Don't expose default role

[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.core / src / main / java / org / argeo / security / ldap / ArgeoSecurityDaoLdap.java

diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
index 83e090661533ea71e00f01d36606663ce488cf17..763539ce25afb8d0b39d98bb94fb40a59756ec03 100644 (file)
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
@@ -19,6 +19,8 @@ import org.springframework.ldap.core.ContextSource;
 import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.ldap.core.DistinguishedName;
 import org.springframework.ldap.core.LdapTemplate;
+import org.springframework.security.Authentication;
+import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.security.ldap.DefaultLdapUsernameToDnMapper;
 import org.springframework.security.ldap.LdapAuthoritiesPopulator;
 import org.springframework.security.ldap.LdapUsernameToDnMapper;
@@ -92,6 +94,15 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
                return createBasicArgeoUser(getDetails(uname));
        }
 
+       public ArgeoUser getCurrentUser() {
+               Authentication authentication = SecurityContextHolder.getContext()
+                               .getAuthentication();
+               ArgeoUser argeoUser = ArgeoUserDetails.asArgeoUser(authentication);
+               if (argeoUser.getRoles().contains(defaultRole))
+                       argeoUser.getRoles().remove(defaultRole);
+               return argeoUser;
+       }
+
        @SuppressWarnings("unchecked")
        public List<ArgeoUser> listUsers() {
                List<String> usernames = (List<String>) ldapTemplate.listBindings(
@@ -247,4 +258,8 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
        public void setUserNatureMappers(List<UserNatureMapper> userNatureMappers) {
                this.userNatureMappers = userNatureMappers;
        }
+
+       public String getDefaultRole() {
+               return defaultRole;
+       }
 }