Thursday, January 22, 2015

Quickly get an audit of your Spring Security mappings

Today I had a junior developer come to me in a panic. He needed to provide a full report of all the security roles required for every endpoint in our services, to verify against requirements. His (valiant) attempts to grep the codebase were producing unreadable results, and we had an unexpected deadline of "now!"

Luckily, I knew that all of our request mappings are configured via annotations, and all the roles were also defined by annotations directly on the request mapping. So I added a random classpath scanning library I found, ( to the classpath of each service in IntelliJ, and fired up a Groovy console using the service's classpath. The following gist shows what I came up with:

Obviously, you'll need to update this if you do any configuration in XML, have Security annotations further down the stack, or use RequestMapping annotations at the class level. But the point is, the Groovy console in IntelliJ is your friend for quick one-off projects.


  1. Recently, I have commenced a blog the info you give on this site has encouraged and benefited me hugely. Thanks for all of your time & work. IT Security Toronto

  2. I have been following your post for a long time. I always found it very interesting and valuable. keep posting it is really helpful.

    cloud computing course in delhi

    cloud computing course in Noida

    cloud computing course in Gurgaon

  3. The article looks magnificent, but it would be beneficial if you can share more about the suchlike subjects in the future. Keep posting. Melbourne Integriti