Skip to content

Instantly share code, notes, and snippets.

@Bludwarf
Last active February 5, 2026 11:52
Show Gist options
  • Select an option

  • Save Bludwarf/1c32dc9382c33cfcc8f85f46e25e1979 to your computer and use it in GitHub Desktop.

Select an option

Save Bludwarf/1c32dc9382c33cfcc8f85f46e25e1979 to your computer and use it in GitHub Desktop.
Not `@Secured` Controller method
import com.intellij.codeHighlighting.HighlightDisplayLevel
import com.intellij.codeInspection.AbstractBaseJavaLocalInspectionTool
import com.intellij.codeInspection.LocalQuickFix
import com.intellij.codeInspection.ProblemDescriptor
import com.intellij.codeInspection.ProblemsHolder
import com.intellij.openapi.project.Project
import com.intellij.psi.JavaElementVisitor
import com.intellij.psi.PsiClass
import com.intellij.psi.PsiMethod
import liveplugin.registerInspection
import liveplugin.show
// depends-on-plugin com.intellij.java
// FIXME la déclaration de constante à ce niveau semble poser problème à l'IDE
registerInspection(NotSecuredControllerMethodInspection())
if (!isIdeStartup) {
show("Inspection (re)chargée.")
}
class NotSecuredControllerMethodInspection : AbstractBaseJavaLocalInspectionTool() {
override fun getGroupDisplayName() = "Live plugin"
override fun getDisplayName() = "@Secured manquant"
override fun isEnabledByDefault() = true
override fun getStaticDescription() = "Propose d'annoter @Secured une méthode de contrôleur."
override fun getDefaultLevel() = HighlightDisplayLevel.WARNING
override fun getShortName() = "NotSecuredControllerMethodInspection"
override fun buildVisitor(holder: ProblemsHolder, isOnTheFly: Boolean) = object : JavaElementVisitor() {
override fun visitMethod(method: PsiMethod) {
super.visitMethod(method)
val controller = method.parent as PsiClass
if (!isController(controller)) {
return
}
if (isPublic(method) && !isAnnotatedSecured(method)) {
holder.registerProblem(
method,
"La méthode '${method.name}' devrait être annotée @Secured",
NotSecuredControllerMethodQuickFix()
)
}
}
}
private fun isPublic(method: PsiMethod) = method.modifierList.hasModifierProperty("public")
private fun isController(controller: PsiClass) =
controller.hasAnnotation("org.springframework.stereotype.Controller")
private fun isAnnotatedSecured(method: PsiMethod): Boolean {
return method.hasAnnotation("org.springframework.security.access.annotation.Secured")
}
}
class NotSecuredControllerMethodQuickFix : LocalQuickFix {
override fun applyFix(project: Project, descriptor: ProblemDescriptor) {
val method = descriptor.psiElement as PsiMethod
method.modifierList.addAnnotation("org.springframework.security.access.annotation.Secured")
}
override fun getName() = "Annoter @Secured"
override fun getFamilyName() = name
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment