Add JWT authentication module and static analysis integration #3
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -3,9 +3,12 @@ spring-boot = "4.0.0" | |
|
|
||
| [libraries] | ||
| spring-boot-bom = { module = "org.springframework.boot:spring-boot-dependencies", version.ref = "spring-boot" } | ||
| error-prone-core = { module = "com.google.errorprone:error_prone_core", version = "2.44.0" } | ||
| nullaway = { module = "com.uber.nullaway:nullaway", version = "0.12.12" } | ||
|
Comment on lines
+6
to
+7
There was a problem hiding this comment. 🧩 Analysis chain🌐 Web query:
💡 Result: Short answer: Error Prone 2.44.0 has no explicit “Java 25” support note — its release notes do not mention JDK 25 — and Error Prone's recent releases raised the minimum runtime to JDK 21. In practice you can often run Error Prone on newer JDKs (like JDK 25) but you may need the same extra jdk.compiler exports and JVM flags used for recent JDKs (e.g. --add-exports for javac internals); if you hit problems consider upgrading to a later Error Prone (2.45+), which calls out improved compatibility with newer JDK EA builds. [1][2][3] Sources
If you want, I can: (a) show the exact --add-exports flags to try for JDK 25, or (b) check whether a specific Error Prone submodule/plug-in you use is reported working on JDK 25. 🌐 Web query:
💡 Result: Short answer: Yes — NullAway 0.12.12 is built/tested for JDK 25 and is compatible with Java 25. The project added JDK‑25 support in the 0.12.11/0.12.12 cycle and 0.12.12 fixes a performance regression from 0.12.11, so you should upgrade if you saw that issue. [1][2][3] Notes:
Sources:
🌐 Web query:
💡 Result: The latest net.ltgt.errorprone Gradle plugin release is version 4.3.0 (published June 26, 2025). Use it like: plugins { Sources: Gradle Plugin Portal [1], GitHub repo [2]. Error Prone 2.44.0 requires Java 25 compatibility checks or upgrade. NullAway 0.12.12 is confirmed compatible with Java 25 (added in the 0.12.11/0.12.12 cycle), and net-ltgt-errorprone 4.3.0 is the current latest version as of June 2025. However, error-prone-core 2.44.0 has no explicit Java 25 support documented in its release notes. While Error Prone can run on newer JDKs, Java 25 targets may require additional JVM flags (e.g.,
🤖 Prompt for AI Agents |
||
|
|
||
| [plugins] | ||
| spring-boot = { id = "org.springframework.boot", version.ref = "spring-boot" } | ||
| spring-dependency-management = { id = "io.spring.dependency-management", version = "1.1.7" } | ||
| graalvm-native = { id = "org.graalvm.buildtools.native", version = "0.11.3" } | ||
| spotless = { id = "com.diffplug.spotless", version = "8.1.0" } | ||
| net-ltgt-errorprone = { id = "net.ltgt.errorprone", version = "4.3.0" } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| plugins { | ||
| `java-library` | ||
| alias(libs.plugins.spring.dependency.management) | ||
| } | ||
|
|
||
| dependencies { | ||
| implementation(platform(libs.spring.boot.bom)) | ||
| implementation(project(":modules:common")) | ||
| implementation("org.springframework.boot:spring-boot-starter-security") | ||
| implementation("org.springframework.boot:spring-boot-starter-security-oauth2-client") | ||
| testImplementation("org.springframework.boot:spring-boot-starter-security-oauth2-client-test") | ||
| testImplementation("org.springframework.boot:spring-boot-starter-security-test") | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| package com.workastra.authentication; | ||
|
|
||
| import com.workastra.authentication.infrastructure.handler.JsonAccessDeniedHandler; | ||
| import com.workastra.authentication.infrastructure.handler.JsonAuthenticationEntryPoint; | ||
| import org.springframework.context.annotation.Bean; | ||
| import org.springframework.context.annotation.Configuration; | ||
| import tools.jackson.databind.ObjectMapper; | ||
|
|
||
| /** | ||
| * AuthenticationModuleConfig is the module-level bootstrap configuration for the authentication module. | ||
| * | ||
| * This configuration is responsible for: | ||
| * - Registering exception handlers as Spring components | ||
| * - Providing infrastructure beans needed across the module | ||
| * | ||
| * Actual security configuration is delegated to the infrastructure layer: | ||
| * - SecurityConfig: HTTP security filter chain and authorization rules | ||
| * - PasswordEncoderConfig: Password encoding and authentication beans | ||
| * - Various handlers: JSON-based exception and authentication event handling | ||
| */ | ||
| @Configuration | ||
| public class AuthenticationModuleConfig { | ||
|
|
||
| /** | ||
| * Registers the JsonAuthenticationEntryPoint as a Spring component. | ||
| * This handler processes 401 Unauthorized responses. | ||
| */ | ||
| @Bean | ||
| JsonAuthenticationEntryPoint jsonAuthenticationEntryPoint(ObjectMapper mapper) { | ||
| return new JsonAuthenticationEntryPoint(mapper); | ||
| } | ||
|
|
||
| /** | ||
| * Registers the JsonAccessDeniedHandler as a Spring component. | ||
| * This handler processes 403 Forbidden responses. | ||
| */ | ||
| @Bean | ||
