From: Mathieu Baudier Date: Sat, 19 Sep 2009 18:13:58 +0000 (+0000) Subject: Don't expose default role X-Git-Tag: argeo-commons-2.1.30~1774 X-Git-Url: https://git.argeo.org/?p=lgpl%2Fargeo-commons.git;a=commitdiff_plain;h=e80be147bdb65aa2a0c34e848ca78851b781508d Don't expose default role git-svn-id: https://svn.argeo.org/commons/trunk@2980 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc --- diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityDao.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityDao.java index c317e15c1..dacf667f2 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityDao.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityDao.java @@ -3,6 +3,8 @@ package org.argeo.security; import java.util.List; public interface ArgeoSecurityDao { + public ArgeoUser getCurrentUser(); + public List listUsers(); public List listEditableRoles(); diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java index 83e090661..763539ce2 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java @@ -19,6 +19,8 @@ import org.springframework.ldap.core.ContextSource; import org.springframework.ldap.core.DirContextAdapter; import org.springframework.ldap.core.DistinguishedName; import org.springframework.ldap.core.LdapTemplate; +import org.springframework.security.Authentication; +import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.ldap.DefaultLdapUsernameToDnMapper; import org.springframework.security.ldap.LdapAuthoritiesPopulator; import org.springframework.security.ldap.LdapUsernameToDnMapper; @@ -92,6 +94,15 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean return createBasicArgeoUser(getDetails(uname)); } + public ArgeoUser getCurrentUser() { + Authentication authentication = SecurityContextHolder.getContext() + .getAuthentication(); + ArgeoUser argeoUser = ArgeoUserDetails.asArgeoUser(authentication); + if (argeoUser.getRoles().contains(defaultRole)) + argeoUser.getRoles().remove(defaultRole); + return argeoUser; + } + @SuppressWarnings("unchecked") public List listUsers() { List usernames = (List) ldapTemplate.listBindings( @@ -247,4 +258,8 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean public void setUserNatureMappers(List userNatureMappers) { this.userNatureMappers = userNatureMappers; } + + public String getDefaultRole() { + return defaultRole; + } } diff --git a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java index a4a2e4556..88dc15589 100644 --- a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java +++ b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java @@ -9,18 +9,11 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.security.ArgeoSecurityService; import org.argeo.security.ArgeoUser; -import org.argeo.security.SimpleArgeoUser; -import org.argeo.security.core.ArgeoUserDetails; import org.argeo.server.BooleanAnswer; -import org.argeo.server.DeserializingEditor; import org.argeo.server.ServerAnswer; import org.argeo.server.ServerDeserializer; import org.argeo.server.mvc.MvcConstants; -import org.springframework.security.Authentication; -import org.springframework.security.context.SecurityContextHolder; import org.springframework.stereotype.Controller; -import org.springframework.web.bind.WebDataBinder; -import org.springframework.web.bind.annotation.InitBinder; import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; @@ -34,20 +27,18 @@ public class UsersRolesController implements MvcConstants { private ServerDeserializer userDeserializer = null; - @InitBinder - public void initBinder(WebDataBinder binder) { - binder.registerCustomEditor(SimpleArgeoUser.class, - new DeserializingEditor(userDeserializer)); - } + // @InitBinder + // public void initBinder(WebDataBinder binder) { + // binder.registerCustomEditor(SimpleArgeoUser.class, + // new DeserializingEditor(userDeserializer)); + // } /* USER */ @RequestMapping("/getCredentials.security") @ModelAttribute(ANSWER_MODEL_KEY) public ArgeoUser getCredentials() { - Authentication authentication = SecurityContextHolder.getContext() - .getAuthentication(); - return ArgeoUserDetails.asArgeoUser(authentication); + return securityService.getSecurityDao().getCurrentUser(); } @RequestMapping("/getUsersList.security")