Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save righettod/9ddcec8f2dc85e6cbabce92d723402b9 to your computer and use it in GitHub Desktop.
Save righettod/9ddcec8f2dc85e6cbabce92d723402b9 to your computer and use it in GitHub Desktop.
Script to identify classes defining JavaEE JWS web accessible methods without an authorization annotation on them.
#!/bin/bash
echo "Folder:"
pwd
for line in $(grep -rFc "@WebMethod" * | grep -v ":0")
do
services_count=$(echo $line | cut -d':' -f2)
java_class_file=$(echo $line | cut -d':' -f1)
auth_annot_count=$(grep -rFc "@RolesAllowed" $java_class_file)
if [ "$services_count" != "$auth_annot_count" ]
then
echo $line
fi
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment