Authorization is a central and security-critical component of enterprise applications. Therefore, it is particularly important in this area to make the work for developers as clear and simple as possible. The new A12 release 2024.06-ext4 therefore offers extensive improvements to the developer experience with the authorization rules of the UAA component in IntelliJ and VS Code.
Who is allowed to see a private customer’s address and under what circumstances? Who has access to employee salary data? Who needs access to time bookings? These and similar questions arise in numerous enterprise software projects. A12 offers the User Authentication and Authorization (UAA) component to securely manage user groups and access rights. While role-based authorization can be set directly in the Simple Model Editor, attribute-based rules, such as access to user data only for appropriately assigned case workers, are maintained in a JSON file. This file often grows to a considerable size in the context of enterprise projects. The sheer number of rules not only makes it difficult to maintain an overview, but it can also quickly lead to typos or defined but unused rules being overlooked. The UAA update in the new A12 release addresses these and other challenges.
What’s new?
Highlighting
The most obvious change after opening the JSON file is probably the code highlighting. While the standard JSON highlighting in VS Code and IntelliJ gets by with only two text colors, a distinction is now made between labels, keywords, policies and policy references:
Figure 1: Code Highlighting in IntelliJ (left: old, right: new)
But not only the JSON code itself has been given a new highlighting, the new release also includes grammar highlighting. This is used to display warnings according to the spring expression syntax, or to mark policy definitions that are not used in the code. These changes help developers to recognize the relevant information more quickly.
Autocomplete
Of course, developers not only read JSON files, but also make changes or extensions to them. In the future, this task will be supported by the auto-complete function, which suggests a list of defined resources with an indication of the respective entity. This mechanism not only makes input faster, but also reduces the risk of typos.
Figure 2: Autocomplete in IntelliJ
Quick navigation
A powerful tool for quickly understanding and editing the authorization JSON file is an intuitive navigation that allows you to go from using a policy to its definition and back again, without the cumbersome detour of using Ctrl+F. That’s why a corresponding feature for quick navigation is included in the UAA update for the new A12 release. It allows you to jump between root definitions and the permissions that use those definitions.
Figure 3: Quick-navigation in IntelliJ
How do I use these new features?
The functions are based on a Language Server protocol and are provided as an npm package (uaa-authorization-language-server) for local installation. To actually use the Language Server, appropriate plug-ins are required: “Isp4ij” for IntelliJ and “Generic LSP CLient” for VS Code. In addition to the installation of plug-ins, further configuration steps are necessary, which can be found in the UAA documentation.
Conclusion
The new A12 release brings massive “quality-of-life” improvements for all developers who work with the authorization of the UAA component. The advantages are, of course, most obviously a reduction in the time required and in the potential for frustration. Closely linked to this is, however, also a reduction in the risk of security vulnerabilities arising due to a lack of overview, insufficient error indicators or typos. Therefore, this update will not only simplify the work of developers, but also improve the security of the application.
Further information:
- Website: A12
- A12 Platform Outlook (2025.02): PDF, english
- A12 Platform Updates (Release 2024.06-ext4): PDF, english