| JsonAccessDeniedHandler jsonAccessDeniedHandler(ObjectMapper mapper) { | ||
| return new JsonAccessDeniedHandler(mapper); | ||
| } | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| package com.workastra.authentication.controller; | ||
|
|
||
| import com.workastra.common.api.ApiResponse; | ||
| import org.springframework.security.core.Authentication; | ||
| import org.springframework.security.web.csrf.CsrfToken; | ||
| import org.springframework.web.bind.annotation.GetMapping; | ||
| import org.springframework.web.bind.annotation.RestController; | ||
|
|
||
| @RestController | ||
| public class AuthController { | ||
|
|
||
| @GetMapping(path = "/api/v{version}/csrf", version = "1") | ||
| public ApiResponse<CsrfToken> getCsrf(CsrfToken csrfToken) { | ||
| return ApiResponse.ok(csrfToken); | ||
| } | ||
|
|
||
| @GetMapping(path = "/api/v{version}/auth/me", version = "1") | ||
| public ApiResponse<Authentication> me(Authentication authentication) { | ||
| return ApiResponse.ok(authentication); | ||
| } | ||
|
Comment on lines
+10
to
+20
There was a problem hiding this comment. 🧩 Analysis chain🏁 Script executed: #!/bin/bash
# List all Java files to understand the repository structure
git ls-files "*.java" | head -50Repository: workastra/server Length of output: 2381 🏁 Script executed: #!/bin/bash
# Read the AuthController file
cat -n modules/authentication/src/main/java/com/workastra/authentication/controller/AuthController.javaRepository: workastra/server Length of output: 971 🏁 Script executed: #!/bin/bash
# Check ApiResponse implementation
cat -n modules/common/src/main/java/com/workastra/common/api/ApiResponse.javaRepository: workastra/server Length of output: 3366 🏁 Script executed: #!/bin/bash
# Check SecurityConfig to understand path patterns
cat -n modules/authentication/src/main/java/com/workastra/authentication/infrastructure/config/SecurityConfig.javaRepository: workastra/server Length of output: 4920 🌐 Web query:
💡 Result: @GetMapping is a composed variant of @RequestMapping for HTTP GET. It supports the same mapping attributes as @RequestMapping (except you don't need to set method). Main attributes:
Notes:
Sources: Spring Framework RequestMapping javadoc and reference documentation. [1][2] References Citations:
🏁 Script executed: #!/bin/bash
# Check for test files or build output
find . -type f \( -name "*Test.java" -o -name "*Tests.java" \) | grep -i auth | head -10Repository: workastra/server Length of output: 42 🌐 Web query:
💡 Result: Short answer
Example (Java)
Notes / gotchas
References
Fix invalid There are critical issues here:
🤖 Prompt for AI Agents |
||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,4 @@ | ||||||||||||||||||
| @NullMarked | ||||||||||||||||||
| package com.workastra.authentication.controller; | ||||||||||||||||||
|
|
||||||||||||||||||
| import org.jspecify.annotations.NullMarked; | ||||||||||||||||||
|
Comment on lines
+1
to
+4
There was a problem hiding this comment. Invalid Java syntax: import after package declaration. Same issue as Apply this diff: -@NullMarked
-package com.workastra.authentication.controller;
-
import org.jspecify.annotations.NullMarked;
+
+@NullMarked
+package com.workastra.authentication.controller;📝 Committable suggestion
Suggested change
🤖 Prompt for AI Agents |
||||||||||||||||||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| package com.workastra.authentication.infrastructure.config; | ||
|
|
||
| import org.springframework.context.annotation.Bean; | ||
| import org.springframework.context.annotation.Configuration; | ||
| import org.springframework.security.authentication.AuthenticationManager; | ||
| import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; | ||
| import org.springframework.security.core.userdetails.User; | ||
| import org.springframework.security.core.userdetails.UserDetailsService; | ||
| import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; | ||
| import org.springframework.security.crypto.password.PasswordEncoder; | ||
| import org.springframework.security.provisioning.InMemoryUserDetailsManager; | ||
|
|
||
| /** | ||
| * PasswordEncoderConfig defines password encoding and authentication-related beans. | ||
| * | ||
| * This configuration class sets up: | ||
| * - BCryptPasswordEncoder for secure password hashing | ||
| * - AuthenticationManager for delegating authentication | ||
| * - UserDetailsService with in-memory user store (for demo purposes) | ||
| */ | ||
| @Configuration | ||
| public class PasswordEncoderConfig { | ||
|
|
||
| /** | ||
| * Provides the BCryptPasswordEncoder bean for password encryption. | ||
| * BCrypt automatically handles salt generation and secure hashing. | ||
| */ | ||
| @Bean | ||
| PasswordEncoder passwordEncoder() { | ||
| return new BCryptPasswordEncoder(); | ||
| } | ||
|
|
||
| /** | ||
| * Provides the AuthenticationManager bean from the AuthenticationConfiguration. | ||
| * This manager delegates to the configured authentication providers. | ||
| */ | ||
| @Bean | ||
| AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) throws Exception { | ||
