From 0346a8b0f1963b1673ebac26be5e63767a383d80 Mon Sep 17 00:00:00 2001 From: zchriste Date: Mon, 6 Feb 2023 08:27:28 +0100 Subject: [PATCH 01/10] implemented security rule Y1 --- .../devonfw/sample/archunit/SecurityTest.java | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 src/test/java/com/devonfw/sample/archunit/SecurityTest.java diff --git a/src/test/java/com/devonfw/sample/archunit/SecurityTest.java b/src/test/java/com/devonfw/sample/archunit/SecurityTest.java new file mode 100644 index 0000000..72cfe84 --- /dev/null +++ b/src/test/java/com/devonfw/sample/archunit/SecurityTest.java @@ -0,0 +1,34 @@ +package com.devonfw.sample.archunit; + +import com.tngtech.archunit.core.importer.ImportOption; +import com.tngtech.archunit.junit.AnalyzeClasses; +import com.tngtech.archunit.junit.ArchTest; +import com.tngtech.archunit.lang.ArchRule; + +import javax.annotation.security.DenyAll; +import javax.annotation.security.PermitAll; +import javax.annotation.security.RolesAllowed; + +import static com.tngtech.archunit.lang.syntax.ArchRuleDefinition.methods; + +/** + * JUnit test that validates the security rules of this application. + */ +@AnalyzeClasses(packages = "com.devonfw.sample.archunit", importOptions = ImportOption.DoNotIncludeTests.class) +public class SecurityTest { + + /** + * Checks 'UcImpl' classes for public methods. + * Fails if a method is neither annotated with @PermitAll, @RolesAllowed nor @DenyAll. + */ + @ArchTest + private static final ArchRule shouldBeProperlyAnnotated = // + methods() + .that().areDeclaredInClassesThat().haveSimpleNameEndingWith("UcImpl") + .and().arePublic() + .should().beAnnotatedWith(PermitAll.class) + .orShould().beAnnotatedWith(RolesAllowed.class) + .orShould().beAnnotatedWith(DenyAll.class) + .because("All Use-Case implementation methods must be annotated with a security " + + "constraint from javax.annotation.security"); +} \ No newline at end of file From fa9a96bf9dca3354209470dff91c6854f34fb221 Mon Sep 17 00:00:00 2001 From: zchriste Date: Mon, 6 Feb 2023 08:33:49 +0100 Subject: [PATCH 02/10] implemented security rule Y1 violations --- .../SecurityViolationUcImpl.java | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 src/main/java/com/devonfw/sample/archunit/archunitviolations/SecurityViolationUcImpl.java diff --git a/src/main/java/com/devonfw/sample/archunit/archunitviolations/SecurityViolationUcImpl.java b/src/main/java/com/devonfw/sample/archunit/archunitviolations/SecurityViolationUcImpl.java new file mode 100644 index 0000000..5efc342 --- /dev/null +++ b/src/main/java/com/devonfw/sample/archunit/archunitviolations/SecurityViolationUcImpl.java @@ -0,0 +1,29 @@ +package com.devonfw.sample.archunit.archunitviolations; + +import javax.annotation.security.PermitAll; + +public class SecurityViolationUcImpl { + + /** + * Violation: + * Public method without proper annotations + */ + public void someMethodWithViolation() { + // empty + } + + /** + * Public method with proper annotations + */ + @PermitAll + public void someMethodWithoutViolation() { + // empty + } + + /** + * Private method without annotations + */ + private void someOtherMethodWithoutViolation() { + // empty + } +} From ac2ac12832da2db4b5a06ea9ea56315bbd879766 Mon Sep 17 00:00:00 2001 From: zchriste Date: Wed, 8 Feb 2023 11:23:55 +0100 Subject: [PATCH 03/10] Fixed class search naming convention and uncommented code security annotations --- .../sample/archunit/task/logic/UcDeleteTaskItem.java | 6 ++++-- .../sample/archunit/task/logic/UcDeleteTaskList.java | 6 ++++-- .../devonfw/sample/archunit/task/logic/UcFindTaskItem.java | 4 +++- .../devonfw/sample/archunit/task/logic/UcFindTaskList.java | 6 ++++-- .../devonfw/sample/archunit/task/logic/UcSaveTaskItem.java | 4 +++- .../devonfw/sample/archunit/task/logic/UcSaveTaskList.java | 4 +++- src/test/java/com/devonfw/sample/archunit/SecurityTest.java | 4 ++-- 7 files changed, 23 insertions(+), 11 deletions(-) diff --git a/src/main/java/com/devonfw/sample/archunit/task/logic/UcDeleteTaskItem.java b/src/main/java/com/devonfw/sample/archunit/task/logic/UcDeleteTaskItem.java index 46e786e..9def062 100644 --- a/src/main/java/com/devonfw/sample/archunit/task/logic/UcDeleteTaskItem.java +++ b/src/main/java/com/devonfw/sample/archunit/task/logic/UcDeleteTaskItem.java @@ -1,10 +1,12 @@ package com.devonfw.sample.archunit.task.logic; +import javax.annotation.security.RolesAllowed; import javax.enterprise.context.ApplicationScoped; import javax.inject.Inject; import javax.inject.Named; import javax.transaction.Transactional; +import com.devonfw.sample.archunit.task.common.security.ApplicationAccessControlConfig; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -29,7 +31,7 @@ public class UcDeleteTaskItem extends AbstractUc { * @param id the {@link com.devonfw.sample.archunit.task.dataaccess.TaskListEntity#getId() primary key} of the * {@link com.devonfw.sample.archunit.task.dataaccess.TaskListEntity} to delete. */ - // @RolesAllowed(ApplicationAccessControlConfig.PERMISSION_DELETE_TASK_ITEM) + @RolesAllowed(ApplicationAccessControlConfig.PERMISSION_DELETE_TASK_ITEM) public void delete(Long id) { this.taskItemRepository.deleteById(id); @@ -38,7 +40,7 @@ public void delete(Long id) { /** * @param item the {@link TaskItemEto} to delete. */ - // @RolesAllowed(ApplicationAccessControlConfig.PERMISSION_DELETE_TASK_ITEM) + @RolesAllowed(ApplicationAccessControlConfig.PERMISSION_DELETE_TASK_ITEM) public void delete(TaskItemEto item) { Long id = item.getId(); diff --git a/src/main/java/com/devonfw/sample/archunit/task/logic/UcDeleteTaskList.java b/src/main/java/com/devonfw/sample/archunit/task/logic/UcDeleteTaskList.java index f30ecbf..847ca45 100644 --- a/src/main/java/com/devonfw/sample/archunit/task/logic/UcDeleteTaskList.java +++ b/src/main/java/com/devonfw/sample/archunit/task/logic/UcDeleteTaskList.java @@ -1,10 +1,12 @@ package com.devonfw.sample.archunit.task.logic; +import javax.annotation.security.RolesAllowed; import javax.enterprise.context.ApplicationScoped; import javax.inject.Inject; import javax.inject.Named; import javax.transaction.Transactional; +import com.devonfw.sample.archunit.task.common.security.ApplicationAccessControlConfig; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -29,7 +31,7 @@ public class UcDeleteTaskList extends AbstractUc { * @param id the {@link com.devonfw.sample.archunit.task.dataaccess.TaskListEntity#getId() primary key} of the * {@link com.devonfw.sample.archunit.task.dataaccess.TaskListEntity} to delete. */ - // @RolesAllowed(ApplicationAccessControlConfig.PERMISSION_DELETE_TASK_ITEM) + @RolesAllowed(ApplicationAccessControlConfig.PERMISSION_DELETE_TASK_ITEM) public void delete(Long id) { this.taskListRepository.deleteById(id); @@ -38,7 +40,7 @@ public void delete(Long id) { /** * @param list the {@link TaskListEto} to delete. */ - // @RolesAllowed(ApplicationAccessControlConfig.PERMISSION_DELETE_TASK_ITEM) + @RolesAllowed(ApplicationAccessControlConfig.PERMISSION_DELETE_TASK_ITEM) public void delete(TaskListEto list) { Long id = list.getId(); diff --git a/src/main/java/com/devonfw/sample/archunit/task/logic/UcFindTaskItem.java b/src/main/java/com/devonfw/sample/archunit/task/logic/UcFindTaskItem.java index 66cc1ba..6b75e7f 100644 --- a/src/main/java/com/devonfw/sample/archunit/task/logic/UcFindTaskItem.java +++ b/src/main/java/com/devonfw/sample/archunit/task/logic/UcFindTaskItem.java @@ -2,6 +2,7 @@ import java.util.Optional; +import javax.annotation.security.RolesAllowed; import javax.enterprise.context.ApplicationScoped; import javax.inject.Inject; import javax.inject.Named; @@ -9,6 +10,7 @@ import com.devonfw.sample.archunit.general.logic.AbstractUc; import com.devonfw.sample.archunit.task.common.TaskItemEto; +import com.devonfw.sample.archunit.task.common.security.ApplicationAccessControlConfig; import com.devonfw.sample.archunit.task.dataaccess.TaskItemEntity; import com.devonfw.sample.archunit.task.dataaccess.TaskItemRepository; @@ -31,7 +33,7 @@ public class UcFindTaskItem extends AbstractUc { * @return the {@link TaskItemEto} with the given {@link TaskItemEto#getId() primary key} or {@code null} if not * found. */ - // @RolesAllowed(ApplicationAccessControlConfig.PERMISSION_FIND_TASK_ITEM) + @RolesAllowed(ApplicationAccessControlConfig.PERMISSION_FIND_TASK_ITEM) public TaskItemEto findById(Long itemId) { Optional item = this.taskItemRepository.findById(itemId); diff --git a/src/main/java/com/devonfw/sample/archunit/task/logic/UcFindTaskList.java b/src/main/java/com/devonfw/sample/archunit/task/logic/UcFindTaskList.java index 5734595..8d88c8a 100644 --- a/src/main/java/com/devonfw/sample/archunit/task/logic/UcFindTaskList.java +++ b/src/main/java/com/devonfw/sample/archunit/task/logic/UcFindTaskList.java @@ -2,6 +2,7 @@ import java.util.Optional; +import javax.annotation.security.RolesAllowed; import javax.enterprise.context.ApplicationScoped; import javax.inject.Inject; import javax.inject.Named; @@ -10,6 +11,7 @@ import com.devonfw.sample.archunit.general.logic.AbstractUc; import com.devonfw.sample.archunit.task.common.TaskListCto; import com.devonfw.sample.archunit.task.common.TaskListEto; +import com.devonfw.sample.archunit.task.common.security.ApplicationAccessControlConfig; import com.devonfw.sample.archunit.task.dataaccess.TaskListEntity; import com.devonfw.sample.archunit.task.dataaccess.TaskListRepository; @@ -34,7 +36,7 @@ public class UcFindTaskList extends AbstractUc { * @param listId the {@link TaskListEntity#getId() primary key} of the {@link TaskListEntity} to find. * @return the {@link TaskListEto} for the given {@link TaskListEto#getId() primary key} or {@code null} if not found. */ - // @RolesAllowed(ApplicationAccessControlConfig.PERMISSION_FIND_TASK_LIST) + @RolesAllowed(ApplicationAccessControlConfig.PERMISSION_FIND_TASK_LIST) public TaskListEto findById(Long listId) { Optional taskList = this.taskListRepository.findById(listId); @@ -45,7 +47,7 @@ public TaskListEto findById(Long listId) { * @param listId the {@link TaskListEntity#getId() primary key} of the {@link TaskListEntity} to find. * @return the {@link TaskListCto} for the given {@link TaskListEto#getId() primary key} or {@code null} if not found. */ - // @RolesAllowed(ApplicationAccessControlConfig.PERMISSION_FIND_TASK_LIST) + @RolesAllowed(ApplicationAccessControlConfig.PERMISSION_FIND_TASK_LIST) public TaskListCto findCtoById(Long listId) { Optional list = this.taskListRepository.findById(listId); diff --git a/src/main/java/com/devonfw/sample/archunit/task/logic/UcSaveTaskItem.java b/src/main/java/com/devonfw/sample/archunit/task/logic/UcSaveTaskItem.java index 28bdfd2..124fe04 100644 --- a/src/main/java/com/devonfw/sample/archunit/task/logic/UcSaveTaskItem.java +++ b/src/main/java/com/devonfw/sample/archunit/task/logic/UcSaveTaskItem.java @@ -1,5 +1,6 @@ package com.devonfw.sample.archunit.task.logic; +import javax.annotation.security.RolesAllowed; import javax.enterprise.context.ApplicationScoped; import javax.inject.Inject; import javax.inject.Named; @@ -7,6 +8,7 @@ import com.devonfw.sample.archunit.general.logic.AbstractUc; import com.devonfw.sample.archunit.task.common.TaskItemEto; +import com.devonfw.sample.archunit.task.common.security.ApplicationAccessControlConfig; import com.devonfw.sample.archunit.task.dataaccess.TaskItemEntity; import com.devonfw.sample.archunit.task.dataaccess.TaskItemRepository; @@ -28,7 +30,7 @@ public class UcSaveTaskItem extends AbstractUc { * @param item the {@link TaskItemEto} to save. * @return the {@link TaskItemEntity#getId() primary key} of the saved {@link TaskItemEntity}. */ - // @RolesAllowed(ApplicationAccessControlConfig.PERMISSION_SAVE_TASK_ITEM) + @RolesAllowed(ApplicationAccessControlConfig.PERMISSION_SAVE_TASK_ITEM) public Long save(TaskItemEto item) { TaskItemEntity entity = this.taskItemMapper.toEntity(item); diff --git a/src/main/java/com/devonfw/sample/archunit/task/logic/UcSaveTaskList.java b/src/main/java/com/devonfw/sample/archunit/task/logic/UcSaveTaskList.java index 1804ca8..247880f 100644 --- a/src/main/java/com/devonfw/sample/archunit/task/logic/UcSaveTaskList.java +++ b/src/main/java/com/devonfw/sample/archunit/task/logic/UcSaveTaskList.java @@ -1,5 +1,6 @@ package com.devonfw.sample.archunit.task.logic; +import javax.annotation.security.RolesAllowed; import javax.enterprise.context.ApplicationScoped; import javax.inject.Inject; import javax.inject.Named; @@ -7,6 +8,7 @@ import com.devonfw.sample.archunit.general.logic.AbstractUc; import com.devonfw.sample.archunit.task.common.TaskListEto; +import com.devonfw.sample.archunit.task.common.security.ApplicationAccessControlConfig; import com.devonfw.sample.archunit.task.dataaccess.TaskListEntity; import com.devonfw.sample.archunit.task.dataaccess.TaskListRepository; @@ -28,7 +30,7 @@ public class UcSaveTaskList extends AbstractUc { * @param list the {@link TaskListEto} to save. * @return the {@link TaskListEntity#getId() primary key} of the saved {@link TaskListEntity}. */ - // @RolesAllowed(ApplicationAccessControlConfig.PERMISSION_SAVE_TASK_LIST) + @RolesAllowed(ApplicationAccessControlConfig.PERMISSION_SAVE_TASK_LIST) public Long save(TaskListEto list) { TaskListEntity entity = this.taskListMapper.toEntity(list); diff --git a/src/test/java/com/devonfw/sample/archunit/SecurityTest.java b/src/test/java/com/devonfw/sample/archunit/SecurityTest.java index 72cfe84..ca1a77f 100644 --- a/src/test/java/com/devonfw/sample/archunit/SecurityTest.java +++ b/src/test/java/com/devonfw/sample/archunit/SecurityTest.java @@ -18,13 +18,13 @@ public class SecurityTest { /** - * Checks 'UcImpl' classes for public methods. + * Checks 'Uc*Impl' classes for public methods. * Fails if a method is neither annotated with @PermitAll, @RolesAllowed nor @DenyAll. */ @ArchTest private static final ArchRule shouldBeProperlyAnnotated = // methods() - .that().areDeclaredInClassesThat().haveSimpleNameEndingWith("UcImpl") + .that().areDeclaredInClassesThat().haveSimpleNameStartingWith("Uc") .and().arePublic() .should().beAnnotatedWith(PermitAll.class) .orShould().beAnnotatedWith(RolesAllowed.class) From d60590fdd4b4afce6dfdb2beacc1b45167d10090 Mon Sep 17 00:00:00 2001 From: zchriste Date: Mon, 6 Feb 2023 08:33:49 +0100 Subject: [PATCH 04/10] implemented security rule Y1 violations --- .../SecurityViolationUcImpl.java | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 src/main/java/com/devonfw/sample/archunit/archunitviolations/SecurityViolationUcImpl.java diff --git a/src/main/java/com/devonfw/sample/archunit/archunitviolations/SecurityViolationUcImpl.java b/src/main/java/com/devonfw/sample/archunit/archunitviolations/SecurityViolationUcImpl.java new file mode 100644 index 0000000..5efc342 --- /dev/null +++ b/src/main/java/com/devonfw/sample/archunit/archunitviolations/SecurityViolationUcImpl.java @@ -0,0 +1,29 @@ +package com.devonfw.sample.archunit.archunitviolations; + +import javax.annotation.security.PermitAll; + +public class SecurityViolationUcImpl { + + /** + * Violation: + * Public method without proper annotations + */ + public void someMethodWithViolation() { + // empty + } + + /** + * Public method with proper annotations + */ + @PermitAll + public void someMethodWithoutViolation() { + // empty + } + + /** + * Private method without annotations + */ + private void someOtherMethodWithoutViolation() { + // empty + } +} From 8c05e7fef852d328b19b590575fa5bf9b236db6f Mon Sep 17 00:00:00 2001 From: zchriste Date: Mon, 13 Feb 2023 11:56:42 +0100 Subject: [PATCH 05/10] Moved rule violation to separate package --- .../UcY1ViolationImproperSecurityAnnotations.java} | 4 ++-- src/test/java/com/devonfw/sample/archunit/SecurityTest.java | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) rename src/main/java/com/devonfw/sample/{archunit/archunitviolations/SecurityViolationUcImpl.java => archunitviolations/UcY1ViolationImproperSecurityAnnotations.java} (82%) diff --git a/src/main/java/com/devonfw/sample/archunit/archunitviolations/SecurityViolationUcImpl.java b/src/main/java/com/devonfw/sample/archunitviolations/UcY1ViolationImproperSecurityAnnotations.java similarity index 82% rename from src/main/java/com/devonfw/sample/archunit/archunitviolations/SecurityViolationUcImpl.java rename to src/main/java/com/devonfw/sample/archunitviolations/UcY1ViolationImproperSecurityAnnotations.java index 5efc342..f0eee4a 100644 --- a/src/main/java/com/devonfw/sample/archunit/archunitviolations/SecurityViolationUcImpl.java +++ b/src/main/java/com/devonfw/sample/archunitviolations/UcY1ViolationImproperSecurityAnnotations.java @@ -1,8 +1,8 @@ -package com.devonfw.sample.archunit.archunitviolations; +package com.devonfw.sample.archunitviolations; import javax.annotation.security.PermitAll; -public class SecurityViolationUcImpl { +public class UcY1ViolationImproperSecurityAnnotations { /** * Violation: diff --git a/src/test/java/com/devonfw/sample/archunit/SecurityTest.java b/src/test/java/com/devonfw/sample/archunit/SecurityTest.java index ca1a77f..28dbc4d 100644 --- a/src/test/java/com/devonfw/sample/archunit/SecurityTest.java +++ b/src/test/java/com/devonfw/sample/archunit/SecurityTest.java @@ -14,7 +14,8 @@ /** * JUnit test that validates the security rules of this application. */ -@AnalyzeClasses(packages = "com.devonfw.sample.archunit", importOptions = ImportOption.DoNotIncludeTests.class) +@AnalyzeClasses(packages = {"com.devonfw.sample.archunitviolations", "com.devonfw.sample.archunit"}, + importOptions = ImportOption.DoNotIncludeTests.class) public class SecurityTest { /** From ac8c0be4c860307007a33907fdb0f6cf5fce911f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Hohwiller?= Date: Tue, 25 Apr 2023 07:52:26 +0200 Subject: [PATCH 06/10] revert package change --- src/test/java/com/devonfw/sample/archunit/SecurityTest.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/test/java/com/devonfw/sample/archunit/SecurityTest.java b/src/test/java/com/devonfw/sample/archunit/SecurityTest.java index 28dbc4d..7f190fd 100644 --- a/src/test/java/com/devonfw/sample/archunit/SecurityTest.java +++ b/src/test/java/com/devonfw/sample/archunit/SecurityTest.java @@ -14,8 +14,7 @@ /** * JUnit test that validates the security rules of this application. */ -@AnalyzeClasses(packages = {"com.devonfw.sample.archunitviolations", "com.devonfw.sample.archunit"}, - importOptions = ImportOption.DoNotIncludeTests.class) +AnalyzeClasses(packages = "com.devonfw.sample.archunit", importOptions = ImportOption.DoNotIncludeTests.class) public class SecurityTest { /** @@ -32,4 +31,4 @@ public class SecurityTest { .orShould().beAnnotatedWith(DenyAll.class) .because("All Use-Case implementation methods must be annotated with a security " + "constraint from javax.annotation.security"); -} \ No newline at end of file +} From 2faa767e49129785d45d85ce29e9c7702e16d23f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Hohwiller?= Date: Tue, 25 Apr 2023 07:52:48 +0200 Subject: [PATCH 07/10] C&P fix --- src/test/java/com/devonfw/sample/archunit/SecurityTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/java/com/devonfw/sample/archunit/SecurityTest.java b/src/test/java/com/devonfw/sample/archunit/SecurityTest.java index 7f190fd..ce94b48 100644 --- a/src/test/java/com/devonfw/sample/archunit/SecurityTest.java +++ b/src/test/java/com/devonfw/sample/archunit/SecurityTest.java @@ -14,7 +14,7 @@ /** * JUnit test that validates the security rules of this application. */ -AnalyzeClasses(packages = "com.devonfw.sample.archunit", importOptions = ImportOption.DoNotIncludeTests.class) +@AnalyzeClasses(packages = "com.devonfw.sample.archunit", importOptions = ImportOption.DoNotIncludeTests.class) public class SecurityTest { /** From 885e3a1f583286d7c37971f134c546e1e21598c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Hohwiller?= Date: Tue, 25 Apr 2023 07:53:23 +0200 Subject: [PATCH 08/10] revert From 6ce82d85deb95b89ce8f1643b033d412df2b075c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Hohwiller?= Date: Tue, 25 Apr 2023 07:53:47 +0200 Subject: [PATCH 09/10] Delete SecurityTest.java --- .../devonfw/sample/archunit/SecurityTest.java | 34 ------------------- 1 file changed, 34 deletions(-) delete mode 100644 src/test/java/com/devonfw/sample/archunit/SecurityTest.java diff --git a/src/test/java/com/devonfw/sample/archunit/SecurityTest.java b/src/test/java/com/devonfw/sample/archunit/SecurityTest.java deleted file mode 100644 index ce94b48..0000000 --- a/src/test/java/com/devonfw/sample/archunit/SecurityTest.java +++ /dev/null @@ -1,34 +0,0 @@ -package com.devonfw.sample.archunit; - -import com.tngtech.archunit.core.importer.ImportOption; -import com.tngtech.archunit.junit.AnalyzeClasses; -import com.tngtech.archunit.junit.ArchTest; -import com.tngtech.archunit.lang.ArchRule; - -import javax.annotation.security.DenyAll; -import javax.annotation.security.PermitAll; -import javax.annotation.security.RolesAllowed; - -import static com.tngtech.archunit.lang.syntax.ArchRuleDefinition.methods; - -/** - * JUnit test that validates the security rules of this application. - */ -@AnalyzeClasses(packages = "com.devonfw.sample.archunit", importOptions = ImportOption.DoNotIncludeTests.class) -public class SecurityTest { - - /** - * Checks 'Uc*Impl' classes for public methods. - * Fails if a method is neither annotated with @PermitAll, @RolesAllowed nor @DenyAll. - */ - @ArchTest - private static final ArchRule shouldBeProperlyAnnotated = // - methods() - .that().areDeclaredInClassesThat().haveSimpleNameStartingWith("Uc") - .and().arePublic() - .should().beAnnotatedWith(PermitAll.class) - .orShould().beAnnotatedWith(RolesAllowed.class) - .orShould().beAnnotatedWith(DenyAll.class) - .because("All Use-Case implementation methods must be annotated with a security " + - "constraint from javax.annotation.security"); -} From a5bb856663cfc57585b3aa68bfc13c36ae380aad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Hohwiller?= Date: Tue, 25 Apr 2023 07:56:14 +0200 Subject: [PATCH 10/10] fixed packaging --- .../logic}/UcY1ViolationImproperSecurityAnnotations.java | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) rename src/main/java/com/devonfw/sample/{archunitviolations => archunit/task/logic}/UcY1ViolationImproperSecurityAnnotations.java (77%) diff --git a/src/main/java/com/devonfw/sample/archunitviolations/UcY1ViolationImproperSecurityAnnotations.java b/src/main/java/com/devonfw/sample/archunit/task/logic/UcY1ViolationImproperSecurityAnnotations.java similarity index 77% rename from src/main/java/com/devonfw/sample/archunitviolations/UcY1ViolationImproperSecurityAnnotations.java rename to src/main/java/com/devonfw/sample/archunit/task/logic/UcY1ViolationImproperSecurityAnnotations.java index f0eee4a..454addb 100644 --- a/src/main/java/com/devonfw/sample/archunitviolations/UcY1ViolationImproperSecurityAnnotations.java +++ b/src/main/java/com/devonfw/sample/archunit/task/logic/UcY1ViolationImproperSecurityAnnotations.java @@ -1,13 +1,10 @@ -package com.devonfw.sample.archunitviolations; +package com.devonfw.sample.archunit.task.logic; import javax.annotation.security.PermitAll; public class UcY1ViolationImproperSecurityAnnotations { - /** - * Violation: - * Public method without proper annotations - */ + // Violation: Public method without proper annotations public void someMethodWithViolation() { // empty }