VASecurity Backend

Overall description

VASecurity is a Spring Java application. It's built with Maven and should be normally run using the spring-boot-maven-plugin. It works with PostgreSQL database and uses MyBatis as an ORM tool.

VASecurity main goal is to verify and set up permissions for data access for users. Furthermore, it records user's interaction with application.

Modular structure

Project contains several Maven modules:

• auditlogger — is in charge of relations between frontend and backend and contains all REST-based resources providing access to the backend data. It stores the frontend code itself too. Also, this module contains the whole application entry point (com.acuity.visualisations.rest.config.ApplicationWeb class).
• auth — provides authentication for VAHub and AdminUI and verifies permissions for data access.
• common — provides API for connecting to Microsoft Azure Active Directory.
• config — contains configuration files and classes and some caching logic
• domain — contains domain entities for all modules
• rest — module providing REST endpoint for front end
• security — module providing endpoints for ACUITY web services
• web — module with front end part of VASecurity

Deprecated elements

Historically, there were two implementations of the same system: ACUITY and DETECT, and they co-existed in the same code base. That's why many interfaces have two different implementations each: Acuity and Detect one. Sometimes, code logic depends also on that it's ACUITY or DETECT instance running. But currently there is no DETECT system in our code base, and all the Detect elements should be considered as deprecated and gradually removed, and the code should be simplified where such a change allows it.