From 927949c17cc28ce8405b4c2283f9a4e6df9e22d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ivan=20Vrbov=C4=8Dan?= Date: Wed, 4 Oct 2023 12:40:22 +0200 Subject: [PATCH] Defining endpoint security through JDL This commit introduces a role-based security feature for the backend, allowing users to define security configurations using JDL clauses. Security can now be specified directly within JDL for various entities, where different roles with specified permissions are mapped to the corresponding Java entity resource files. This mapping auto-generates the requisite `@Secured({})` annotations on the endpoints, ensuring the right level of access control based on roles. Examples of the JDL security clauses include: ``` secure entity1, entity2, entity3 with roles { ROLE_ADMIN allows (get, post, put, delete) ROLE_USER allows (get) } ``` and ``` secure all except entity3 with roles { ROLE_ADMIN allows (get, post, put, delete) ROLE_USER allows (get) } ``` which would translate to `@Secured({ "ROLE_ADMIN" })` annotations in the generated Java code for specified endpoints. Additionally, the integration tests have been updated to consider these role-based security configurations. Moreover, the groundwork for supporting other security types has been laid down through the inclusion of grammar and parser definitions. These additional security types encompass privilege security, organizational security, parent based security, and relation based security, although the code generators for these types are not included in this commit. Resolves #19201 --- .../samples/jdl-entities/app-roles-security.jdl | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/test-integration/samples/jdl-entities/app-roles-security.jdl b/test-integration/samples/jdl-entities/app-roles-security.jdl index 3063a014cf3b..0836a3901d3e 100644 --- a/test-integration/samples/jdl-entities/app-roles-security.jdl +++ b/test-integration/samples/jdl-entities/app-roles-security.jdl @@ -184,12 +184,8 @@ paginate Operation, JobHistory, Employee with infinite-scroll service TheLabel, Employee, Department, Region with serviceClass service BankAccount, Location, Country with serviceImpl -secure all except Country, Region with roles { +secure all with roles { ROLE_ADMIN allows (get, put, post, delete) ROLE_USER allows (get, put, post, delete) } -secure Country,Region with roles { - ROLE_ADMIN allows (get, put, post, delete) - ROLE_USER allows () -}