Thursday, January 22, 2015

Quickly get an audit of your Spring Security mappings

Today I had a junior developer come to me in a panic. He needed to provide a full report of all the security roles required for every endpoint in our services, to verify against requirements. His (valiant) attempts to grep the codebase were producing unreadable results, and we had an unexpected deadline of "now!"

Luckily, I knew that all of our request mappings are configured via annotations, and all the roles were also defined by annotations directly on the request mapping. So I added a random classpath scanning library I found, (https://sites.google.com/site/javacornproject/corn-cps) to the classpath of each service in IntelliJ, and fired up a Groovy console using the service's classpath. The following gist shows what I came up with:

Obviously, you'll need to update this if you do any configuration in XML, have Security annotations further down the stack, or use RequestMapping annotations at the class level. But the point is, the Groovy console in IntelliJ is your friend for quick one-off projects.
Posted by at

7 comments:

  1. Aruna RamMarch 4, 2019 at 2:57 AM

    Hi! I was much time to spend your post, it is very impressed to me. so I am regularly following your post. I would like more ideas from your blog...
    Primavera Training in Chennai
    Primavera Course in Chennai
    Corporate Training in Chennai
    Embedded System Course Chennai
    Oracle Training in Chennai
    Tableau Training in Chennai
    Spark Training in Chennai
    Excel Training in Chennai
    Power BI Training in Chennai

    ReplyDelete
  2. Susan LittleMay 30, 2019 at 4:16 AM

    Recently, I have commenced a blog the info you give on this site has encouraged and benefited me hugely. Thanks for all of your time & work. IT Security Toronto

    ReplyDelete
  3. high technologies solutionsJune 15, 2019 at 4:19 AM

    I have been following your post for a long time. I always found it very interesting and valuable. keep posting it is really helpful.

    cloud computing course in delhi

    cloud computing course in Noida

    cloud computing course in Gurgaon

    ReplyDelete
  4. Richard H. BlackJuly 31, 2019 at 3:56 AM

    The article looks magnificent, but it would be beneficial if you can share more about the suchlike subjects in the future. Keep posting. Melbourne Integriti

    ReplyDelete
  5. UnknownAugust 2, 2021 at 10:54 PM

    takipçi satın al
    instagram takipçi satın al
    https://www.takipcikenti.com

    ReplyDelete
  6. UnknownMay 2, 2022 at 5:58 AM

    MMORPG OYUNLAR
    ınstagram takipci satin al
    Tiktok Jeton Hilesi
    Tiktok Jeton Hilesi
    antalya saç ekimi
    Referans Kimliği Nedir
    İnstagram Takipçi Satın Al
    metin2 pvp serverlar
    instagram takipçi satın al

    ReplyDelete
  7. UnknownJune 1, 2022 at 12:17 AM

    smm panel
    Smm Panel
    iş ilanları
    instagram takipçi satın al
    hirdavatciburada.com
    beyazesyateknikservisi.com.tr
    servis
    Jeton hile indir

    ReplyDelete

Subscribe to: Post Comments (Atom)