Skip to content

SSCSCI-2404: validate service authorisation for evidence upload endpoints#5118

Open
benouaer wants to merge 7 commits intomasterfrom
SSCSCI-2404-add-serviceAuth-to-evidence-upload-endpoints
Open

SSCSCI-2404: validate service authorisation for evidence upload endpoints#5118
benouaer wants to merge 7 commits intomasterfrom
SSCSCI-2404-add-serviceAuth-to-evidence-upload-endpoints

Conversation

@benouaer
Copy link
Contributor

@benouaer benouaer commented Mar 10, 2026
edited
Loading

Jira link

Change description

  • add serviceAuth filter in Spring security config to secure evidence upload endpoints
  • merged StatementController.java into EvidenceUploadController.java
  • moved authenticate method call away from controllers and made it internal to the authorisation service
  • removed duplicate AuthorisationServiceTest, moving across any relevant tests

Testing done

  • local testing through CFTLib

Security Vulnerability Assessment

CVE Suppression: Are there any CVEs present in the codebase (either newly introduced or pre-existing) that are being intentionally suppressed or ignored by this commit?

  • Yes
  • No

Checklist

  • commit messages are meaningful and follow good commit message guidelines
  • README and other documentation has been updated / added (if needed)
  • tests have been updated / new tests has been added (if needed)
  • Does this PR introduce a breaking change

@benouaer benouaer requested a review from a team as a code owner March 10, 2026 14:43
@github-actions
Copy link

github-actions bot commented Mar 10, 2026

CCD diff report

No change

@hmcts-jenkins-j-to-z hmcts-jenkins-j-to-z bot requested a deployment to preview March 10, 2026 15:03 Abandoned
@github-actions
Copy link

github-actions bot commented Mar 10, 2026
edited
Loading

Integration Tests results

   84 files  ±0     84 suites  ±0   10m 51s ⏱️ -17s
1 507 tests ±0  1 499 ✅ ±0  8 💤 ±0  0 ❌ ±0 
1 510 runs  ±0  1 502 ✅ ±0  8 💤 ±0  0 ❌ ±0 

Results for commit cc3388e. ± Comparison against base commit 552bff1.

This pull request removes 2 and adds 2 tests. Note that renamed tests count towards both. 
uk.gov.hmcts.reform.sscs.bulkscan.controllers.SscsBulkScanExceptionRecordCallback ‑ [1] url=http://localhost:39927/transform-exception-record/, isAuto=false
uk.gov.hmcts.reform.sscs.bulkscan.controllers.SscsBulkScanExceptionRecordCallback ‑ [2] url=http://localhost:39927/transform-scanned-data/, isAuto=true

uk.gov.hmcts.reform.sscs.bulkscan.controllers.SscsBulkScanExceptionRecordCallback ‑ [1] url=http://localhost:35667/transform-exception-record/, isAuto=false
uk.gov.hmcts.reform.sscs.bulkscan.controllers.SscsBulkScanExceptionRecordCallback ‑ [2] url=http://localhost:35667/transform-scanned-data/, isAuto=true

♻️ This comment has been updated with latest results.

@hmcts-jenkins-j-to-z hmcts-jenkins-j-to-z bot requested a deployment to preview March 11, 2026 07:09 Abandoned
@benouaer benouaer force-pushed the SSCSCI-2404-add-serviceAuth-to-evidence-upload-endpoints branch from 50546de to 8522b0d Compare March 11, 2026 17:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nitinprabhuhmcts nitinprabhuhmcts nitinprabhuhmcts approved these changes

@tomparker-solirius tomparker-solirius tomparker-solirius approved these changes

Assignees

No one assigned

Labels

enable_keep_helm ns:sscs prd:sscs rel:sscs-tribunals-api-pr-5118

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@benouaer @nitinprabhuhmcts @tomparker-solirius