JPA Refactoring (2) (#2108)

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2024-12-02 11:52:30 +02:00
committed by GitHub
parent 2a95adc562
commit 794f26bea2
41 changed files with 691 additions and 483 deletions

View File

@@ -29,12 +29,6 @@ import org.springframework.security.access.prepost.PreAuthorize;
*/
public interface SystemManagement {
/**
* Checks if a specific tenant exists. The tenant will not be created lazy.
*
* @return {@code true} in case the tenant exits or {@code false} if not
*/
String currentTenant();
/**
* Deletes all data related to a given tenant.
@@ -113,13 +107,9 @@ public interface SystemManagement {
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
TenantMetaData updateTenantMetadata(long defaultDsType);
/**
* Returns {@link TenantMetaData} of given tenant ID.
*
* @param tenantId to retrieve data for
* @return {@link TenantMetaData} of given tenant
*/
@PreAuthorize(SpringEvalExpressions.IS_SYSTEM_CODE)
TenantMetaData getTenantMetadata(long tenantId);
@PreAuthorize(SpringEvalExpressions.IS_SYSTEM_CODE)
boolean tenantExists(String tenant);
}

View File

@@ -30,12 +30,9 @@ import org.springframework.security.access.prepost.PreAuthorize;
@Story("Security Test")
public class RepositoryManagementMethodPreAuthorizeAnnotatedTest {
// if some methods are to be excluded
private static final Set<Method> METHOD_SECURITY_EXCLUSION = new HashSet<>();
static {
METHOD_SECURITY_EXCLUSION.add(getMethod(SystemManagement.class, "currentTenant"));
}
@Test
@Description("Verifies that repository methods are @PreAuthorize annotated")
public void repositoryManagementMethodsArePreAuthorizedAnnotated() {
@@ -74,16 +71,10 @@ public class RepositoryManagementMethodPreAuthorizeAnnotatedTest {
continue;
}
final PreAuthorize annotation = method.getAnnotation(PreAuthorize.class);
assertThat(annotation).as("The public method " + method.getName() + " in class " + clazz.getName()
+ " is not annotated with @PreAuthorize, security leak?").isNotNull();
assertThat(annotation)
.as("The public method " + method.getName() + " in class " + clazz.getName() +
" is not annotated with @PreAuthorize, security leak?")
.isNotNull();
}
}
private static Method getMethod(final Class<?> clazz, final String methodName, final Class<?>... parameterTypes) {
try {
return clazz.getMethod(methodName, parameterTypes);
} catch (NoSuchMethodException | SecurityException e) {
throw new RuntimeException(e.getMessage(), e);
}
}
}
}