Create root user on IAM application startup#28
Conversation
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (30)
📝 WalkthroughWalkthroughThis PR upgrades Java from 25 to 26, removes GraalVM native tooling across build configs, reorganizes User and security classes into a new core module, enhances User persistence with auditing relationships and soft-delete support, introduces security utilities for bootstrap, and updates the database schema to match. ChangesJava Runtime & Security Module Refactor
Sequence DiagramsequenceDiagram
participant IAMApp as IAMApplication
participant UBootstrap as UserBootstrap
participant LockReg as LockRegistry
participant SecTemplate as SecurityContextTemplate
participant Identifiers as Identifiers
participant UserRepo as UserRepository
participant Database as Database
IAMApp->>UBootstrap: run(ApplicationArguments)
UBootstrap->>LockReg: acquire lock "iam.users"
UBootstrap->>UserRepo: findByUsernameAndDeletedAtIsNull("system")
UserRepo->>Database: query users WHERE username='system' AND deleted_at IS NULL
Database-->>UserRepo: system user
alt system user missing
UBootstrap->>UBootstrap: log and exit
else root user exists
UBootstrap->>UBootstrap: log and skip creation
else proceed to create root
UBootstrap->>Identifiers: ofUsername("system")
Identifiers->>UserRepo: findByUsernameAndDeletedAtIsNull("system")
UserRepo-->>Identifiers: system user
Identifiers-->>UBootstrap: Callable<Authentication>
UBootstrap->>SecTemplate: use(callable).run(rootCreation)
SecTemplate->>SecTemplate: swap SecurityContext with system auth
SecTemplate->>UserRepo: save(root user)
UserRepo->>Database: INSERT root user with created_by=system.id
SecTemplate->>SecTemplate: restore previous SecurityContext
end
LockReg->>UBootstrap: release lock
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Possibly related PRs
Suggested labels
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
aa7fadd to
9a4abfe
Compare
…, repository, and auditing capabilities; update application configuration and database schema.
…in from build files
…User entity to simplify JoinColumn annotations; add package-info.java for bootstrap package with NullMarked annotation.
443afb3 to
4b9476d
Compare
This pull request introduces significant refactoring and improvements to the core security and infrastructure modules, with a focus on modularization, enhanced auditing, and improved user management. The changes include moving infrastructure classes to more appropriate module-specific packages, implementing auditing support, and enriching the
Usermodel with auditing fields and sensible defaults. Additionally, several new support utilities have been added for security context handling, and the build workflow has been simplified and updated.Core modularization and refactoring:
Moved infrastructure classes such as
JdbcLockConfigurationandPasswordEncoderConfigurationtocore.module.lockandcore.module.security.configurationrespectively, and updated related package-info files and auto-configuration imports for better modular separation. (core/src/main/java/com/workastra/core/module/lock/JdbcLockConfiguration.java,core/src/main/java/com/workastra/core/module/lock/package-info.java,core/src/main/java/com/workastra/core/module/security/configuration/PasswordEncoderConfiguration.java,core/src/main/java/com/workastra/core/module/security/configuration/package-info.java,core/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports, [1] [2] [3] [4] [5]Moved security-related entities and repositories (
User,UserRepository) from theiammodule tocore.module.security, and adjusted their package structure and related package-info files accordingly. (core/src/main/java/com/workastra/core/module/security/model/User.java,core/src/main/java/com/workastra/core/module/security/model/package-info.java,core/src/main/java/com/workastra/core/module/security/repository/UserRepository.java,core/src/main/java/com/workastra/core/module/security/repository/package-info.java, [1] [2] [3] [4]Auditing enhancements:
Introduced
AuditorAwareImplto provide auditing support for entities, enabling automatic population of created/updated by fields using the current authenticated user. (core/src/main/java/com/workastra/core/module/auditing/AuditorAwareImpl.java,core/src/main/java/com/workastra/core/module/auditing/package-info.java, [1] [2]Updated the
Userentity to include auditing fields (createdBy,updatedBy,deletedBy,deletedAt) with proper JPA and Spring Data annotations, and enabled entity listeners for auditing. (core/src/main/java/com/workastra/core/module/security/model/User.java, [1] [2] [3] [4]User model improvements:
Added sensible defaults for several
Userfields (e.g.,gender,locale,accountNonExpired, etc.) and improved thegetFullName()method to handle null values more gracefully. (core/src/main/java/com/workastra/core/module/security/model/User.java, [1] [2] [3]Extended
UserRepositorywith a new methodfindByUsernameAndDeletedAtIsNullto support soft-deleted users. (core/src/main/java/com/workastra/core/module/security/repository/UserRepository.java, core/src/main/java/com/workastra/core/module/security/repository/UserRepository.javaR13-R15)Security support utilities:
IdentifiersandSecurityContextTemplateutility classes to simplify working with authentication and security contexts in a programmatic way. (core/src/main/java/com/workastra/core/module/security/support/Identifiers.java,core/src/main/java/com/workastra/core/module/security/support/SecurityContextTemplate.java,core/src/main/java/com/workastra/core/module/security/support/package-info.java, [1] [2] [3]Build and workflow updates:
Updated the GitHub Actions workflow to use Corretto JDK 26 instead of GraalVM, removed native build/test jobs, and consolidated JVM build and test steps for simplification. (
.github/workflows/workastra_platform.yaml, [1] [2] [3]Removed the GraalVM build tools plugin from both
console/build.gradle.ktsandiam/build.gradle.kts. [1] [2]Summary by CodeRabbit
New Features
Infrastructure