class SpringAuthTagger

Defined in:

tagger/framework_taggers/java/spring_auth.cr

Constant Summary

ANNOTATION_PATTERNS = [/\@PreAuthorize\s*\(/, /\@Secured\s*\(/, /\@RolesAllowed\s*\(/]
ANY_REQUEST_AUTH = /\.anyRequest\s*\(\)\s*\.\s*(authenticated|hasRole|hasAnyRole|hasAuthority|hasAnyAuthority|access)\s*(?:\(|\{)/
MATCHERS_RULE = /\.(antMatchers|requestMatchers|mvcMatchers)\s*\(([^)]+)\)\s*\.\s*(permitAll|authenticated|hasRole|hasAnyRole|hasAuthority|hasAnyAuthority|access)\s*(?:\(|\{)/

Patterns for security config URL rules. access { ... } is a protected rule too; permitAll() is intentionally tracked so a more-specific public matcher can suppress a broader protected one.

SCOPE_MATCHER_CALL = /\b(?:securityMatcher|antMatcher)\s*\(/

A chain is "scoped" only when restricted by a singular securityMatcher( / antMatcher( call. The plural antMatchers(...) / requestMatchers(...) forms are authorization rules, not scope restrictions, so a substring test like includes?("antMatcher") wrongly flips a rule-based chain to scoped and drops its anyRequest() fallback. The \s*\( boundary rejects the plural.

Constructors

Class Method Summary

Instance Method Summary

Instance methods inherited from class FrameworkTagger

collect_files_by_extension(extension : String) : Array(String) collect_files_by_extension, read_file(path : String) : String | Nil read_file, read_source_context(endpoint : Endpoint) : Array(SourceContext) read_source_context, static_asset_route?(url : String) : Bool static_asset_route?

Constructor methods inherited from class FrameworkTagger

new(options : Hash(String, YAML::Any)) new

Class methods inherited from class FrameworkTagger

target_techs : Array(String) target_techs

Instance methods inherited from module FileHelper

all_files : Array(String) all_files, get_files_by_extension(extension : String) : Array(String) get_files_by_extension, get_files_by_prefix(prefix : String) : Array(String) get_files_by_prefix, get_files_by_prefix_and_extension(prefix : String, extension : String) : Array(String) get_files_by_prefix_and_extension, get_public_dir_files(base_path : String, folder : String) : Array(String) get_public_dir_files, get_public_files(base_path : String, anchors : Array(String) = ["shard.yml", "Gemfile"]) : Array(String) get_public_files

Instance methods inherited from class Tagger

name : String name, perform(endpoints : Array(Endpoint)) : Array(Endpoint) perform

Constructor methods inherited from class Tagger

new(options : Hash(String, YAML::Any)) new

Constructor Detail

def self.new(options : Hash(String, YAML::Any)) #

[View source]

Class Method Detail

def self.target_techs : Array(String) #

[View source]

Instance Method Detail

def perform(endpoints : Array(Endpoint)) : Array(Endpoint) #

[View source]