RenJuan/TASKPM
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ItEr43S05ValidacionEProbasFuncionaisItEr42S05: Bug [#214] fixed and support for disabled users improved.

Browse source 
IMPORTANT: to apply this patch, please remove the following tables: "naval_profile", "naval_user", "user_profiles", and "user_roles".

This patch fixes bug 214 by removing UserRole.ROLE_BASIC_USER. Now, authenticated users with no roles (MandatoryUsers.USER is an example of such an user) can access all pages other than those reserved for specific roles (e.g. UserRole.ADMINISTRATION). Furthermore, this patch also improves support for disabled users by: (1) using the Spring Security support for managing such users and (2) displaying two types of error messages in the login page depending on the type of error ("User disabled" or "Incorrect authentication").
This commit is contained in:
Fernando Bellas Permuy 2010-01-13 14:06:42 +01:00 committed by Javier Moran Rua
parent b4a02d39fc
commit 48e2f89c51
8 changed files with 25 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
navalplanner-business/src/main/java/org/navalplanner/business/users/entities/UserRole.java
View file

@ -29,7 +29,6 @@ import static org.navalplanner.business.i18n.I18nHelper._;
*/
public enum UserRole {
ROLE_BASIC_USER(_("Basic user")),
ROLE_ADMINISTRATION(_("Administration")),
ROLE_WS_READER(_("Web service reader")),
ROLE_WS_WRITER(_("Web service writer"));

1
navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/OrderAuthorizationDAOTest.java
View file

@ -102,7 +102,6 @@ public class OrderAuthorizationDAOTest {
private Profile createValidProfile() {
Set<UserRole> roles = new HashSet<UserRole>();
roles.add(UserRole.ROLE_BASIC_USER);
return Profile.create(UUID.randomUUID().toString(), roles);
}

1
navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/ProfileDAOTest.java
View file

@ -63,7 +63,6 @@ public class ProfileDAOTest {
private Profile createValidProfile() {
Set<UserRole> roles = new HashSet<UserRole>();
roles.add(UserRole.ROLE_BASIC_USER);
return Profile.create(UUID.randomUUID().toString(), roles);
}

1
navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/UserDAOTest.java
View file

@ -280,7 +280,6 @@ public class UserDAOTest {
private Profile createProfile(String profileName) {
Set<UserRole> roles = new HashSet<UserRole>();
roles.add(UserRole.ROLE_BASIC_USER);
return Profile.create(profileName, roles);
}
}

6
navalplanner-webapp/src/main/java/org/navalplanner/web/users/bootstrap/MandatoryUser.java
View file

@ -20,6 +20,7 @@
package org.navalplanner.web.users.bootstrap;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
@ -34,9 +35,8 @@ import org.navalplanner.business.users.entities.UserRole;
*/
public enum MandatoryUser {
USER(Arrays.asList(UserRole.ROLE_BASIC_USER)),
ADMIN(Arrays.asList(UserRole.ROLE_BASIC_USER,
UserRole.ROLE_ADMINISTRATION)),
USER(new ArrayList<UserRole>()),
ADMIN(Arrays.asList(UserRole.ROLE_ADMINISTRATION)),
WSREADER(Arrays.asList(UserRole.ROLE_WS_READER)),
WSWRITER(Arrays.asList(UserRole.ROLE_WS_READER,
UserRole.ROLE_WS_WRITER));

10
navalplanner-webapp/src/main/java/org/navalplanner/web/users/services/DBUserDetailsService.java
View file

@ -60,7 +60,7 @@ public class DBUserDetailsService implements UserDetailsService {
User user;
try {
user = userDAO.findByLoginNameNotDisabled(loginName);
user = userDAO.findByLoginName(loginName);
} catch (InstanceNotFoundException e) {
throw new UsernameNotFoundException(_("User with login name " +
"'{0}': not found", loginName));
@ -73,16 +73,10 @@ public class DBUserDetailsService implements UserDetailsService {
allRoles.addAll(eachProfile.getRoles());
}
if(allRoles.isEmpty()) {
//that user doesn't have any roles, so we forbid his login
throw new UsernameNotFoundException(_("User with login name " +
"'{0}': access forbidden", loginName));
}
return new org.springframework.security.userdetails.User(
user.getLoginName(),
user.getPassword(),
true, // enabled
!user.isDisabled(),
true, // accountNonExpired
true, // credentialsNonExpired
true, // accountNonLocked

14
navalplanner-webapp/src/main/resources/navalplanner-webapp-spring-security-config.xml
View file

@ -7,6 +7,11 @@
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
<!--
NOTE: see http://static.springsource.org/spring-security/site/docs/2.0.x/apidocs/org/springframework/security/vote/AuthenticatedVoter.html
for an explanation of the meaning of IS_AUTHENTICATED_ANONYMOUSLY and IS_AUTHENTICATED_FULLY.
-->
<http auto-config="true" realm="Naval Planner Web Application" >
<!-- Web services -->
@ -21,13 +26,18 @@
<intercept-url pattern="/callback/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/zkau/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/common/layout/login.zul" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/**" access="ROLE_BASIC_USER" />
<intercept-url pattern="/advance/**" access="ROLE_ADMINISTRATION" />
<intercept-url pattern="/resources/criterions/**" access="ROLE_ADMINISTRATION"/>
<intercept-url pattern="/calendars/**" access="ROLE_ADMINISTRATION" />
<intercept-url pattern="/labels/**" access="ROLE_ADMINISTRATION" />
<intercept-url pattern="/materials/**" access="ROLE_ADMINISTRATION" />
<intercept-url pattern="/costcategories/**" access="ROLE_ADMINISTRATION" />
<intercept-url pattern="/common/configuration.zul" access="ROLE_ADMINISTRATION" />
<form-login login-page="/common/layout/login.zul" authentication-failure-url="/common/layout/login.zul?login_error=x"/>
<intercept-url pattern="/qualityforms/**" access="ROLE_ADMINISTRATION" />
<intercept-url pattern="/users/**" access="ROLE_ADMINISTRATION" />
<intercept-url pattern="/externalcompanies/**" access="ROLE_ADMINISTRATION" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
<form-login login-page="/common/layout/login.zul" authentication-failure-url="/common/layout/login.zul?login_error=true"/>
</http>

13
navalplanner-webapp/src/main/webapp/common/layout/login.zul
View file

@ -81,11 +81,14 @@
</n:tr>
</n:table></n:td>
<n:td width="450" height="165" valign="top">
<html if="${not empty param.login_error}">
<![CDATA[
<div class="login_ERROR">
${i18n:_('Incorrect authentication')}
</div>
<html if="${param.login_error == 'true' and SPRING_SECURITY_LAST_EXCEPTION.class.name == 'org.springframework.security.DisabledException'}">
<![CDATA[
<div class="login_ERROR">${i18n:_('User disabled')}</div>
]]>
</html>
<html if="${param.login_error == 'true' and SPRING_SECURITY_LAST_EXCEPTION.class.name == 'org.springframework.security.BadCredentialsException'}">
<![CDATA[
<div class="login_ERROR">${i18n:_('Incorrect authentication')}</div>
]]>
</html>
</n:td>