ItEr39S10CUAltaUsuario: prevent the login service to show a HTTP 403 error when a user without roles logs in.

Now the message 'incorrect login' is shown instead.
2009-12-18 15:04:58 +01:00 · 2009-12-18 15:04:58 +01:00 · 6a63178833
commit 6a63178833
parent 3698d95656
1 changed files with 6 additions and 0 deletions
--- a/navalplanner-webapp/src/main/java/org/navalplanner/web/users/services/DBUserDetailsService.java
+++ b/navalplanner-webapp/src/main/java/org/navalplanner/web/users/services/DBUserDetailsService.java
@ -73,6 +73,12 @@ public class DBUserDetailsService implements UserDetailsService {
            allRoles.addAll(eachProfile.getRoles());
        }

+        if(allRoles.isEmpty()) {
+            //that user doesn't have any roles, so we forbid his login
+            throw new UsernameNotFoundException(_("User with login name " +
+                    "'{0}': access forbidden", loginName));
+        }
+
        return new org.springframework.security.userdetails.User(
            user.getLoginName(),
            user.getPassword(),