* Changed menu to hide external companies link when user is not administrator.
* Adding URL to manage work report types as just accessible for ROLE_ADMINISTRATION.
FEA: ItEr60S04ValidacionEProbasFuncionaisItEr59S04
IMPORTANT: to apply this patch, please remove the following tables: "naval_profile", "naval_user", "user_profiles", and "user_roles".
This patch fixes bug 214 by removing UserRole.ROLE_BASIC_USER. Now, authenticated users with no roles (MandatoryUsers.USER is an example of such an user) can access all pages other than those reserved for specific roles (e.g. UserRole.ADMINISTRATION). Furthermore, this patch also improves support for disabled users by: (1) using the Spring Security support for managing such users and (2) displaying two types of error messages in the login page depending on the type of error ("User disabled" or "Incorrect authentication").
HTTP Basic Autentication is used for securing REST services. Two roles (ROLE_WS_READER and ROLE_WS_WRITER) and two users (wsreader/wsreader [with the first role] and wswriter/wswriter [with the two roles]) have been added for accesing REST services. REST services can be accessed by GET by users with rol ROLE_WS_READER (e.g wsreader and wswriter) and by POST by users with rol ROLE_WS_WRITER (e.g. wswriter).
General refactoring to Spring Security integration and passwords econded with SHA-2 (SHA-512). "naval_user" and "user_roles" tables must be removed after applying this patch.
It uses a basic integration with Spring Security to provide authentication to thhe Web application (Web services are not protected yet). Currently, two in-memory users have been created: "user" (with password "user") and "admin" (with password "admin"). The first one can access any page except the folder "Administration" and its contents. The last one can access any page.
