feat(EM-39): Implement Spring Security Foundation and Authentication Configuration#39
Open
devin-ai-integration[bot] wants to merge 2 commits intofeat/microservices-migrationfrom
Conversation
…configuration - Add spring-security-test, jjwt deps to version catalog (libs.versions.toml) - Include ftgo-security-lib in settings.gradle with projectDir mapping - Wire SecurityExceptionHandler into FtgoSecurityConfiguration for JSON 401/403 responses - Update JwtTokenProvider to use jjwt 0.12.x API (parser/verifyWith/parseSignedClaims) - Add test dependencies (spring-boot-starter-web, spring-security-test) for integration tests - Create comprehensive integration tests: - FtgoSecurityConfigurationIntegrationTest (actuator, CORS, CSRF, session, auth) - SecurityExceptionHandlerTest (401/403 JSON responses) - FtgoCorsConfigurationSourceTest (origins, methods, headers, credentials) - JwtTokenProviderTest (generate, validate, parse, reject invalid) - JwtAuthenticationFilterTest (auth flow, missing/invalid tokens) Co-Authored-By: mason.batchelor@cognition.ai <masonbatchelor81@gmail.com>
Author
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
- Remove ftgo-security-lib from settings.gradle to avoid JDK 8 compilation failure in monolith CI (consistent with other new libs pattern) - Add dedicated build-ftgo-security-lib job in shared-libs-ci.yml using JDK 17 - Add ftgo-security-lib path filter to detect-changes job Co-Authored-By: mason.batchelor@cognition.ai <masonbatchelor81@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
feat(EM-39): Implement Spring Security Foundation and Authentication Configuration
Summary
Enhances
libs/ftgo-security-lib/with a working Spring Security 6.x foundation: wiresSecurityExceptionHandlerintoFtgoSecurityConfigurationfor JSON 401/403 responses, updatesJwtTokenProviderto the jjwt 0.12.x API, adds security deps to the version catalog, and adds 31 integration/unit tests covering the security filter chain, CORS, CSRF, JWT, and exception handling.Key changes:
gradle/platform/libs.versions.toml— addedjjwt,spring-securityversions;jjwt-api/impl/jackson,spring-security-testlibraries;spring-securitybundleFtgoSecurityConfiguration— wiredSecurityExceptionHandlerasauthenticationEntryPointandaccessDeniedHandlerJwtTokenProvider— migrated from deprecated jjwt 0.11.x API (parserBuilder/setSubject/signWith(key, alg)) to 0.12.x API (parser/subject/signWith(key))build.gradle— fixedtasks.named('test')→testfor Gradle 4.10.2 compatibility; addedspring-boot-starter-webtest dep for MockMvc.github/workflows/shared-libs-ci.yml— added dedicatedbuild-ftgo-security-libjob using JDK 17 with path-based triggerNote:
ftgo-security-libis intentionally not included in the rootsettings.gradle. The monolith build uses JDK 8 (Gradle 4.10.2), and this lib requires JDK 17 (Spring Boot 3.x / Jakarta EE). It builds standalone via the new CI job (cd libs/ftgo-security-lib && ../../gradlew compileJava test), consistent with the pattern for other new libs underlibs/.Updates since last revision
ftgo-security-libfromsettings.gradleto fix CI failure (Could not target platform: 'Java SE 12' using tool chain: 'JDK 8 (1.8)'). The root monolith CI uses JDK 8, which cannot compile Java 17 code.build-ftgo-security-libjob inshared-libs-ci.ymlthat uses JDK 17 and triggers on changes tolibs/ftgo-security-lib/**.Review & Testing Checklist for Human
build-ftgo-security-libjob inshared-libs-ci.ymlwas just added and has not yet been observed to pass. Verify it runs successfully with JDK 17 and that the standalone build path (cd libs/ftgo-security-lib && ../../gradlew compileJava test) works in the CI runner environment.SecurityExceptionHandlerdual instantiation: The handler is created vianew SecurityExceptionHandler()inFtgoSecurityConfigurationwhile the class still has@Component. This means Spring will also create a bean. Verify this dual-instantiation path is acceptable or if@Componentshould be removed.FtgoCorsConfigurationSourceallows all origins (*) with credentials (true). Confirm this is acceptable for the target environment (dev/staging/prod).settings.gradle, it is not compiled or tested as part of the root multi-project build. Any future integration issues between this lib and root project configuration won't be caught by the monolith CI jobs.Test Plan
build-ftgo-security-libCI job passes on this PRcd libs/ftgo-security-lib && JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64 ../../gradlew compileJava test— all 31 tests should passNotes
parserBuilder()→parser(),setSubject()→subject(),parseClaimsJws()→parseSignedClaims(),getBody()→getPayload()settings.gradle) matches the pattern forftgo-common-liband other new libs underlibs/, which also have|| echo "Library not yet wired into settings.gradle"fallback logic in their CI jobs.