| return configuration.getAuthenticationManager(); | ||
| } | ||
|
|
||
| /** | ||
| * Provides an in-memory UserDetailsService with a default admin user. | ||
| * In production, this should be replaced with a persistent user repository | ||
| * connected to a database. | ||
| * | ||
| * Default user: | ||
| * - username: "admin" | ||
| * - password: "admin" (bcrypt encoded) | ||
| * - roles: "USER" | ||
| */ | ||
| @Bean | ||
| UserDetailsService userDetailsService(PasswordEncoder passwordEncoder) { | ||
| return new InMemoryUserDetailsManager( | ||
| User.withUsername("admin").password(passwordEncoder.encode("admin")).roles("USER").build() | ||
| ); | ||
| } | ||
|
Comment on lines
+21
to
+57
There was a problem hiding this comment. 🧩 Analysis chain🏁 Script executed: #!/bin/bash
# Check the current file and surrounding context for @Profile annotations
cat -n modules/authentication/src/main/java/com/workastra/authentication/infrastructure/config/PasswordEncoderConfig.javaRepository: workastra/server Length of output: 2818 🏁 Script executed: #!/bin/bash
# Search for all @Profile annotations in the authentication module
rg -n '@Profile' modules/authentication/Repository: workastra/server Length of output: 42 🏁 Script executed: #!/bin/bash
# Search for other UserDetailsService bean definitions across the codebase
rg -n 'UserDetailsService' --type java -A 3 -B 1Repository: workastra/server Length of output: 3401 🏁 Script executed: #!/bin/bash
# Check for Spring profile configurations in properties/yml files
fd -e 'yml' -o -e 'yaml' -o -e 'properties' | xargs grep -l 'spring.profiles' 2>/dev/null || echo "No profile configs found"Repository: workastra/server Length of output: 218 🏁 Script executed: #!/bin/bash
# Check the project structure to understand the context (pom.xml or build.gradle for hints)
find . -maxdepth 2 -name 'pom.xml' -o -name 'build.gradle' | head -5Repository: workastra/server Length of output: 42 🏁 Script executed: #!/bin/bash
# Search for application configuration files
fd -type f \( -name 'application*.yml' -o -name 'application*.yaml' -o -name 'application*.properties' \)Repository: workastra/server Length of output: 230 🏁 Script executed: #!/bin/bash
# Search for any @Profile annotations in the entire codebase
rg -n '@Profile' --type javaRepository: workastra/server Length of output: 42 🏁 Script executed: #!/bin/bash
# Check if there are test configurations in src/test
find . -path '*/src/test/java/*' -name '*Config*.java' | head -20Repository: workastra/server Length of output: 42 🏁 Script executed: #!/bin/bash
# Look for conditional bean definitions or alternative UserDetailsService implementations
rg -n 'InMemoryUserDetailsManager' --type java -B 5 -A 10Repository: workastra/server Length of output: 4545 Gate the in-memory The hard-coded Recommended fixes:
The |
||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,88 @@ | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| package com.workastra.authentication.infrastructure.config; | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| import com.workastra.authentication.infrastructure.filter.JsonLoginAuthenticationFilter; | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| import com.workastra.authentication.infrastructure.handler.JsonAccessDeniedHandler; | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| import com.workastra.authentication.infrastructure.handler.JsonAuthFailureHandler; | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| import com.workastra.authentication.infrastructure.handler.JsonAuthSuccessHandler; | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| import com.workastra.authentication.infrastructure.handler.JsonAuthenticationEntryPoint; | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| import org.springframework.context.annotation.Bean; | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| import org.springframework.context.annotation.Configuration; | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| import org.springframework.http.HttpMethod; | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| import org.springframework.security.authentication.AuthenticationManager; | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| import org.springframework.security.config.annotation.web.builders.HttpSecurity; | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| import org.springframework.security.config.http.SessionCreationPolicy; | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| import org.springframework.security.web.SecurityFilterChain; | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| import org.springframework.security.web.context.HttpSessionSecurityContextRepository; | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| import tools.jackson.databind.ObjectMapper; | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Comment on lines
+3
to
+18
There was a problem hiding this comment. 🧩 Analysis chain🏁 Script executed: # First, let's find the SecurityConfig.java file and read it completely
find . -name "SecurityConfig.java" -path "*/authentication/*" | head -5Repository: workastra/server Length of output: 169 🏁 Script executed: # Check for ObjectMapper usage in the codebase
rg "ObjectMapper" --type java -B 2 -A 2 | head -50Repository: workastra/server Length of output: 6342 🏁 Script executed: # Check build configuration for Jackson dependency
fd "pom.xml|build.gradle" | xargs cat 2>/dev/null | grep -i jackson | head -20Repository: workastra/server Length of output: 42 🏁 Script executed: cat -n ./modules/authentication/src/main/java/com/workastra/authentication/infrastructure/config/SecurityConfig.javaRepository: workastra/server Length of output: 4881 🏁 Script executed: # Look for pom.xml in authentication module
find ./modules/authentication -name "pom.xml" -exec cat {} \;Repository: workastra/server Length of output: 42 🏁 Script executed: # Check if tools.jackson is used consistently throughout codebase
rg "import tools\.jackson" --type java | wc -lRepository: workastra/server Length of output: 61 🏁 Script executed: # Also check if com.fasterxml.jackson is used anywhere
rg "import com\.fasterxml\.jackson" --type java | head -10Repository: workastra/server Length of output: 300 🏁 Script executed: # Find pom.xml files in the project
find . -name "pom.xml" -type fRepository: workastra/server Length of output: 42 🏁 Script executed: # Check root pom.xml for Jackson dependency
cat ./pom.xml | grep -A 5 -B 5 "jackson" 2>/dev/null || echo "Not found in root pom.xml"Repository: workastra/server Length of output: 144 🏁 Script executed: # Check if tools.jackson package exists in any dependency or if it's just a typo
rg "package tools\.jackson" --type javaRepository: workastra/server Length of output: 42 🏁 Script executed: # Double-check: search for any build files and Jackson version
find . -type f \( -name "*.gradle" -o -name "*.properties" \) | head -20Repository: workastra/server Length of output: 122 🏁 Script executed: # Verify there's no tools.jackson in Maven Central or any vendor
# Also check if Jackson is actually available as a dependency anywhere
rg "jackson" modules/ --type toml --type properties --type xml 2>/dev/null | head -20Repository: workastra/server Length of output: 42 Fix incorrect Line 17 imports Update to: -import tools.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.ObjectMapper;📝 Committable suggestion
Suggested change
🤖 Prompt for AI Agents |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| /** | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| * SecurityConfig configures Spring Security for the authentication module. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| * It sets up the HTTP security chain, CSRF protection, authorization rules, | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| * and integrates custom JSON-based authentication handlers. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| */ | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| @Configuration | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| public class SecurityConfig { | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| private final JsonAccessDeniedHandler accessDeniedHandler; | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| private final JsonAuthenticationEntryPoint authenticationEntryPoint; | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| public SecurityConfig( | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| JsonAuthenticationEntryPoint authenticationEntryPoint, | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| JsonAccessDeniedHandler accessDeniedHandler | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ) { | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| this.authenticationEntryPoint = authenticationEntryPoint; | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| this.accessDeniedHandler = accessDeniedHandler; | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| } | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| /** | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| * Configures the security filter chain for HTTP requests. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| * | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| * - Enables CSRF protection for Single Page Applications (SPA) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| * - Permits public endpoints: /actuator/health, /api/v1/csrf, /api/v1/auth/login | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| * - Requires authentication for all other /api/** endpoints | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| * - Denies all other requests | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| * - Uses custom JSON authentication filter instead of form login | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| * - Registers custom exception handlers for unauthorized and forbidden access | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| */ | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| @Bean | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SecurityFilterChain securityFilterChain( | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| HttpSecurity http, | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AuthenticationManager authenticationManager, | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ObjectMapper objectMapper | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ) throws Exception { | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| var jsonLoginAuthenticationFilter = new JsonLoginAuthenticationFilter(authenticationManager, objectMapper); | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| jsonLoginAuthenticationFilter.setFilterProcessesUrl("/api/v1/auth/login"); | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| jsonLoginAuthenticationFilter.setAuthenticationSuccessHandler(new JsonAuthSuccessHandler(objectMapper)); | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| jsonLoginAuthenticationFilter.setAuthenticationFailureHandler(new JsonAuthFailureHandler(objectMapper)); | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| var sessionRepo = new HttpSessionSecurityContextRepository(); | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| jsonLoginAuthenticationFilter.setSecurityContextRepository(sessionRepo); | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| http | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| .csrf((csrf) -> csrf.spa()) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| .authorizeHttpRequests((auth) -> | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| auth | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| .requestMatchers(HttpMethod.GET, "/actuator/health") | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| .permitAll() | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| .requestMatchers("/api/v1/csrf") | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| .permitAll() | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| .requestMatchers("/api/v1/auth/login") | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| .permitAll() | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| .requestMatchers("/api/**") | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| .authenticated() | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| .anyRequest() | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| .denyAll() | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| .sessionManagement((session) -> session.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| .formLogin((c) -> c.disable()) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| .httpBasic((c) -> c.disable()) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| .addFilterAt(jsonLoginAuthenticationFilter, UsernamePasswordAuthenticationFilter.class) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| .exceptionHandling((ex) -> { | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ex.authenticationEntryPoint(this.authenticationEntryPoint); | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ex.accessDeniedHandler(this.accessDeniedHandler); | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| }); | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| return http.build(); | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| } | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| } | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| /** | ||
| * Infrastructure layer configuration for authentication and security. | ||
| * | ||
| * This package contains Spring configuration classes that set up security beans, | ||
| * filters, and the HTTP security filter chain. | ||
| * | ||
| * - SecurityConfig: Configures the HTTP security filter chain | ||
| * - PasswordEncoderConfig: Defines password encoding and authentication manager beans | ||
| */ | ||
| package com.workastra.authentication.infrastructure.config; | ||
|
Comment on lines
+1
to
+10
There was a problem hiding this comment. 🛠️ Refactor suggestion | 🟠 Major Add This package-info documents the package but does not apply Add the annotation and import: /**
* Infrastructure layer configuration for authentication and security.
*
* This package contains Spring configuration classes that set up security beans,
* filters, and the HTTP security filter chain.
*
* - SecurityConfig: Configures the HTTP security filter chain
* - PasswordEncoderConfig: Defines password encoding and authentication manager beans
*/
-package com.workastra.authentication.infrastructure.config;
+@org.jspecify.annotations.NullMarked
+package com.workastra.authentication.infrastructure.config;
+
+import org.jspecify.annotations.NullMarked;Based on learnings, this package must be annotated with
🤖 Prompt for AI Agents |
||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Redundant
cleancommands defeat Gradle caching and slow down CI/CD.Each test step runs
clean, which wipes the build cache and forces a full rebuild. Since the check step (line 49) already builds the project, the subsequent test steps should reuse that build state instead of cleaning and rebuilding from scratch. This is especially costly for native compilation.Apply this diff to remove redundant cleans:
Also applies to: 54-54, 59-59
🤖 Prompt for AI Agents