JPA Refactoring (2) (#2108)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -29,12 +29,6 @@ import org.springframework.security.access.prepost.PreAuthorize;
|
||||
*/
|
||||
public interface SystemManagement {
|
||||
|
||||
/**
|
||||
* Checks if a specific tenant exists. The tenant will not be created lazy.
|
||||
*
|
||||
* @return {@code true} in case the tenant exits or {@code false} if not
|
||||
*/
|
||||
String currentTenant();
|
||||
|
||||
/**
|
||||
* Deletes all data related to a given tenant.
|
||||
@@ -113,13 +107,9 @@ public interface SystemManagement {
|
||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
|
||||
TenantMetaData updateTenantMetadata(long defaultDsType);
|
||||
|
||||
/**
|
||||
* Returns {@link TenantMetaData} of given tenant ID.
|
||||
*
|
||||
* @param tenantId to retrieve data for
|
||||
* @return {@link TenantMetaData} of given tenant
|
||||
*/
|
||||
@PreAuthorize(SpringEvalExpressions.IS_SYSTEM_CODE)
|
||||
TenantMetaData getTenantMetadata(long tenantId);
|
||||
|
||||
@PreAuthorize(SpringEvalExpressions.IS_SYSTEM_CODE)
|
||||
boolean tenantExists(String tenant);
|
||||
}
|
||||
|
||||
@@ -30,12 +30,9 @@ import org.springframework.security.access.prepost.PreAuthorize;
|
||||
@Story("Security Test")
|
||||
public class RepositoryManagementMethodPreAuthorizeAnnotatedTest {
|
||||
|
||||
// if some methods are to be excluded
|
||||
private static final Set<Method> METHOD_SECURITY_EXCLUSION = new HashSet<>();
|
||||
|
||||
static {
|
||||
METHOD_SECURITY_EXCLUSION.add(getMethod(SystemManagement.class, "currentTenant"));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Verifies that repository methods are @PreAuthorize annotated")
|
||||
public void repositoryManagementMethodsArePreAuthorizedAnnotated() {
|
||||
@@ -74,16 +71,10 @@ public class RepositoryManagementMethodPreAuthorizeAnnotatedTest {
|
||||
continue;
|
||||
}
|
||||
final PreAuthorize annotation = method.getAnnotation(PreAuthorize.class);
|
||||
assertThat(annotation).as("The public method " + method.getName() + " in class " + clazz.getName()
|
||||
+ " is not annotated with @PreAuthorize, security leak?").isNotNull();
|
||||
assertThat(annotation)
|
||||
.as("The public method " + method.getName() + " in class " + clazz.getName() +
|
||||
" is not annotated with @PreAuthorize, security leak?")
|
||||
.isNotNull();
|
||||
}
|
||||
}
|
||||
|
||||
private static Method getMethod(final Class<?> clazz, final String methodName, final Class<?>... parameterTypes) {
|
||||
try {
|
||||
return clazz.getMethod(methodName, parameterTypes);
|
||||
} catch (NoSuchMethodException | SecurityException e) {
|
||||
throw new RuntimeException(e.getMessage(), e);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user