Permit access to user with username 'anonymous'

src/main/java/de/thm/arsnova/aop/AuthorizationAdviser.java

@@ -27,6 +27,8 @@ public class AuthorizationAdviser {
 	public void checkAuthorization(Authenticated authenticated, Object object) {
 		User u = userService.getUser(SecurityContextHolder.getContext().getAuthentication());
 		if (u == null) throw new UnauthorizedException();
+		// TODO: For unauthorized users e.g. after logout there is still a user object with username 'anonymous'
+		if (u.getUsername().equals("anonymous")) throw new UnauthorizedException();
 	}
 	
 	/** This method checks if the user is enlisted in current ARSnova session

src/main/java/de/thm/arsnova/services/UserService.java

@@ -7,13 +7,11 @@ import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.cas.authentication.CasAuthenticationToken;
 import org.springframework.security.core.Authentication;
-import org.springframework.stereotype.Service;
 
 import com.github.leleuj.ss.oauth.client.authentication.OAuthAuthenticationToken;
 
 import de.thm.arsnova.entities.User;
 
-@Service
 public class UserService implements IUserService {
 
 	@Override

src/main/webapp/WEB-INF/spring/spring-main.xml

@@ -77,5 +77,11 @@
 		init-method="startServer" destroy-method="stopServer" scope="singleton"
 		p:portNumber="${socketio.port}" p:hostIp="${socketio.ip}" p:useSSL="${security.ssl}" p:keystore="${security.keystore}"
 		p:storepass="${security.storepass}" />
+		
+	<bean id="authorizationAdviser" class="de.thm.arsnova.aop.AuthorizationAdviser">
+		<property name="userService" ref="userService" />
+	</bean>
+
+	<bean id="userService" scope="singleton" class="de.thm.arsnova.services.UserService" />
 
 </beans>