Don't expose default role

git-svn-id: https://svn.argeo.org/commons/trunk@2980 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc

diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityDao.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityDao.java
index c317e15c1a10a316400ef68a8320f0bdefc7214c..dacf667f2c620a4598841e72241dbeb197d8ce14 100644 (file)
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityDao.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityDao.java
@@ -3,6 +3,8 @@ package org.argeo.security;
 import java.util.List;
 
 public interface ArgeoSecurityDao {
+       public ArgeoUser getCurrentUser();
+       
        public List<ArgeoUser> listUsers();
 
        public List<String> listEditableRoles();

diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
index 83e090661533ea71e00f01d36606663ce488cf17..763539ce25afb8d0b39d98bb94fb40a59756ec03 100644 (file)
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
@@ -19,6 +19,8 @@ import org.springframework.ldap.core.ContextSource;
 import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.ldap.core.DistinguishedName;
 import org.springframework.ldap.core.LdapTemplate;
+import org.springframework.security.Authentication;
+import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.security.ldap.DefaultLdapUsernameToDnMapper;
 import org.springframework.security.ldap.LdapAuthoritiesPopulator;
 import org.springframework.security.ldap.LdapUsernameToDnMapper;
@@ -92,6 +94,15 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
                return createBasicArgeoUser(getDetails(uname));
        }
 
+       public ArgeoUser getCurrentUser() {
+               Authentication authentication = SecurityContextHolder.getContext()
+                               .getAuthentication();
+               ArgeoUser argeoUser = ArgeoUserDetails.asArgeoUser(authentication);
+               if (argeoUser.getRoles().contains(defaultRole))
+                       argeoUser.getRoles().remove(defaultRole);
+               return argeoUser;
+       }
+
        @SuppressWarnings("unchecked")
        public List<ArgeoUser> listUsers() {
                List<String> usernames = (List<String>) ldapTemplate.listBindings(
@@ -247,4 +258,8 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
        public void setUserNatureMappers(List<UserNatureMapper> userNatureMappers) {
                this.userNatureMappers = userNatureMappers;
        }
+
+       public String getDefaultRole() {
+               return defaultRole;
+       }
 }

diff --git a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java
index a4a2e4556360051f0cb078384d2d5c827fa9151c..88dc15589b33732e071d515a2e2385a94e99e7c6 100644 (file)
--- a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java
+++ b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java
@@ -9,18 +9,11 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.argeo.security.ArgeoSecurityService;
 import org.argeo.security.ArgeoUser;
-import org.argeo.security.SimpleArgeoUser;
-import org.argeo.security.core.ArgeoUserDetails;
 import org.argeo.server.BooleanAnswer;
-import org.argeo.server.DeserializingEditor;
 import org.argeo.server.ServerAnswer;
 import org.argeo.server.ServerDeserializer;
 import org.argeo.server.mvc.MvcConstants;
-import org.springframework.security.Authentication;
-import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.WebDataBinder;
-import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -34,20 +27,18 @@ public class UsersRolesController implements MvcConstants {
 
        private ServerDeserializer userDeserializer = null;
 
-       @InitBinder
-       public void initBinder(WebDataBinder binder) {
-               binder.registerCustomEditor(SimpleArgeoUser.class,
-                               new DeserializingEditor(userDeserializer));
-       }
+       // @InitBinder
+       // public void initBinder(WebDataBinder binder) {
+       // binder.registerCustomEditor(SimpleArgeoUser.class,
+       // new DeserializingEditor(userDeserializer));
+       // }
 
        /* USER */
 
        @RequestMapping("/getCredentials.security")
        @ModelAttribute(ANSWER_MODEL_KEY)
        public ArgeoUser getCredentials() {
-               Authentication authentication = SecurityContextHolder.getContext()
-                               .getAuthentication();
-               return ArgeoUserDetails.asArgeoUser(authentication);
+               return securityService.getSecurityDao().getCurrentUser();
        }
 
        @RequestMapping("/getUsersList.security")