Backend Security and RBAC

Authentication Flow

Primary backend auth filter:

  • JwtAuthenticationAuthorizationFilter

Behavior:

  • If enable.auth is disabled, requests pass with a non-authenticated context
  • If enabled, non-PermitAll endpoints require Authorization: Bearer <token>
  • Token is verified and mapped to UserSecurityContext
  • Missing/invalid token results in 401

Authorization Enforcement

Authorization is annotation-driven:

  • @RolesAllowed on resource classes/methods
  • Runtime enforcement by RolesAllowedDynamicFeature

Role constants are defined in utils/Roles.java:

  • system_admin
  • administrator
  • device_role
  • field_role
  • data_role
  • inventory_role
  • custom_official_role
  • manager_role
  • * (ALL_ROLES)

Role Coverage Snapshot (Code-Generated)

From governance RBAC artifacts (governance-data.json, endpoint-role occurrences):

Role Endpoint Occurrences
ADMINISTRATOR 122
CUSTOM_OFFICIAL 67
MANAGER 47
INVENTORY 37
SYSTEM_ADMIN 32
FIELD_OFFICIAL 31
DEVICE 28
ALL_ROLES 11
DATA 6

Frontend Role Gate Mapping

Portal route wrappers in Navigation.jsx check roles such as:

  • ects_view_cargo
  • ects_view_journey
  • ects_view_route
  • ects_view_inventory
  • ects_view_device
  • ects_view_alerts
  • ects_view_reports
  • corresponding ects_edit_* roles

This means practical access control is two-layered:

  1. Frontend route/menu visibility based on role claims
  2. Backend API-level @RolesAllowed enforcement

Security Engineering Checklist

  • Keep enable.auth=true for non-local environments
  • Validate OpenID/keycloak config values before deployment
  • Ensure every new endpoint has explicit role requirements
  • Align frontend role strings with backend role-to-capability model
  • Audit for any ALL_ROLES usage and narrow when possible