From 10109481604e95664383324bc93c9ee0f2e1ea85 Mon Sep 17 00:00:00 2001 From: Fernando Bellas Permuy Date: Mon, 14 Dec 2009 20:22:53 +0100 Subject: [PATCH] ItEr39S15ArquitecturaServidorItEr38S17: Security added to REST services. HTTP Basic Autentication is used for securing REST services. Two roles (ROLE_WS_READER and ROLE_WS_WRITER) and two users (wsreader/wsreader [with the first role] and wswriter/wswriter [with the two roles]) have been added for accesing REST services. REST services can be accessed by GET by users with rol ROLE_WS_READER (e.g wsreader and wswriter) and by POST by users with rol ROLE_WS_WRITER (e.g. wswriter). --- .../navalplanner/business/users/entities/UserRole.java | 4 +++- .../navalplanner/web/users/bootstrap/MandatoryUser.java | 5 ++++- .../navalplanner-webapp-spring-security-config.xml | 9 ++++----- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/navalplanner-business/src/main/java/org/navalplanner/business/users/entities/UserRole.java b/navalplanner-business/src/main/java/org/navalplanner/business/users/entities/UserRole.java index d98941b3c..9e4732596 100644 --- a/navalplanner-business/src/main/java/org/navalplanner/business/users/entities/UserRole.java +++ b/navalplanner-business/src/main/java/org/navalplanner/business/users/entities/UserRole.java @@ -30,7 +30,9 @@ import static org.navalplanner.business.i18n.I18nHelper._; public enum UserRole { ROLE_BASIC_USER(_("Basic user")), - ROLE_ADMINISTRATION(_("Administration")); + ROLE_ADMINISTRATION(_("Administration")), + ROLE_WS_READER(_("Web service reader")), + ROLE_WS_WRITER(_("Web service writer")); private final String displayName; diff --git a/navalplanner-webapp/src/main/java/org/navalplanner/web/users/bootstrap/MandatoryUser.java b/navalplanner-webapp/src/main/java/org/navalplanner/web/users/bootstrap/MandatoryUser.java index 9fb5b3d17..501b2a914 100644 --- a/navalplanner-webapp/src/main/java/org/navalplanner/web/users/bootstrap/MandatoryUser.java +++ b/navalplanner-webapp/src/main/java/org/navalplanner/web/users/bootstrap/MandatoryUser.java @@ -36,7 +36,10 @@ public enum MandatoryUser { USER(Arrays.asList(UserRole.ROLE_BASIC_USER)), ADMIN(Arrays.asList(UserRole.ROLE_BASIC_USER, - UserRole.ROLE_ADMINISTRATION)); + UserRole.ROLE_ADMINISTRATION)), + WSREADER(Arrays.asList(UserRole.ROLE_WS_READER)), + WSWRITER(Arrays.asList(UserRole.ROLE_WS_READER, + UserRole.ROLE_WS_WRITER)); private Set initialRoles; diff --git a/navalplanner-webapp/src/main/resources/navalplanner-webapp-spring-security-config.xml b/navalplanner-webapp/src/main/resources/navalplanner-webapp-spring-security-config.xml index 7ff84b2c3..a02fdf9f4 100644 --- a/navalplanner-webapp/src/main/resources/navalplanner-webapp-spring-security-config.xml +++ b/navalplanner-webapp/src/main/resources/navalplanner-webapp-spring-security-config.xml @@ -7,12 +7,11 @@ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd"> - - - + - + + @@ -24,7 +23,7 @@ - +