Commit ed0320e8 authored by Bruno Nocera Zanette's avatar Bruno Nocera Zanette

Updated code (no significant changes)

Updated code to make it cleaner and easier to be used on other methods.

The most significant change was the definition of public variables to identify each authority group.
This changes makes it easier and safer the use of this variables by other methods, because it avoids the need of comparing strings containing the authority name. Now it compares GrantedAuthority's variables.
Signed-off-by: Bruno Nocera Zanette's avatarBruno Nocera Zanette <brunonzanette@gmail.com>
parent af421a41
......@@ -2,9 +2,12 @@ package br.ufpr.c3sl.sapos.models.util;
import br.ufpr.c3sl.sapos.models.util.LdapAttrProvider;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.authority.AuthorityUtils;
......@@ -31,15 +34,40 @@ public class KerberosAuthProvider implements UserDetailsService {
@Value("#{'${authorities.aluno}'.split(',')}")
private List<?> authListAluno;
//Define authorities per group
public static Collection<? extends GrantedAuthority> authAdministrador = AuthorityUtils
.createAuthorityList("Administrador");
public static Collection<? extends GrantedAuthority> authFuncionario = AuthorityUtils
.createAuthorityList("Funcionario");
public static Collection<? extends GrantedAuthority> authProfessor = AuthorityUtils
.createAuthorityList("Professor");
public static Collection<? extends GrantedAuthority> authAluno = AuthorityUtils
.createAuthorityList("Aluno");
private String getPersonAuth(String username) {
// This method is used to remove the suffix added by Kerberos
// By Kerberos's definition: krbPrincipalName = Username@Server
private static String removeKrbSuffix(String username){
return username.split("@")[0];
}
//Returns User's Username
public static String getPersonUsername(){
String krbPrincipalName = SecurityContextHolder.getContext().getAuthentication().getName();
return removeKrbSuffix(krbPrincipalName);
}
//Returns User's Authorities
public static Collection<? extends GrantedAuthority> getPersonAuth(){
return SecurityContextHolder.getContext().getAuthentication().getAuthorities();
}
private Collection<? extends GrantedAuthority> definePersonAuth(String username) {
// Get user's LDAP groups.
// The split method is used because the username is formatted in
// Kerbero's default: "username@C3LOCAL" (krbPrincipalName)
List<?> personGroups = LdapAttrProvider.getPersonGroups(username);
List<?> personGroups = LdapAttrProvider.getPersonGroups(removeKrbSuffix(username));
String personAuth = null;
Collection<? extends GrantedAuthority> personAuth = null;
Integer authPriority = 0;
// Compares all user groups against pre-determined Authorities groups
......@@ -48,19 +76,19 @@ public class KerberosAuthProvider implements UserDetailsService {
while (itr.hasNext()) {
Object group = itr.next();
if (authListAdministrador.contains(group) && (authPriority < 4)) {
personAuth="Administrador";
personAuth=authAdministrador;
authPriority=4;
}
if (authListFuncionario.contains(group) && (authPriority < 3)) {
personAuth="Funcionario";
personAuth=authFuncionario;
authPriority=3;
}
if (authListProfessor.contains(group) && (authPriority < 2)) {
personAuth="Professor";
personAuth=authProfessor;
authPriority=2;
}
if (authListAluno.contains(group) && (authPriority < 1)) {
personAuth="Aluno";
personAuth=authAluno;
authPriority=1;
}
}
......@@ -70,7 +98,7 @@ public class KerberosAuthProvider implements UserDetailsService {
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
String personAuth = this.getPersonAuth(username.split("@")[0]);
Collection<? extends GrantedAuthority> personAuth = definePersonAuth(username);
// If user's authorities list is empty, returns "No Permission"
// exception
......@@ -78,7 +106,6 @@ public class KerberosAuthProvider implements UserDetailsService {
throw new UsernameNotFoundException("Acesso negado");
// Returns a new instance of User, containing user security details
return new User(username,"notUsed",true,true,true,true,
AuthorityUtils.createAuthorityList(personAuth));
return new User(username,"notUsed",true,true,true,true,personAuth);
}
}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment