Single spring-addons starter #137
Conversation
![sonatype-lift[bot]](https://avatars.githubusercontent.com/in/9843?s=60&v=4){kind=small}
| @@ -44,7 +44,7 @@ JwtAbstractAuthenticationTokenConverter authenticationConverter( | |||
| Converter<Map<String, Object>, Collection<? extends GrantedAuthority>> authoritiesConverter, | |||
| DynamicTenantProperties addonsProperties) { | |||
| return jwt -> { | |||
| final var issProperties = addonsProperties.getIssuerProperties(jwt.getClaims().get(JwtClaimNames.ISS).toString()); | |||
| final var issProperties = addonsProperties.getOpProperties(jwt.getClaims().get(JwtClaimNames.ISS).toString()); | |||
There was a problem hiding this comment.
NULLPTR_DEREFERENCE: null (last assigned on line 47) is dereferenced.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| @@ -44,7 +44,7 @@ JwtAbstractAuthenticationTokenConverter authenticationConverter( | |||
| Converter<Map<String, Object>, Collection<? extends GrantedAuthority>> authoritiesConverter, | |||
| DynamicTenantProperties addonsProperties) { | |||
| return jwt -> { | |||
| final var issProperties = addonsProperties.getIssuerProperties(jwt.getClaims().get(JwtClaimNames.ISS).toString()); | |||
| final var issProperties = addonsProperties.getOpProperties(jwt.getClaims().get(JwtClaimNames.ISS).toString()); | |||
There was a problem hiding this comment.
NULLPTR_DEREFERENCE: The call to OpenidProviderProperties WebSecurityConfig$DynamicTenantProperties.getOpProperties(String) may trigger the following issue: null (from the call to WebSecurityConfig$DynamicTenantProperties.getOpProperties(...) on line 72) is dereferenced in the call to WebSecurityConfig$DynamicTenantProperties.getOpProperties(...).
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| public IssuerProperties getIssuerProperties(String iss) throws MissingAuthorizationServerConfigurationException { | ||
| return super.getIssuerProperties(baseUri(URI.create(iss)).toString()); | ||
| public OpenidProviderProperties getOpProperties(String iss) throws MissingAuthorizationServerConfigurationException { | ||
| return super.getOpProperties(baseUri(URI.create(iss)).toString()); |
There was a problem hiding this comment.
NULL_DEREFERENCE: object returned by baseUri(create(iss)) could be null and is dereferenced at line 72.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| @EnableWebSecurity | ||
| @AutoConfiguration | ||
| @Import({ SpringAddonsOAuth2ClientProperties.class }) | ||
| @ImportAutoConfiguration(SpringAddonsOidcBeans.class) | ||
| @Slf4j |
There was a problem hiding this comment.
UnnecessarilyFullyQualified: This fully qualified name is unambiguous to the compiler if imported.
| @Slf4j | |
| LoggerFactory |
❗❗ 170 similar findings have been found in this PR
🔎 Expand here to view all instances of this finding
| File Path | Line Number |
|---|---|
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcClientProperties.java | 23 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/CorsProperties.java | 5 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SimpleAuthoritiesMappingProperties.java | 14 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/SpringAddonsServerLogoutSuccessHandler.java | 47 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/ReactiveSpringAddonsOidcResourceServerBeans.java | 89 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/CorsProperties.java | 5 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/SpringAddonsOidcBeans.java | 51 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/SpringAddonsServerLogoutSuccessHandler.java | 47 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcClientProperties.java | 23 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/resourceserver/SpringAddonsOidcResourceServerBeans.java | 90 |
Showing 10 of 170 findings. Visit the Lift Web Console to see all.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| /** | ||
| * Retrieves granted authorities from the Jwt (from its private claims or with the help of an external service) | ||
| * | ||
| * @param securityProperties |
There was a problem hiding this comment.
InvalidParam: Parameter name securityProperties is unknown.
| * @param securityProperties | |
| * |
❗❗ 4 similar findings have been found in this PR
🔎 Expand here to view all instances of this finding
| File Path | Line Number |
|---|---|
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/ReactiveSpringAddonsOidcBeans.java | 71 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/ReactiveSpringAddonsOidcClientBeans.java | 183 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/ReactiveSpringAddonsOidcClientBeans.java | 182 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/ReactiveSpringAddonsOidcBeans.java | 90 |
Visit the Lift Web Console to find more details in your report.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| /** | ||
| * Retrieves granted authorities from the Jwt (from its private claims or with the help of an external service) | ||
| * | ||
| * @param securityProperties |
There was a problem hiding this comment.
EmptyBlockTag: A block tag (@param, @return, @throws, @deprecated) has an empty description. Block tags without descriptions don't add much value for future readers of the code; consider removing the tag entirely or adding a description.
| * @param securityProperties | |
| * |
❗❗ 6 similar findings have been found in this PR
🔎 Expand here to view all instances of this finding
| File Path | Line Number |
|---|---|
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOidcClientBeans.java | 143 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOidcClientBeans.java | 172 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/SpringAddonsOidcBeans.java | 58 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/ReactiveSpringAddonsOidcClientBeans.java | 183 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOidcClientBeans.java | 142 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/ReactiveSpringAddonsOidcBeans.java | 58 |
Visit the Lift Web Console to find more details in your report.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| /** | ||
| * @author Jerome Wacongne ch4mp@c4-soft.com | ||
| */ | ||
| @ConditionalOnWebApplication(type = Type.SERVLET) |
There was a problem hiding this comment.
