Defining endpoint security through JDL #19201
Milestone
Comments
|
Interesting, were you able to reflect this into the API documentation? |
|
I just added a comment to the source code: but it's a good suggestion to make it visible in the API documentation as well - it shouldn't be hard ... |
DanielFran
added
area: feature request 💡
theme: security
and removed
area: triage
theme: undefined
labels
|
@SpiralUp Are you available to contribute with a PR? |
|
I'm available to contribute with a PR... |
SpiralUp
added a commit
to SpiralUp/generator-jhipster-8
that referenced
this issue
Oct 4, 2023
This commit introduces a role-based security feature for the backend, allowing users to define security configurations using JDL clauses. Security can now be specified directly within JDL for various entities, where different roles with specified permissions are mapped to the corresponding Java entity resource files. This mapping auto-generates the requisite `@Secured({})` annotations on the endpoints, ensuring the right level of access control based on roles. Examples of the JDL security clauses include:
```
secure entity1, entity2, entity3 with roles {
ROLE_ADMIN allows (get, post, put, delete)
ROLE_USER allows (get)
}
```
and
```
secure all except entity3 with roles {
ROLE_ADMIN allows (get, post, put, delete)
ROLE_USER allows (get)
}
```
which would translate to `@Secured({ "ROLE_ADMIN" })` annotations in the generated Java code for specified endpoints. Additionally, the integration tests have been updated to consider these role-based security configurations.
Moreover, the groundwork for supporting other security types has been laid down through the inclusion of grammar and parser definitions. These additional security types encompass privilege security, organizational security, parent based security, and relation based security, although the code generators for these types are not included in this commit.
Resolves jhipster#19201
SpiralUp
added a commit
to SpiralUp/generator-jhipster-8
that referenced
this issue
Oct 4, 2023
This commit introduces a role-based security feature for the backend, allowing users to define security configurations using JDL clauses. Security can now be specified directly within JDL for various entities, where different roles with specified permissions are mapped to the corresponding Java entity resource files. This mapping auto-generates the requisite `@Secured({})` annotations on the endpoints, ensuring the right level of access control based on roles. Examples of the JDL security clauses include:
```
secure entity1, entity2, entity3 with roles {
ROLE_ADMIN allows (get, post, put, delete)
ROLE_USER allows (get)
}
```
and
```
secure all except entity3 with roles {
ROLE_ADMIN allows (get, post, put, delete)
ROLE_USER allows (get)
}
```
which would translate to `@Secured({ "ROLE_ADMIN" })` annotations in the generated Java code for specified endpoints. Additionally, the integration tests have been updated to consider these role-based security configurations.
Moreover, the groundwork for supporting other security types has been laid down through the inclusion of grammar and parser definitions. These additional security types encompass privilege security, organizational security, parent based security, and relation based security, although the code generators for these types are not included in this commit.
Resolves jhipster#19201
|
This issue is stale because it has been open for too long without any activity. |
|
This issue is stale because it has been open for too long without any activity. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Overview of the feature request
When creating an application through JHipster, it is necessary to manually adjust the security on the generated endpoints. This could be avoided if security was defined through JDL and then generated.
An example of a possible definition in JDL:
This should be reflected in the generation of EntityResource and EntityResourceIT.
I already have an implementation for this, so I can share it ...
Motivation for or Use Case
Now, security has to be added manually on endpoints that are generated and unit tests have to be refined manually. It seems to me that this is the most common refinement over the generated code.
Related issues or PR
The text was updated successfully, but these errors were encountered: