Commit ffc812ae authored by Bruno Nocera Zanette's avatar Bruno Nocera Zanette

Fixed bug: Users with multiple authGroups get the lower auth

Added a priority system on the selection of userAuth that allows people with
multiple authGroups to receive the higher permission as possible.

Before this modification, if the group that gives the a lower permission appears
first on the loop the person would receive this permission, and not the higher one.
Signed-off-by: Bruno Nocera Zanette's avatarBruno Nocera Zanette <brunonzanette@gmail.com>
parent 8278bcab
......@@ -39,25 +39,32 @@ public class KerberosAuthProvider implements UserDetailsService {
// Kerbero's default: "username@C3LOCAL" (krbPrincipalName)
List<?> personGroups = LdapAttrProvider.getPersonGroups(username);
String personAuth = null;
Integer authPriority = 0;
// Compares all user groups against pre-determined Authorities groups
// and builds a list of user's authorities.
Iterator<?> itr = personGroups.iterator();
while (itr.hasNext()) {
Object group = itr.next();
if (authListAdministrador.contains(group)) {
return "Administrador";
if (authListAdministrador.contains(group) && (authPriority < 4)) {
personAuth="Administrador";
authPriority=4;
}
if (authListFuncionario.contains(group)) {
return "Funcionario";
if (authListFuncionario.contains(group) && (authPriority < 3)) {
personAuth="Funcionario";
authPriority=3;
}
if (authListProfessor.contains(group)) {
return "Professor";
if (authListProfessor.contains(group) && (authPriority < 2)) {
personAuth="Professor";
authPriority=2;
}
if (authListAluno.contains(group)) {
return "Aluno";
if (authListAluno.contains(group) && (authPriority < 1)) {
personAuth="Aluno";
authPriority=1;
}
}
return null;
return personAuth;
}
public UserDetails loadUserByUsername(String username)
......@@ -67,7 +74,7 @@ public class KerberosAuthProvider implements UserDetailsService {
// If user's authorities list is empty, returns "No Permission"
// exception
if (personAuth.isEmpty())
if (personAuth == null)
throw new UsernameNotFoundException("Acesso negado");
// Returns a new instance of User, containing user security details
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment