
+			.isThrownBy(() -> RoleHierarchyImpl.fromHierarchy("ROLE_C > ROLE_B\nROLE_B > ROLE_A\nROLE_A > ROLE_B"));
 	}
 
 	@Test
 	public void testNoCyclesInRoleHierarchy() {
-		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
-		assertThatNoException().isThrownBy(() -> roleHierarchyImpl
-			.setHierarchy("ROLE_A > ROLE_B\nROLE_A > ROLE_C\nROLE_C > ROLE_D\nROLE_B > ROLE_D"));
+		assertThatNoException().isThrownBy(() -> RoleHierarchyImpl
+			.fromHierarchy("ROLE_A > ROLE_B\nROLE_A > ROLE_C\nROLE_C > ROLE_D\nROLE_B > ROLE_D"));
 	}
 
 	// SEC-863
@@ -138,8 +133,7 @@ public void testSimpleRoleHierarchyWithCustomGrantedAuthorityImplementation() {
 		List<GrantedAuthority> authorities0 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_0");
 		List<GrantedAuthority> authorities1 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_A");
 		List<GrantedAuthority> authorities2 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_A", "ROLE_B");
-		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
-		roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B");
+		RoleHierarchyImpl roleHierarchyImpl = RoleHierarchyImpl.fromHierarchy("ROLE_A > ROLE_B");
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthoritiesCompareByAuthorityString(
 				roleHierarchyImpl.getReachableGrantedAuthorities(authorities0), authorities0))
 			.isTrue();
@@ -157,12 +151,11 @@ public void testWhitespaceRoleHierarchies() {
 		List<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList("ROLE A", "ROLE B", "ROLE>C");
 		List<GrantedAuthority> authorities3 = AuthorityUtils.createAuthorityList("ROLE A", "ROLE B", "ROLE>C",
 				"ROLE D");
-		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
-		roleHierarchyImpl.setHierarchy("ROLE A > ROLE B\nROLE B > ROLE>C");
+		RoleHierarchyImpl roleHierarchyImpl = RoleHierarchyImpl.fromHierarchy("ROLE A > ROLE B\nROLE B > ROLE>C");
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
 				roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2))
 			.isTrue();
-		roleHierarchyImpl.setHierarchy("ROLE A > ROLE B\nROLE B > ROLE>C\nROLE>C > ROLE D");
+		roleHierarchyImpl = RoleHierarchyImpl.fromHierarchy("ROLE A > ROLE B\nROLE B > ROLE>C\nROLE>C > ROLE D");
 		assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(
 				roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities3))
 			.isTrue();
@@ -174,8 +167,7 @@ public void testJavadoc() {
 		List<GrantedAuthority> flatAuthorities = AuthorityUtils.createAuthorityList("ROLE_A");
 		List<GrantedAuthority> allAuthorities = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B",
 				"ROLE_AUTHENTICATED", "ROLE_UNAUTHENTICATED");
-		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
-		roleHierarchyImpl.setHierarchy(
+		RoleHierarchyImpl roleHierarchyImpl = RoleHierarchyImpl.fromHierarchy(
 				"ROLE_A > ROLE_B\n" + "ROLE_B > ROLE_AUTHENTICATED\n" + "ROLE_AUTHENTICATED > ROLE_UNAUTHENTICATED");
 		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(flatAuthorities))
 			.containsExactlyInAnyOrderElementsOf(allAuthorities);
@@ -187,9 +179,8 @@ public void testInterfaceJavadoc() {
 		List<GrantedAuthority> flatAuthorities = AuthorityUtils.createAuthorityList("ROLE_HIGHEST");
 		List<GrantedAuthority> allAuthorities = AuthorityUtils.createAuthorityList("ROLE_HIGHEST", "ROLE_HIGHER",
 				"ROLE_LOW", "ROLE_LOWER");
-		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
-		roleHierarchyImpl
-			.setHierarchy("ROLE_HIGHEST > ROLE_HIGHER\n" + "ROLE_HIGHER > ROLE_LOW\n" + "ROLE_LOW > ROLE_LOWER");
+		RoleHierarchyImpl roleHierarchyImpl = RoleHierarchyImpl
+			.fromHierarchy("ROLE_HIGHEST > ROLE_HIGHER\n" + "ROLE_HIGHER > ROLE_LOW\n" + "ROLE_LOW > ROLE_LOWER");
 		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(flatAuthorities))
 			.containsExactlyInAnyOrderElementsOf(allAuthorities);
 	}
@@ -200,8 +191,8 @@ public void singleLineLargeHierarchy() {
 		List<GrantedAuthority> flatAuthorities = AuthorityUtils.createAuthorityList("ROLE_HIGHEST");
 		List<GrantedAuthority> allAuthorities = AuthorityUtils.createAuthorityList("ROLE_HIGHEST", "ROLE_HIGHER",
 				"ROLE_LOW", "ROLE_LOWER");
-		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
-		roleHierarchyImpl.setHierarchy("ROLE_HIGHEST > ROLE_HIGHER > ROLE_LOW > ROLE_LOWER");
+		RoleHierarchyImpl roleHierarchyImpl = RoleHierarchyImpl
+			.fromHierarchy("ROLE_HIGHEST > ROLE_HIGHER > ROLE_LOW > ROLE_LOWER");
 		assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(flatAuthorities))
 			.containsExactlyInAnyOrderElementsOf(allAuthorities);
 	}
diff --git a/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,8 +29,7 @@ public class RoleHierarchyVoterTests {
 
 	@Test
 	public void hierarchicalRoleIsIncludedInDecision() {
-		RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
-		roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B");
+		RoleHierarchyImpl roleHierarchyImpl = RoleHierarchyImpl.fromHierarchy("ROLE_A > ROLE_B");
 		// User has role A, role B is required
 		TestingAuthenticationToken auth = new TestingAuthenticationToken("user", "password", "ROLE_A");
 		RoleHierarchyVoter voter = new RoleHierarchyVoter(roleHierarchyImpl);
diff --git a/core/src/test/java/org/springframework/security/authorization/AuthoritiesAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthoritiesAuthorizationManagerTests.java
@@ -48,7 +48,7 @@ void setRoleHierarchyWhenNullThenIllegalArgumentException() {
 	@Test
 	void setRoleHierarchyWhenNotNullThenVerifyRoleHierarchy() {
 		AuthoritiesAuthorizationManager manager = new AuthoritiesAuthorizationManager();
-		RoleHierarchy roleHierarchy = new RoleHierarchyImpl();
+		RoleHierarchy roleHierarchy = RoleHierarchyImpl.withDefaultRolePrefix().build();
 		manager.setRoleHierarchy(roleHierarchy);
 		assertThat(manager).extracting("roleHierarchy").isEqualTo(roleHierarchy);
 	}
@@ -76,8 +76,7 @@ void checkWhenUserHasNotAnyAuthorityThenDeniedDecision() {
 	@Test
 	void checkWhenRoleHierarchySetThenGreaterRoleTakesPrecedence() {
 		AuthoritiesAuthorizationManager manager = new AuthoritiesAuthorizationManager();
-		RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl();
-		roleHierarchy.setHierarchy("ROLE_ADMIN > ROLE_USER");
+		RoleHierarchyImpl roleHierarchy = RoleHierarchyImpl.fromHierarchy("ROLE_ADMIN > ROLE_USER");
 		manager.setRoleHierarchy(roleHierarchy);
 		Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password",
 				"ROLE_ADMIN");
diff --git a/core/src/test/java/org/springframework/security/authorization/AuthorityAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthorityAuthorizationManagerTests.java
@@ -243,7 +243,7 @@ public void setRoleHierarchyWhenNullThenIllegalArgumentException() {
 	@Test
 	public void setRoleHierarchyWhenNotNullThenVerifyRoleHierarchy() {
 		AuthorityAuthorizationManager<Object> manager = AuthorityAuthorizationManager.hasRole("USER");
-		RoleHierarchy roleHierarchy = new RoleHierarchyImpl();
+		RoleHierarchy roleHierarchy = RoleHierarchyImpl.withDefaultRolePrefix().build();
 		manager.setRoleHierarchy(roleHierarchy);
 		assertThat(manager).extracting("delegate").extracting("roleHierarchy").isEqualTo(roleHierarchy);
 	}
@@ -257,8 +257,7 @@ public void getRoleHierarchyWhenNotSetThenDefaultsToNullRoleHierarchy() {
 	@Test
 	public void hasRoleWhenRoleHierarchySetThenGreaterRoleTakesPrecedence() {
 		AuthorityAuthorizationManager<Object> manager = AuthorityAuthorizationManager.hasRole("USER");
-		RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl();
-		roleHierarchy.setHierarchy("ROLE_ADMIN > ROLE_USER");
+		RoleHierarchyImpl roleHierarchy = RoleHierarchyImpl.fromHierarchy("ROLE_ADMIN > ROLE_USER");
 		manager.setRoleHierarchy(roleHierarchy);
 		Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password",
 				"ROLE_ADMIN");
diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -96,8 +96,7 @@ public void trustResolverCustom() {
 	@Test
 	public void roleHierarchy() {
 		this.authentication = new TestingAuthenticationToken("admin", "pass", "ROLE_ADMIN");
-		RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl();
-		roleHierarchy.setHierarchy("ROLE_ADMIN > ROLE_USER");
+		RoleHierarchyImpl roleHierarchy = RoleHierarchyImpl.fromHierarchy("ROLE_ADMIN > ROLE_USER");
 		this.handler.setRoleHierarchy(roleHierarchy);
 		EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.message);
 		Expression expression = this.handler.getExpressionParser().parseExpression("hasRole('ROLE_USER')");

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/*`
`2`		`- * Copyright 2002-2022 the original author or authors.`
	`2`	`+ * Copyright 2002-2025 the original author or authors.`
`3`	`3`	`*`
`4`	`4`	`* Licensed under the Apache License, Version 2.0 (the "License");`
`5`	`5`	`* you may not use this file except in compliance with the License.`
`@@ -542,9 +542,7 @@ MethodSecurityService service() {`
`542`	`542`
`543`	`543`	`@Bean`
`544`	`544`	`RoleHierarchy roleHierarchy() {`
`545`		`- RoleHierarchyImpl result = new RoleHierarchyImpl();`
`546`		`- result.setHierarchy("ROLE_USER > ROLE_ADMIN");`
`547`		`- return result;`
	`545`	`+ return RoleHierarchyImpl.fromHierarchy("ROLE_USER > ROLE_ADMIN");`
`548`	`546`	`}`
`549`	`547`
`550`	`548`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1566,9 +1566,7 @@ static class RoleHierarchyConfig {`
`1566`	`1566`
`1567`	`1567`	`@Bean`
`1568`	`1568`	`static RoleHierarchy roleHierarchy() {`
`1569`		`- RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();`
`1570`		`- roleHierarchyImpl.setHierarchy("ROLE_ADMIN > ROLE_USER");`
`1571`		`- return roleHierarchyImpl;`
	`1569`	`+ return RoleHierarchyImpl.fromHierarchy("ROLE_ADMIN > ROLE_USER");`
`1572`	`1570`	`}`
`1573`	`1571`
`1574`	`1572`	`}`
Original file line number	Diff line number	Diff line change
`@@ -571,9 +571,7 @@ static class WebSecurityExpressionHandlerRoleHierarchyBeanConfig {`
`571`	`571`
`572`	`572`	`@Bean`
`573`	`573`	`RoleHierarchy roleHierarchy() {`
`574`		`- RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl();`
`575`		`- roleHierarchy.setHierarchy("ROLE_ADMIN > ROLE_USER");`
`576`		`- return roleHierarchy;`
	`574`	`+ return RoleHierarchyImpl.fromHierarchy("ROLE_ADMIN > ROLE_USER");`
`577`	`575`	`}`
`578`	`576`
`579`	`577`	`}`
Original file line number	Diff line number	Diff line change
`@@ -970,9 +970,7 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {`
`970`	`970`
`971`	`971`	`@Bean`
`972`	`972`	`RoleHierarchy roleHierarchy() {`
`973`		`- RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl();`
`974`		`- roleHierarchy.setHierarchy("ROLE_ADMIN > ROLE_USER");`
`975`		`- return roleHierarchy;`
	`973`	`+ return RoleHierarchyImpl.fromHierarchy("ROLE_ADMIN > ROLE_USER");`
`976`	`974`	`}`
`977`	`975`
`978`	`976`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/*`
`2`		`- * Copyright 2002-2024 the original author or authors.`
	`2`	`+ * Copyright 2002-2025 the original author or authors.`
`3`	`3`	`*`
`4`	`4`	`* Licensed under the Apache License, Version 2.0 (the "License");`
`5`	`5`	`* you may not use this file except in compliance with the License.`
`@@ -311,9 +311,7 @@ UserDetailsService userDetailsService() {`
`311`	`311`
`312`	`312`	`@Bean`
`313`	`313`	`RoleHierarchy roleHiearchy() {`
`314`		`- RoleHierarchyImpl result = new RoleHierarchyImpl();`
`315`		`- result.setHierarchy("ROLE_USER > ROLE_ADMIN");`
`316`		`- return result;`
	`314`	`+ return RoleHierarchyImpl.fromHierarchy("ROLE_USER > ROLE_ADMIN");`
`317`	`315`	`}`
`318`	`316`
`319`	`317`	`}`