marcel/familienarchiv
1
0
Fork 0
Code Issues 127 Pull Requests 1 Actions 1 Packages Projects Releases Wiki Activity

docs(c4): fix 3a security — email field, permitted endpoints

Browse Source
This commit is contained in:
Marcel
2026-05-06 09:54:31 +02:00
parent d4eb0edfe1
commit d51c5e9b80
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/architecture/c4-diagrams.md
View File

@@ -73,16 +73,16 @@ C4Component
ContainerDb(db, "PostgreSQL") ContainerDb(db, "PostgreSQL")
System_Boundary(backend, "API Backend (Spring Boot)") { System_Boundary(backend, "API Backend (Spring Boot)") {
Component(secFilter, "Security Filter Chain", "Spring Security", "Enforces authentication on all requests. Parses Basic Auth header and validates credentials via BCrypt.") Component(secFilter, "Security Filter Chain", "Spring Security", "Enforces authentication on all requests. Parses Basic Auth header and validates credentials via BCrypt. Permits password-reset, invite, and register endpoints without authentication.")
Component(permAspect, "PermissionAspect", "Spring AOP", "Intercepts methods annotated with @RequirePermission. Checks user's granted authorities against the required permission. Throws 401/403 if denied.") Component(permAspect, "PermissionAspect", "Spring AOP", "Intercepts methods annotated with @RequirePermission. Checks user's granted authorities against the required permission. Throws 401/403 if denied.")
Component(secConf, "SecurityConfig", "Spring @Configuration", "Configures filter chain: all routes require authentication, CSRF disabled, BCrypt password encoder, DaoAuthenticationProvider with CustomUserDetailsService.") Component(secConf, "SecurityConfig", "Spring @Configuration", "Configures filter chain: all routes require authentication, CSRF disabled, BCrypt password encoder, DaoAuthenticationProvider with CustomUserDetailsService.")
Component(userDetails, "CustomUserDetailsService", "Spring Security UserDetailsService", "Loads AppUser by username from DB. Converts group permissions to Spring GrantedAuthority objects.") Component(userDetails, "CustomUserDetailsService", "Spring Security UserDetailsService", "Loads AppUser by email from DB. Converts group permissions to Spring GrantedAuthority objects. Logs unknown permissions.")
} }
Rel(frontend, secFilter, "All requests", "HTTP / Basic Auth header") Rel(frontend, secFilter, "All requests", "HTTP / Basic Auth header")
Rel(secFilter, permAspect, "Authenticated requests proceed to guarded methods", "AOP @Around") Rel(secFilter, permAspect, "Authenticated requests proceed to guarded methods", "AOP @Around")
Rel(secConf, userDetails, "Wires as UserDetailsService", "") Rel(secConf, userDetails, "Wires as UserDetailsService", "")
Rel(userDetails, db, "Loads user by username", "JDBC") Rel(userDetails, db, "Loads user by email", "JDBC")
``` ```
### 3b — Document, File & Import Domain ### 3b — Document, File & Import Domain