22 lines
1.5 KiB
Plaintext
22 lines
1.5 KiB
Plaintext
@startuml
|
|
!include <C4/C4_Component>
|
|
|
|
title Component Diagram: API Backend — Security & Authentication
|
|
|
|
Container(frontend, "Web Frontend", "SvelteKit")
|
|
ContainerDb(db, "PostgreSQL", "PostgreSQL 16")
|
|
|
|
System_Boundary(backend, "API Backend (Spring Boot)") {
|
|
Component(secFilter, "Security Filter Chain", "Spring Security", "Enforces authentication on all requests. Parses Basic Auth header and constructs an Authentication token; delegates credential validation to DaoAuthenticationProvider via BCrypt. Permits password-reset, invite, and register endpoints without authentication.")
|
|
Component(permAspect, "PermissionAspect", "Spring AOP", "Intercepts methods annotated with @RequirePermission. Checks user's granted authorities against the required permission. Throws 401/403 if denied.")
|
|
Component(secConf, "SecurityConfig", "Spring @Configuration", "Configures filter chain: all routes require authentication, CSRF disabled, BCrypt password encoder, DaoAuthenticationProvider with CustomUserDetailsService.")
|
|
Component(userDetails, "CustomUserDetailsService", "Spring Security UserDetailsService", "Loads AppUser by email from DB. Converts group permissions to Spring GrantedAuthority objects. Logs unknown permissions.")
|
|
}
|
|
|
|
Rel(frontend, secFilter, "All requests", "HTTP / Basic Auth header")
|
|
Rel(secFilter, permAspect, "Authenticated requests reach guarded service methods")
|
|
Rel(secConf, userDetails, "Wires as UserDetailsService")
|
|
Rel(userDetails, db, "Loads user by email", "JDBC")
|
|
|
|
@enduml
|