From 48e2f89c51541ee116100d688ffaf7d64e0e4960 Mon Sep 17 00:00:00 2001 From: Fernando Bellas Permuy Date: Wed, 13 Jan 2010 14:06:42 +0100 Subject: [PATCH] ItEr43S05ValidacionEProbasFuncionaisItEr42S05: Bug [#214] fixed and support for disabled users improved. IMPORTANT: to apply this patch, please remove the following tables: "naval_profile", "naval_user", "user_profiles", and "user_roles". This patch fixes bug 214 by removing UserRole.ROLE_BASIC_USER. Now, authenticated users with no roles (MandatoryUsers.USER is an example of such an user) can access all pages other than those reserved for specific roles (e.g. UserRole.ADMINISTRATION). Furthermore, this patch also improves support for disabled users by: (1) using the Spring Security support for managing such users and (2) displaying two types of error messages in the login page depending on the type of error ("User disabled" or "Incorrect authentication"). --- .../business/users/entities/UserRole.java | 1 - .../test/users/daos/OrderAuthorizationDAOTest.java | 1 - .../business/test/users/daos/ProfileDAOTest.java | 1 - .../business/test/users/daos/UserDAOTest.java | 1 - .../web/users/bootstrap/MandatoryUser.java | 6 +++--- .../web/users/services/DBUserDetailsService.java | 10 ++-------- .../navalplanner-webapp-spring-security-config.xml | 14 ++++++++++++-- .../src/main/webapp/common/layout/login.zul | 13 ++++++++----- 8 files changed, 25 insertions(+), 22 deletions(-) diff --git a/navalplanner-business/src/main/java/org/navalplanner/business/users/entities/UserRole.java b/navalplanner-business/src/main/java/org/navalplanner/business/users/entities/UserRole.java index 9e4732596..312f003ad 100644 --- a/navalplanner-business/src/main/java/org/navalplanner/business/users/entities/UserRole.java +++ b/navalplanner-business/src/main/java/org/navalplanner/business/users/entities/UserRole.java @@ -29,7 +29,6 @@ import static org.navalplanner.business.i18n.I18nHelper._; */ public enum UserRole { - ROLE_BASIC_USER(_("Basic user")), ROLE_ADMINISTRATION(_("Administration")), ROLE_WS_READER(_("Web service reader")), ROLE_WS_WRITER(_("Web service writer")); diff --git a/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/OrderAuthorizationDAOTest.java b/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/OrderAuthorizationDAOTest.java index 7e8c6e1fc..a064456e1 100644 --- a/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/OrderAuthorizationDAOTest.java +++ b/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/OrderAuthorizationDAOTest.java @@ -102,7 +102,6 @@ public class OrderAuthorizationDAOTest { private Profile createValidProfile() { Set roles = new HashSet(); - roles.add(UserRole.ROLE_BASIC_USER); return Profile.create(UUID.randomUUID().toString(), roles); } diff --git a/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/ProfileDAOTest.java b/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/ProfileDAOTest.java index 0f96bd121..2a45937d1 100644 --- a/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/ProfileDAOTest.java +++ b/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/ProfileDAOTest.java @@ -63,7 +63,6 @@ public class ProfileDAOTest { private Profile createValidProfile() { Set roles = new HashSet(); - roles.add(UserRole.ROLE_BASIC_USER); return Profile.create(UUID.randomUUID().toString(), roles); } diff --git a/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/UserDAOTest.java b/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/UserDAOTest.java index 1e3066cc3..b3dc83fbb 100644 --- a/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/UserDAOTest.java +++ b/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/UserDAOTest.java @@ -280,7 +280,6 @@ public class UserDAOTest { private Profile createProfile(String profileName) { Set roles = new HashSet(); - roles.add(UserRole.ROLE_BASIC_USER); return Profile.create(profileName, roles); } } diff --git a/navalplanner-webapp/src/main/java/org/navalplanner/web/users/bootstrap/MandatoryUser.java b/navalplanner-webapp/src/main/java/org/navalplanner/web/users/bootstrap/MandatoryUser.java index 501b2a914..fc913722f 100644 --- a/navalplanner-webapp/src/main/java/org/navalplanner/web/users/bootstrap/MandatoryUser.java +++ b/navalplanner-webapp/src/main/java/org/navalplanner/web/users/bootstrap/MandatoryUser.java @@ -20,6 +20,7 @@ package org.navalplanner.web.users.bootstrap; +import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.HashSet; @@ -34,9 +35,8 @@ import org.navalplanner.business.users.entities.UserRole; */ public enum MandatoryUser { - USER(Arrays.asList(UserRole.ROLE_BASIC_USER)), - ADMIN(Arrays.asList(UserRole.ROLE_BASIC_USER, - UserRole.ROLE_ADMINISTRATION)), + USER(new ArrayList()), + ADMIN(Arrays.asList(UserRole.ROLE_ADMINISTRATION)), WSREADER(Arrays.asList(UserRole.ROLE_WS_READER)), WSWRITER(Arrays.asList(UserRole.ROLE_WS_READER, UserRole.ROLE_WS_WRITER)); diff --git a/navalplanner-webapp/src/main/java/org/navalplanner/web/users/services/DBUserDetailsService.java b/navalplanner-webapp/src/main/java/org/navalplanner/web/users/services/DBUserDetailsService.java index aa5bb11e7..584d67a73 100644 --- a/navalplanner-webapp/src/main/java/org/navalplanner/web/users/services/DBUserDetailsService.java +++ b/navalplanner-webapp/src/main/java/org/navalplanner/web/users/services/DBUserDetailsService.java @@ -60,7 +60,7 @@ public class DBUserDetailsService implements UserDetailsService { User user; try { - user = userDAO.findByLoginNameNotDisabled(loginName); + user = userDAO.findByLoginName(loginName); } catch (InstanceNotFoundException e) { throw new UsernameNotFoundException(_("User with login name " + "'{0}': not found", loginName)); @@ -73,16 +73,10 @@ public class DBUserDetailsService implements UserDetailsService { allRoles.addAll(eachProfile.getRoles()); } - if(allRoles.isEmpty()) { - //that user doesn't have any roles, so we forbid his login - throw new UsernameNotFoundException(_("User with login name " + - "'{0}': access forbidden", loginName)); - } - return new org.springframework.security.userdetails.User( user.getLoginName(), user.getPassword(), - true, // enabled + !user.isDisabled(), true, // accountNonExpired true, // credentialsNonExpired true, // accountNonLocked diff --git a/navalplanner-webapp/src/main/resources/navalplanner-webapp-spring-security-config.xml b/navalplanner-webapp/src/main/resources/navalplanner-webapp-spring-security-config.xml index 5d10c9e1d..80d6a4c31 100644 --- a/navalplanner-webapp/src/main/resources/navalplanner-webapp-spring-security-config.xml +++ b/navalplanner-webapp/src/main/resources/navalplanner-webapp-spring-security-config.xml @@ -7,6 +7,11 @@ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd"> + + @@ -21,13 +26,18 @@ - + + - + + + + + diff --git a/navalplanner-webapp/src/main/webapp/common/layout/login.zul b/navalplanner-webapp/src/main/webapp/common/layout/login.zul index deba0da10..1bd5d262e 100644 --- a/navalplanner-webapp/src/main/webapp/common/layout/login.zul +++ b/navalplanner-webapp/src/main/webapp/common/layout/login.zul @@ -81,11 +81,14 @@ - - - ${i18n:_('Incorrect authentication')} - + + ${i18n:_('User disabled')} + ]]> + + + ${i18n:_('Incorrect authentication')} ]]>