BadImport: Importing nested classes/static methods/static fields with commonly-used names can make code harder to read, because it may not be clear from the context exactly which type is being referred to. Qualifying the name with that of the containing class can make the code clearer. Here we recommend using qualified class: ConditionalOnWebApplication.
| @ConditionalOnWebApplication(type = Type.SERVLET) | |
| @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET) |
❗❗ 4 similar findings have been found in this PR
🔎 Expand here to view all instances of this finding
| File Path | Line Number |
|---|---|
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsBackChannelLogoutBeans.java | 56 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/configuration/IsNotServlet.java | 13 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOidcClientBeans.java | 60 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/resourceserver/SpringAddonsOidcResourceServerBeans.java | 85 |
Visit the Lift Web Console to find more details in your report.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| } | ||
| return source; | ||
| } | ||
|
|
||
| /** | ||
| * Provides with multi-tenancy: builds a AuthenticationManagerResolver<HttpServletRequest> per provided OIDC issuer URI |
There was a problem hiding this comment.
UnescapedEntity: This looks like a type with type parameters. The < and > characters here will be interpreted as HTML, which can be avoided by wrapping it in a {@code } tag.
| * Provides with multi-tenancy: builds a AuthenticationManagerResolver<HttpServletRequest> per provided OIDC issuer URI | |
| * Provides with multi-tenancy: builds a {@code AuthenticationManagerResolver<HttpServletRequest>} per provided OIDC issuer URI |
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| import java.util.stream.Collectors; | ||
|
|
||
| /** | ||
| * @author Jérôme Wacongne <ch4mp#64;c4-soft.com> |
There was a problem hiding this comment.
MissingSummary: A summary line is required on public/protected Javadocs.
❗❗ 7 similar findings have been found in this PR
🔎 Expand here to view all instances of this finding
| File Path | Line Number |
|---|---|
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/ReactiveSpringAddonsOidcBeans.java | 121 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/SpringAddonsOidcBeans.java | 46 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcProperties.java | 61 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/ReactiveSpringAddonsOidcBeans.java | 46 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/SpringAddonsOidcBeans.java | 122 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOidcClientBeans.java | 182 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcProperties.java | 72 |
Visit the Lift Web Console to find more details in your report.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| @@ -145,16 +162,16 @@ SecurityWebFilterChain clientFilterChain( | |||
| * (Keycloak for instance), off course, but also those which are close enough to | |||
| * it (Auth0, Cognito, ...) | |||
| * | |||
| * @param clientProps {@link SpringAddonsOAuth2ClientProperties} to pick logout | |||
| * @param addonsProperties {@link SpringAddonsOAuth2ClientProperties} to pick logout | |||
| * configuration for divergence to the standard (logout URI | |||
| * not provided in .well-known/openid-configuration and | |||
| * non-conform parameter names) | |||
| * @return {@link SpringAddonsOAuth2LogoutRequestUriBuilder] | |||
There was a problem hiding this comment.
UnrecognisedJavadocTag: This Javadoc tag wasn't recognised by the parser. Is it malformed somehow, perhaps with mismatched braces?
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| * @return {@link SpringAddonsOAuth2LogoutRequestUriBuilder] | ||
| * @param addonsProperties {@link SpringAddonsOAuth2ClientProperties} to pick logout configuration for divergence to the standard (logout URI not provided | ||
| * in .well-known/openid-configuration and non-conform parameter names) | ||
| * @return {@link SpringAddonsOAuth2LogoutRequestUriBuilder] |
There was a problem hiding this comment.
UnrecognisedJavadocTag: This Javadoc tag wasn't recognised by the parser. Is it malformed somehow, perhaps with mismatched braces?
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| */ | ||
| public interface ClaimSet extends Map<String, Object>, Serializable { | ||
|
|
||
| default <T> T getByJsonPath(String jsonPath) { |
There was a problem hiding this comment.
TypeParameterUnusedInFormals: Declaring a type parameter that is only used in the return type is a misuse of generics: operations on the type parameter are unchecked, it hides unsafe casts at invocations of the method, and it interacts badly with method overload resolution.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| * defined there is used by both client and resource server filter-chains. | ||
| */ | ||
| @NestedConfigurationProperty | ||
| private OpenidProviderProperties[] ops = {}; |
There was a problem hiding this comment.
AvoidObjectArrays: Avoid returning a OpenidProviderProperties[]; consider an ImmutableList instead
❗❗ 17 similar findings have been found in this PR
🔎 Expand here to view all instances of this finding
| File Path | Line Number |
|---|---|
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcResourceServerProperties.java | 25 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcResourceServerProperties.java | 41 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcClientProperties.java | 23 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcResourceServerProperties.java | 14 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcClientProperties.java | 63 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcClientProperties.java | 89 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/CorsProperties.java | 20 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcClientProperties.java | 31 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/CorsProperties.java | 35 |
| spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/CorsProperties.java | 25 |
Showing 10 of 17 findings. Visit the Lift Web Console to see all.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
🛠 Lift Auto-fixSome of the Lift findings in this PR can be automatically fixed. You can download and apply these changes in your local project directory of your branch to review the suggestions before committing.1 # Download the patch
curl https://lift.sonatype.com/api/patch/github.com/ch4mpy/spring-addons/137.diff -o lift-autofixes.diff
# Apply the patch with git
git apply lift-autofixes.diff
# Review the changes
git diffWant it all in a single command? Open a terminal in your project's directory and copy and paste the following command: curl https://lift.sonatype.com/api/patch/github.com/ch4mpy/spring-addons/137.diff | git applyOnce you're satisfied, commit and push your changes in your project. Footnotes |
No description provided.