From d7077b441ad701c7624dd217df58c937c4dbd4d0 Mon Sep 17 00:00:00 2001
From: Josh Cummings <josh.cummings@gmail.com>
Date: Fri, 27 May 2022 14:51:45 -0600
Subject: [PATCH] Correct access(String) reference

Closes gh-11280
---
 .../servlet/authorization/authorize-http-requests.adoc      | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc b/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc
index 0b02433caf..16c76a068d 100644
--- a/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc
+++ b/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc
@@ -69,7 +69,11 @@ SecurityFilterChain web(HttpSecurity http) throws Exception {
 		.authorizeHttpRequests(authorize -> authorize                                  // <1>
 			.mvcMatchers("/resources/**", "/signup", "/about").permitAll()         // <2>
 			.mvcMatchers("/admin/**").hasRole("ADMIN")                             // <3>
-			.mvcMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')")   // <4>
+			.mvcMatchers("/db/**").access((authentication, request) ->
+			    Optional.of(hasRole("ADMIN").check(authentication, request))
+			        .filter((decision) -> !decision.isGranted())
+			        .orElseGet(() -> hasRole("DBA").check(authentication, request));
+			)   // <4>
 			.anyRequest().denyAll()                                                // <5>
 		);