Last active
February 5, 2026 11:52
-
-
Save Bludwarf/1c32dc9382c33cfcc8f85f46e25e1979 to your computer and use it in GitHub Desktop.
Not `@Secured` Controller method
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import com.intellij.codeHighlighting.HighlightDisplayLevel | |
| import com.intellij.codeInspection.AbstractBaseJavaLocalInspectionTool | |
| import com.intellij.codeInspection.LocalQuickFix | |
| import com.intellij.codeInspection.ProblemDescriptor | |
| import com.intellij.codeInspection.ProblemsHolder | |
| import com.intellij.openapi.project.Project | |
| import com.intellij.psi.JavaElementVisitor | |
| import com.intellij.psi.PsiClass | |
| import com.intellij.psi.PsiMethod | |
| import liveplugin.registerInspection | |
| import liveplugin.show | |
| // depends-on-plugin com.intellij.java | |
| // FIXME la déclaration de constante à ce niveau semble poser problème à l'IDE | |
| registerInspection(NotSecuredControllerMethodInspection()) | |
| if (!isIdeStartup) { | |
| show("Inspection (re)chargée.") | |
| } | |
| class NotSecuredControllerMethodInspection : AbstractBaseJavaLocalInspectionTool() { | |
| override fun getGroupDisplayName() = "Live plugin" | |
| override fun getDisplayName() = "@Secured manquant" | |
| override fun isEnabledByDefault() = true | |
| override fun getStaticDescription() = "Propose d'annoter @Secured une méthode de contrôleur." | |
| override fun getDefaultLevel() = HighlightDisplayLevel.WARNING | |
| override fun getShortName() = "NotSecuredControllerMethodInspection" | |
| override fun buildVisitor(holder: ProblemsHolder, isOnTheFly: Boolean) = object : JavaElementVisitor() { | |
| override fun visitMethod(method: PsiMethod) { | |
| super.visitMethod(method) | |
| val controller = method.parent as PsiClass | |
| if (!isController(controller)) { | |
| return | |
| } | |
| if (isPublic(method) && !isAnnotatedSecured(method)) { | |
| holder.registerProblem( | |
| method, | |
| "La méthode '${method.name}' devrait être annotée @Secured", | |
| NotSecuredControllerMethodQuickFix() | |
| ) | |
| } | |
| } | |
| } | |
| private fun isPublic(method: PsiMethod) = method.modifierList.hasModifierProperty("public") | |
| private fun isController(controller: PsiClass) = | |
| controller.hasAnnotation("org.springframework.stereotype.Controller") | |
| private fun isAnnotatedSecured(method: PsiMethod): Boolean { | |
| return method.hasAnnotation("org.springframework.security.access.annotation.Secured") | |
| } | |
| } | |
| class NotSecuredControllerMethodQuickFix : LocalQuickFix { | |
| override fun applyFix(project: Project, descriptor: ProblemDescriptor) { | |
| val method = descriptor.psiElement as PsiMethod | |
| method.modifierList.addAnnotation("org.springframework.security.access.annotation.Secured") | |
| } | |
| override fun getName() = "Annoter @Secured" | |
| override fun getFamilyName() = name | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment