diff --git a/src/main/java/se/su/dsv/scipro/SciProSession.java b/src/main/java/se/su/dsv/scipro/SciProSession.java
index e73862f26a..10fd59a2fc 100644
--- a/src/main/java/se/su/dsv/scipro/SciProSession.java
+++ b/src/main/java/se/su/dsv/scipro/SciProSession.java
@@ -17,6 +17,7 @@ import org.apache.wicket.protocol.http.WebRequest;
import org.apache.wicket.protocol.http.WebSession;
import org.apache.wicket.spring.injection.annot.SpringBean;
+import se.su.dsv.scipro.data.dao.interfaces.RoleDao;
import se.su.dsv.scipro.data.dao.interfaces.UserDao;
import se.su.dsv.scipro.data.dataobjects.User;
import se.su.dsv.scipro.security.auth.Authenticator;
@@ -39,7 +40,8 @@ public class SciProSession extends WebSession {
@SpringBean
private UserDao userDao;
-
+ @SpringBean
+ private RoleDao roleDao;
private List<Role> roles = new ArrayList<Role>();
private User user = null;
@@ -56,7 +58,7 @@ public class SciProSession extends WebSession {
this.setLocale(Locale.ENGLISH);
else if(cookie.getValue().equals("sv"))
this.setLocale(new Locale("sv","SE"));
- }
+ }
}
@@ -130,24 +132,24 @@ public class SciProSession extends WebSession {
* Here we switch the logged in user to be that of the person chosen be the logged in admin
*/
- if(userDao.isAdmin(user) && loggedInAsUsername != null){
+ if(roleDao.isSysadmin(user) && loggedInAsUsername != null){
this.user = userDao.getUserByUsername(loggedInAsUsername);
if( user == null)
throw new NullPointerException("No user with this username found in the database, despite successful authentication");
}
- if(userDao.isStudent(user)){
+ if(roleDao.isStudent(user)){
roles.add(new Student());
}
- if(userDao.isExternal(user)){
+ if(roleDao.isExternal(user)){
roles.add(new External());
}
- if(userDao.isEmployee(user)){
+ if(roleDao.isEmployee(user)){
roles.add(new Employee());
}
- if(userDao.isAdmin(user)){
+ if(roleDao.isAdmin(user)){
roles.add(new Admin());
}
- if(userDao.isSysadmin(user)){
+ if(roleDao.isSysadmin(user)){
roles.add(new SysAdmin());
}
diff --git a/src/main/java/se/su/dsv/scipro/basepages/BasePage.java b/src/main/java/se/su/dsv/scipro/basepages/BasePage.java
index a596882157..3cf1eabacd 100644
--- a/src/main/java/se/su/dsv/scipro/basepages/BasePage.java
+++ b/src/main/java/se/su/dsv/scipro/basepages/BasePage.java
@@ -1,10 +1,14 @@
package se.su.dsv.scipro.basepages;
+import org.apache.wicket.Component;
import org.apache.wicket.PageParameters;
import org.apache.wicket.markup.html.CSSPackageResource;
import org.apache.wicket.markup.html.WebPage;
import se.su.dsv.scipro.security.auth.Authorization;
+import se.su.dsv.scipro.security.auth.ComponentSecurity;
+import se.su.dsv.scipro.security.auth.MetaDataActionStrategy;
+import se.su.dsv.scipro.security.auth.SecurityFailAction;
import se.su.dsv.scipro.security.auth.roles.Roles;
@Authorization(requiresLoggedInUser = true, authorizedRoles = {Roles.STUDENT, Roles.ADMIN, Roles.EMPLOYEE, Roles.EXTERNAL, Roles.SYSADMIN})
@@ -33,5 +37,37 @@ public abstract class BasePage extends WebPage {
//add(CSSPackageResource.getHeaderContribution("styles/" + GLOBAL_CSS + CSS_SUFFIX));
add(CSSPackageResource.getHeaderContribution("styles/" + css + CSS_SUFFIX));
}
+
+ /**
+ * Convenience method to authorize actions RENDER and ENABLE on a component based on user roles.
+ */
+ public void authorize(Component component, Roles role){
+ MetaDataActionStrategy.authorize(component, role);
+ }
+ /**
+ * Convenience method to authorize actions RENDER and ENABLE on a component based on user roles.
+ */
+ public void authorize(Component component, Roles[] roles){
+ MetaDataActionStrategy.authorize(component, roles);
+ }
+ /**
+ * Convenience method to authorize actions RENDER and ENABLE on a component based on user roles.
+ * removeOnFail = true means the component won't be rendered at all if authorization fails.
+ * removeOnFail = false means the component will be rendered in a disabled state if authorization fails.
+ */
+ public void authorize(Component component, Roles role, boolean removeOnFail){
+ MetaDataActionStrategy.authorize(component, role, removeOnFail);
+ }
+ /**
+ * Convenience method to authorize actions RENDER and ENABLE on a component based on user roles.
+ * removeOnFail = true means the component won't be rendered at all if authorization fails.
+ * removeOnFail = false means the component will be rendered in a disabled state if authorization fails.
+ */
+ public void authorize(Component component, Roles[] roles, boolean removeOnFail){
+ MetaDataActionStrategy.authorize(component, roles, removeOnFail);
+ }
+
+
+
}
\ No newline at end of file
diff --git a/src/main/java/se/su/dsv/scipro/data/dao/interfaces/RoleDao.java b/src/main/java/se/su/dsv/scipro/data/dao/interfaces/RoleDao.java
new file mode 100644
index 0000000000..e016e95385
--- /dev/null
+++ b/src/main/java/se/su/dsv/scipro/data/dao/interfaces/RoleDao.java
@@ -0,0 +1,18 @@
+package se.su.dsv.scipro.data.dao.interfaces;
+
+import se.su.dsv.scipro.data.dataobjects.Role;
+import se.su.dsv.scipro.data.dataobjects.User;
+
+public interface RoleDao extends LazyDeleteDao<Role> {
+
+ public boolean isStudent(final User user);
+
+ public boolean isExternal(final User user);
+
+ public boolean isEmployee(final User user);
+
+ public boolean isAdmin(final User user);
+
+ public boolean isSysadmin(final User user);
+
+}
diff --git a/src/main/java/se/su/dsv/scipro/data/dao/interfaces/UserDao.java b/src/main/java/se/su/dsv/scipro/data/dao/interfaces/UserDao.java
index 6399cab4b9..93491bb644 100644
--- a/src/main/java/se/su/dsv/scipro/data/dao/interfaces/UserDao.java
+++ b/src/main/java/se/su/dsv/scipro/data/dao/interfaces/UserDao.java
@@ -10,14 +10,4 @@ public interface UserDao extends LazyDeleteDao<User> {
public User getUserByEmail(final String emailAddress);
- public boolean isStudent(final User user);
-
- public boolean isExternal(final User user);
-
- public boolean isEmployee(final User user);
-
- public boolean isAdmin(final User user);
-
- public boolean isSysadmin(final User user);
-
}
diff --git a/src/main/java/se/su/dsv/scipro/data/dao/jpa/RoleDaoJPAImp.java b/src/main/java/se/su/dsv/scipro/data/dao/jpa/RoleDaoJPAImp.java
new file mode 100644
index 0000000000..04b6eca47a
--- /dev/null
+++ b/src/main/java/se/su/dsv/scipro/data/dao/jpa/RoleDaoJPAImp.java
@@ -0,0 +1,95 @@
+package se.su.dsv.scipro.data.dao.jpa;
+
+import javax.persistence.EntityManager;
+import javax.persistence.NoResultException;
+import javax.persistence.PersistenceException;
+import javax.persistence.TypedQuery;
+
+import org.springframework.orm.jpa.JpaCallback;
+import org.springframework.transaction.annotation.Transactional;
+
+import se.su.dsv.scipro.data.dao.interfaces.RoleDao;
+import se.su.dsv.scipro.data.dataobjects.Role;
+import se.su.dsv.scipro.data.dataobjects.User;
+
+
+public class RoleDaoJPAImp extends LazyDeleteAbstractDaoJPAImpl<Role> implements
+ RoleDao {
+
+ public RoleDaoJPAImp() {
+ super(Role.class);
+ }
+
+ @Transactional
+ public boolean isStudent(final User user) {
+ return getJpaTemplate().execute(new JpaCallback<Boolean>() {
+ public Boolean doInJpa(EntityManager em)
+ throws PersistenceException {
+ TypedQuery<Role> query = em.createQuery("SELECT s FROM Student s WHERE s.user = :user AND s.deleted = false", Role.class);
+ query.setParameter("user", user);
+ try{
+ query.getSingleResult();
+ return true;
+ } catch (NoResultException e) {
+ return false;
+ }
+ }
+ });
+ }
+ @Transactional
+ public boolean isExternal(final User user) {
+ return false; //Not implemented
+ }
+
+ @Transactional
+ public boolean isEmployee(final User user) {
+ return getJpaTemplate().execute(new JpaCallback<Boolean>() {
+ public Boolean doInJpa(EntityManager em)
+ throws PersistenceException {
+ TypedQuery<Role> query = em.createQuery("SELECT e FROM Employee e WHERE e.user = :user AND e.deleted = false", Role.class);
+ query.setParameter("user", user);
+ try{
+ query.getSingleResult();
+ return true;
+ } catch (NoResultException e) {
+ return false;
+ }
+ }
+ });
+ }
+
+ @Transactional
+ public boolean isAdmin(final User user) {
+ return getJpaTemplate().execute(new JpaCallback<Boolean>() {
+ public Boolean doInJpa(EntityManager em)
+ throws PersistenceException {
+ TypedQuery<Role> query = em.createQuery("SELECT a FROM Admin a WHERE a.user = :user AND a.deleted = false", Role.class);
+ query.setParameter("user", user);
+ try{
+ query.getSingleResult();
+ return true;
+ } catch (NoResultException e) {
+ return false;
+ }
+ }
+ });
+ }
+
+ @Transactional
+ public boolean isSysadmin(final User user) {
+ return getJpaTemplate().execute(new JpaCallback<Boolean>() {
+ public Boolean doInJpa(EntityManager em)
+ throws PersistenceException {
+ TypedQuery<Role> query = em.createQuery("SELECT sa FROM SysAdmin sa WHERE sa.user = :user AND sa.deleted = false", Role.class);
+ query.setParameter("user", user);
+ try{
+ query.getSingleResult();
+ return true;
+ } catch (NoResultException e) {
+ return false;
+ }
+ }
+ });
+ }
+
+}
diff --git a/src/main/java/se/su/dsv/scipro/data/dao/jpa/UserDaoJPAImp.java b/src/main/java/se/su/dsv/scipro/data/dao/jpa/UserDaoJPAImp.java
index 77ad4f75fd..f980054707 100644
--- a/src/main/java/se/su/dsv/scipro/data/dao/jpa/UserDaoJPAImp.java
+++ b/src/main/java/se/su/dsv/scipro/data/dao/jpa/UserDaoJPAImp.java
@@ -67,29 +67,4 @@ public class UserDaoJPAImp extends LazyDeleteAbstractDaoJPAImpl<User> implements
});
}
- public boolean isStudent(final User user) {
- // TODO Auto-generated method stub
- return true;
- }
-
- public boolean isExternal(final User user) {
- // TODO Auto-generated method stub
- return false;
- }
-
- public boolean isEmployee(final User user) {
- // TODO Auto-generated method stub
- return false;
- }
-
- public boolean isAdmin(final User user) {
- // TODO Auto-generated method stub
- return false;
- }
-
- public boolean isSysadmin(final User user) {
- // TODO Auto-generated method stub
- return false;
- }
-
}
diff --git a/src/main/java/se/su/dsv/scipro/data/dataobjects/Admin.java b/src/main/java/se/su/dsv/scipro/data/dataobjects/Admin.java
new file mode 100644
index 0000000000..66c4f3b05e
--- /dev/null
+++ b/src/main/java/se/su/dsv/scipro/data/dataobjects/Admin.java
@@ -0,0 +1,20 @@
+package se.su.dsv.scipro.data.dataobjects;
+
+import javax.persistence.Cacheable;
+import javax.persistence.Entity;
+
+import org.hibernate.annotations.Cache;
+import org.hibernate.annotations.CacheConcurrencyStrategy;
+
+/**
+ * @author Martin Peters - mpeters@se.su.dsv
+ *
+ */
+@Entity
+@Cacheable(true)
+@Cache(usage= CacheConcurrencyStrategy.NONSTRICT_READ_WRITE) //Hibernate specific
+public class Admin extends Role {
+
+ private static final long serialVersionUID = -2570983581219033271L;
+
+}
diff --git a/src/main/java/se/su/dsv/scipro/data/dataobjects/Employee.java b/src/main/java/se/su/dsv/scipro/data/dataobjects/Employee.java
new file mode 100644
index 0000000000..548fe863f2
--- /dev/null
+++ b/src/main/java/se/su/dsv/scipro/data/dataobjects/Employee.java
@@ -0,0 +1,20 @@
+package se.su.dsv.scipro.data.dataobjects;
+
+import javax.persistence.Cacheable;
+import javax.persistence.Entity;
+
+import org.hibernate.annotations.Cache;
+import org.hibernate.annotations.CacheConcurrencyStrategy;
+
+/**
+ * @author Martin Peters - mpeters@se.su.dsv
+ *
+ */
+@Entity
+@Cacheable(true)
+@Cache(usage= CacheConcurrencyStrategy.NONSTRICT_READ_WRITE) //Hibernate specific
+public class Employee extends Role {
+
+ private static final long serialVersionUID = -2570983581219033271L;
+
+}
diff --git a/src/main/java/se/su/dsv/scipro/data/dataobjects/Role.java b/src/main/java/se/su/dsv/scipro/data/dataobjects/Role.java
new file mode 100644
index 0000000000..b9612dd91b
--- /dev/null
+++ b/src/main/java/se/su/dsv/scipro/data/dataobjects/Role.java
@@ -0,0 +1,96 @@
+package se.su.dsv.scipro.data.dataobjects;
+
+import javax.persistence.DiscriminatorColumn;
+import javax.persistence.DiscriminatorType;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.Id;
+import javax.persistence.Inheritance;
+import javax.persistence.InheritanceType;
+import javax.persistence.ManyToOne;
+import javax.persistence.Table;
+import javax.persistence.UniqueConstraint;
+
+@Entity
+@DiscriminatorColumn(name = "rolename", discriminatorType = DiscriminatorType.STRING, length = 8)
+@Table(name="role", uniqueConstraints={@UniqueConstraint(columnNames={"user_id","rolename"}, name = "role_is_unique")})
+@Inheritance(strategy=InheritanceType.SINGLE_TABLE)
+public abstract class Role extends LazyDeletableDomainObject {
+
+ private static final long serialVersionUID = 1L;
+
+ @Id
+ @GeneratedValue
+ private Long id;
+
+ @ManyToOne(optional=false)
+ protected User user;
+
+ /**
+ * @param id the id to set
+ */
+ public void setId(Long id) {
+ this.id = id;
+ }
+
+ /**
+ * @return the id
+ */
+ public Long getId() {
+ return id;
+ }
+
+ /**
+ * @param user the user to set
+ */
+ public void setUser(User user) {
+ this.user = user;
+ }
+
+ /**
+ * @return the user
+ */
+ public User getUser() {
+ return user;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((id == null) ? 0 : id.hashCode());
+ result = prime * result + ((user == null) ? 0 : user.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ Role other = (Role) obj;
+ if (id == null) {
+ if (other.id != null)
+ return false;
+ } else if (!id.equals(other.id))
+ return false;
+ if (user == null) {
+ if (other.user != null)
+ return false;
+ } else if (!user.equals(other.user))
+ return false;
+ return true;
+ }
+
+ @Override
+ public String toString() {
+ String tmp = user.getFirstName() + " " + user.getLastName();
+ if(user.getEmailAddress() != null)
+ tmp = tmp + " (" + user.getEmailAddress() + ")";
+ return tmp;
+ }
+
+}
diff --git a/src/main/java/se/su/dsv/scipro/data/dataobjects/Student.java b/src/main/java/se/su/dsv/scipro/data/dataobjects/Student.java
new file mode 100644
index 0000000000..ea7b101638
--- /dev/null
+++ b/src/main/java/se/su/dsv/scipro/data/dataobjects/Student.java
@@ -0,0 +1,21 @@
+package se.su.dsv.scipro.data.dataobjects;
+
+import javax.persistence.Cacheable;
+import javax.persistence.Entity;
+
+import org.hibernate.annotations.Cache;
+import org.hibernate.annotations.CacheConcurrencyStrategy;
+
+/**
+ * @author Martin Peters - mpeters@se.su.dsv
+ *
+ */
+@Entity
+@Cacheable(true)
+@Cache(usage= CacheConcurrencyStrategy.NONSTRICT_READ_WRITE) //Hibernate specific
+public class Student extends Role {
+
+ private static final long serialVersionUID = 6274323425191904206L;
+
+
+}
diff --git a/src/main/java/se/su/dsv/scipro/data/dataobjects/SysAdmin.java b/src/main/java/se/su/dsv/scipro/data/dataobjects/SysAdmin.java
new file mode 100644
index 0000000000..2fe75ca39a
--- /dev/null
+++ b/src/main/java/se/su/dsv/scipro/data/dataobjects/SysAdmin.java
@@ -0,0 +1,21 @@
+package se.su.dsv.scipro.data.dataobjects;
+
+import javax.persistence.Cacheable;
+import javax.persistence.Entity;
+
+import org.hibernate.annotations.Cache;
+import org.hibernate.annotations.CacheConcurrencyStrategy;
+
+/**
+ * @author Martin Peters - mpeters@se.su.dsv
+ *
+ */
+@Entity
+@Cacheable(true)
+@Cache(usage= CacheConcurrencyStrategy.NONSTRICT_READ_WRITE) //Hibernate specific
+public class SysAdmin extends Role {
+
+ private static final long serialVersionUID = -2570983581219033271L;
+
+
+}
diff --git a/src/main/java/se/su/dsv/scipro/data/dataobjects/User.java b/src/main/java/se/su/dsv/scipro/data/dataobjects/User.java
index ef7ad0a641..13385de188 100644
--- a/src/main/java/se/su/dsv/scipro/data/dataobjects/User.java
+++ b/src/main/java/se/su/dsv/scipro/data/dataobjects/User.java
@@ -4,6 +4,7 @@ import java.util.HashSet;
import java.util.Set;
import javax.persistence.Cacheable;
+import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
@@ -40,6 +41,19 @@ public class User extends LazyDeletableDomainObject {
@OneToMany(mappedBy="user")
private Set<Username> usernames = new HashSet<Username>();
+ @OneToMany(mappedBy="user")
+ private Set<Role> roles = new HashSet<Role>();
+
+
+ public void setRoles(Set<Role> roles) {
+ this.roles = roles;
+ }
+
+ public Set<Role> getRoles() {
+ //Return a copy of the set so no roles can be added into the real collection
+ return new HashSet<Role>(roles);
+ }
+
public Long getId() {
return id;
}
diff --git a/src/main/java/se/su/dsv/scipro/pages/EventPage.java b/src/main/java/se/su/dsv/scipro/pages/EventPage.java
index b09dcc3e6f..b43841db22 100644
--- a/src/main/java/se/su/dsv/scipro/pages/EventPage.java
+++ b/src/main/java/se/su/dsv/scipro/pages/EventPage.java
@@ -6,7 +6,6 @@ import org.apache.wicket.PageParameters;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink;
import org.apache.wicket.markup.html.WebMarkupContainer;
-import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.markup.html.basic.Label;
import org.apache.wicket.markup.html.form.Form;
import org.apache.wicket.markup.html.form.TextField;
@@ -17,15 +16,18 @@ import org.apache.wicket.model.PropertyModel;
import org.apache.wicket.spring.injection.annot.SpringBean;
import se.su.dsv.scipro.basepages.BasePage;
+import se.su.dsv.scipro.basepages.PublicPage;
import se.su.dsv.scipro.data.dao.interfaces.EventDao;
+import se.su.dsv.scipro.data.dao.interfaces.RoleDao;
+import se.su.dsv.scipro.data.dao.interfaces.UserDao;
+import se.su.dsv.scipro.data.dataobjects.Admin;
import se.su.dsv.scipro.data.dataobjects.Event;
-import se.su.dsv.scipro.security.auth.Authorization;
-import se.su.dsv.scipro.security.auth.Authorization.ON_AUTH_FAIL;
+import se.su.dsv.scipro.data.dataobjects.Student;
+import se.su.dsv.scipro.data.dataobjects.User;
import se.su.dsv.scipro.security.auth.ComponentSecurity;
import se.su.dsv.scipro.security.auth.MetaDataActionStrategy;
import se.su.dsv.scipro.security.auth.SecurityFailAction;
import se.su.dsv.scipro.security.auth.roles.Roles;
-import se.su.dsv.scipro.security.auth.roles.Student;
/**
* @author Richard Wilkinson - richard.wilkinson@jweekend.com
*
@@ -34,11 +36,16 @@ public class EventPage extends BasePage {
@SpringBean
private EventDao eventDao;
+ @SpringBean
+ private RoleDao roleDao;
+ @SpringBean
+ private UserDao userDao;
Form<Event> eventForm;
public EventPage(final PageParameters pp)
{
+
eventForm = new Form<Event>("eventForm", new CompoundPropertyModel<Event>(new Event()));
eventForm.add(new TextField<String>("title").setRequired(true));
eventForm.add(new TextField<String>("location").setRequired(true));
diff --git a/src/main/java/se/su/dsv/scipro/security/auth/MetaDataActionStrategy.java b/src/main/java/se/su/dsv/scipro/security/auth/MetaDataActionStrategy.java
index 0f1963ad34..f085aab8c0 100644
--- a/src/main/java/se/su/dsv/scipro/security/auth/MetaDataActionStrategy.java
+++ b/src/main/java/se/su/dsv/scipro/security/auth/MetaDataActionStrategy.java
@@ -58,4 +58,50 @@ public class MetaDataActionStrategy implements IAuthorizationStrategy {
return true;
}
+
+ /*
+ * Convenience methods for component-based action authorization
+ */
+
+ /**
+ * Convenience method to authorize actions RENDER and ENABLE on a component based on user roles.
+ */
+ public static void authorize(Component component, Roles role){
+ ComponentSecurity cs = new ComponentSecurity(role, SecurityFailAction.REMOVE);
+ component.setMetaData(MetaDataActionStrategy.AUTHORIZED_ROLES, cs );
+ }
+ /**
+ * Convenience method to authorize actions RENDER and ENABLE on a component based on user roles.
+ */
+ public static void authorize(Component component, Roles[] roles){
+ ComponentSecurity cs = new ComponentSecurity(roles, SecurityFailAction.REMOVE);
+ component.setMetaData(MetaDataActionStrategy.AUTHORIZED_ROLES, cs );
+ }
+ /**
+ * Convenience method to authorize actions RENDER and ENABLE on a component based on user roles.
+ * removeOnFail = true means the component won't be rendered at all if authorization fails.
+ * removeOnFail = false means the component will be rendered in a disabled state if authorization fails.
+ */
+ public static void authorize(Component component, Roles role, boolean removeOnFail){
+ ComponentSecurity cs;
+ if(removeOnFail)
+ cs = new ComponentSecurity(role, SecurityFailAction.REMOVE);
+ else
+ cs = new ComponentSecurity(role, SecurityFailAction.DISABLE);
+ component.setMetaData(MetaDataActionStrategy.AUTHORIZED_ROLES, cs );
+ }
+ /**
+ * Convenience method to authorize actions RENDER and ENABLE on a component based on user roles.
+ * removeOnFail = true means the component won't be rendered at all if authorization fails.
+ * removeOnFail = false means the component will be rendered in a disabled state if authorization fails.
+ */
+ public static void authorize(Component component, Roles[] roles, boolean removeOnFail){
+ ComponentSecurity cs;
+ if(removeOnFail)
+ cs = new ComponentSecurity(roles, SecurityFailAction.REMOVE);
+ else
+ cs = new ComponentSecurity(roles, SecurityFailAction.DISABLE);
+ component.setMetaData(MetaDataActionStrategy.AUTHORIZED_ROLES, cs );
+ }
+
}
diff --git a/src/main/java/se/su/dsv/scipro/security/auth/RoleBasedAuthorizationStrategy.java b/src/main/java/se/su/dsv/scipro/security/auth/RoleBasedAuthorizationStrategy.java
index b9d402e90c..9621c65762 100644
--- a/src/main/java/se/su/dsv/scipro/security/auth/RoleBasedAuthorizationStrategy.java
+++ b/src/main/java/se/su/dsv/scipro/security/auth/RoleBasedAuthorizationStrategy.java
@@ -1,6 +1,7 @@
package se.su.dsv.scipro.security.auth;
import org.apache.wicket.Component;
+import org.apache.wicket.RequestCycle;
import org.apache.wicket.RestartResponseAtInterceptPageException;
import org.apache.wicket.authorization.Action;
import org.apache.wicket.authorization.IAuthorizationStrategy;
@@ -66,12 +67,12 @@ public class RoleBasedAuthorizationStrategy implements IAuthorizationStrategy {
}//There was an annotation present
//TODO: Remove this println
- System.out.println("RoleBasedAuthorisationStrategy says authorized: "+ok+" for action "+action.getName()+" on component "+component.getClass());
+ //System.out.println("RoleBasedAuthorisationStrategy says authorized: "+ok+" for action "+action.getName()+" on component "+component.getClass());
return ok;
}
- public <T extends Component> boolean isInstantiationAuthorized(Class<T> componentClass) {
-
+ public <T extends Component> boolean isInstantiationAuthorized(Class<T> componentClass) {
+
//Not annotated classes aren't checked further
Authorization annotation = (Authorization) componentClass.getAnnotation(Authorization.class);
if (annotation != null) {
diff --git a/src/main/java/se/su/dsv/scipro/security/auth/SciProSAMLUserDetailsService.java b/src/main/java/se/su/dsv/scipro/security/auth/SciProSAMLUserDetailsService.java
new file mode 100644
index 0000000000..c4546b43ec
--- /dev/null
+++ b/src/main/java/se/su/dsv/scipro/security/auth/SciProSAMLUserDetailsService.java
@@ -0,0 +1,82 @@
+package se.su.dsv.scipro.security.auth;
+/*
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.schema.XSString;
+
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.saml.SAMLCredential;
+import org.springframework.security.saml.userdetails.SAMLUserDetailsService;
+
+import se.su.dsv.daisy.model.authorisation.LoginCredentials;
+import se.su.dsv.daisy.security.authorization.Permission;
+import se.su.dsv.daisy.service.AuthorizationService;
+import se.su.dsv.daisy.service.LoginCredentialsService;
+*/
+import javax.annotation.Resource;
+import java.util.HashSet;
+
+/**
+ * Created by IntelliJ IDEA.
+ * User: herder
+ * Date: 2010-jun-14
+ * Time: 16:41:13
+ */
+public abstract class SciProSAMLUserDetailsService {//implements SAMLUserDetailsService {
+
+
+ private String principalNameKey;
+ /*
+ @Resource
+ private LoginCredentialsService service;
+
+ @Resource
+ private AuthorizationService authorizationService;
+
+ public void setPrincipalNameKey(String uidKey) {
+ this.principalNameKey = uidKey;
+ }
+
+ @Override
+ public UserDetails loadUserBySAML(SAMLCredential credential) throws UsernameNotFoundException {
+ System.out.println("SAMLLOADUSERCALLED");
+ Attribute attribute = credential.getAttributeByName(principalNameKey);
+ for (XMLObject xmlObject : attribute.getAttributeValues()) {
+ if (xmlObject instanceof XSString) {
+ XSString xsString = (XSString) xmlObject;
+ System.out.println(xsString);
+
+ String[] strings = xsString.getValue().split("@");
+ if (strings.length >= 2) {
+ final String username = strings[0];
+ final String realm = strings[1];
+ LoginCredentials loginCredentials = service.getLoginCredentials(username, realm);
+ if (loginCredentials != null) {
+ final HashSet<GrantedAuthority> hashSet = new HashSet<GrantedAuthority>();
+ if (authorizationService.isAuthorized(loginCredentials.getId(), null, Permission.SYSADMIN)) {
+ hashSet.add(new GrantedAuthority() {
+ @Override
+ public String getAuthority() {
+ return "ROLE_ADMIN";
+ }
+ });
+ }
+ hashSet.add(new GrantedAuthority() {
+ @Override
+ public String getAuthority() {
+ return "ROLE_USER";
+ }
+ });
+ return new DaisyUser(loginCredentials.getPerson().getId(), loginCredentials.getUsername(), loginCredentials.getUsername(), loginCredentials.isEnabled(), false, !loginCredentials.isExpired(), !loginCredentials.isLocked(), hashSet);
+ }
+ return new UnknownUser(username, "****", false, true, true, false, new HashSet<GrantedAuthority>());
+ }
+
+ }
+ }
+ throw new UsernameNotFoundException("User not found: " + attribute.getAttributeValues());
+ }
+ */
+}