Commit c7d58108 authored by Bruno Nocera Zanette's avatar Bruno Nocera Zanette

Change UserAuth definition from List to Unique

Changed user authorities's definition from a list scheme to a unique string scheme. This was necessary because each group have specific permissions, and multiple authorities can cause problems with these rules.
Signed-off-by: Bruno Nocera Zanette's avatarBruno Nocera Zanette <brunonzanette@gmail.com>
parent 954a5b70
......@@ -2,7 +2,6 @@ package br.ufpr.c3sl.sapos.web;
import br.ufpr.c3sl.sapos.web.LdapAttrController;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
......@@ -32,18 +31,13 @@ public class KerberosAuthController implements UserDetailsService {
@Value("#{'${authorities.aluno}'.split(',')}")
private List<?> authListAluno;
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
private String getPersonAuth(String username) {
// Get user's LDAP groups.
// The split method is used because the username is formatted in
// Kerbero's default: "username@C3LOCAL" (krbPrincipalName)
List<?> personGroups = LdapAttrController
.getPersonGroups(username.split("@")[0]);
// Initialize an array to store the user's authorities list
List<String> personAuthorities = new ArrayList<String>();
List<?> personGroups = LdapAttrController.getPersonGroups(username);
// Compares all user groups against pre-determined Authorities groups
// and builds a list of user's authorities.
......@@ -51,26 +45,33 @@ public class KerberosAuthController implements UserDetailsService {
while (itr.hasNext()) {
Object group = itr.next();
if (authListAdministrador.contains(group)) {
personAuthorities.add("Administrador");
return "Administrador";
}
if (authListFuncionario.contains(group)) {
personAuthorities.add("Funcionario");
return "Funcionario";
}
if (authListProfessor.contains(group)) {
personAuthorities.add("Professor");
return "Professor";
}
if (authListAluno.contains(group)) {
personAuthorities.add("Aluno");
return "Aluno";
}
}
return null;
}
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
String personAuth = this.getPersonAuth(username.split("@")[0]);
// If user's authorities list is empty, returns "No Permission"
// exception
if (personAuthorities.isEmpty())
if (personAuth.isEmpty())
throw new UsernameNotFoundException("Acesso negado");
// Returns a new instance of User, containing user security details
return new User(username,"notUsed",true,true,true,true,
AuthorityUtils.createAuthorityList(personAuthorities.toString()));
AuthorityUtils.createAuthorityList(personAuth));
}
}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment