diff --git a/src/main/java/de/thm/arsnova/CasUserDetailsService.java b/src/main/java/de/thm/arsnova/CasUserDetailsService.java
index 480b2f058b7e3654f70817061a31f0bf4b7079cc..fbd45225fa402b28418126e862148513da4bfac3 100644
--- a/src/main/java/de/thm/arsnova/CasUserDetailsService.java
+++ b/src/main/java/de/thm/arsnova/CasUserDetailsService.java
@@ -17,7 +17,9 @@
*/
package de.thm.arsnova;
+import de.thm.arsnova.services.IUserService;
import org.jasig.cas.client.validation.Assertion;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.cas.userdetails.AbstractCasAssertionUserDetailsService;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -33,14 +35,20 @@ import java.util.List;
*/
@Service
public class CasUserDetailsService extends AbstractCasAssertionUserDetailsService {
+ @Autowired
+ private IUserService userService;
@Override
protected UserDetails loadUserDetails(final Assertion assertion) {
final List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_USER"));
+ final String uid = assertion.getPrincipal().getName();
+ if (userService.isAdmin(uid)) {
+ grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
+ }
return new User(
- assertion.getPrincipal().getName(),
+ uid,
"",
true,
true,
diff --git a/src/main/java/de/thm/arsnova/controller/LoginController.java b/src/main/java/de/thm/arsnova/controller/LoginController.java
index 62ae0233cf4a2195571d2e00be6605a7a17c779a..56ed0be9262137c01bbb6860fabbb252759a822f 100644
--- a/src/main/java/de/thm/arsnova/controller/LoginController.java
+++ b/src/main/java/de/thm/arsnova/controller/LoginController.java
@@ -196,10 +196,10 @@ public class LoginController extends AbstractController {
if (!"".equals(username) && !"".equals(password)) {
org.springframework.security.core.userdetails.User user =
new org.springframework.security.core.userdetails.User(
- username, password, true, true, true, true, this.getAuthorities()
+ username, password, true, true, true, true, this.getAuthorities(userService.isAdmin(username))
);
- Authentication token = new UsernamePasswordAuthenticationToken(user, password, getAuthorities());
+ Authentication token = new UsernamePasswordAuthenticationToken(user, password, getAuthorities(userService.isAdmin(username)));
try {
Authentication auth = ldapAuthenticationProvider.authenticate(token);
if (auth.isAuthenticated()) {
@@ -423,9 +423,13 @@ public class LoginController extends AbstractController {
return services;
}
- private Collection<GrantedAuthority> getAuthorities() {
+ private Collection<GrantedAuthority> getAuthorities(final boolean admin) {
List<GrantedAuthority> authList = new ArrayList<>();
authList.add(new SimpleGrantedAuthority("ROLE_USER"));
+ if (admin) {
+ authList.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
+ }
+
return authList;
}
diff --git a/src/main/java/de/thm/arsnova/security/DbUserDetailsService.java b/src/main/java/de/thm/arsnova/security/DbUserDetailsService.java
index ad9463b3d09abf500fee852da3f7017dc691fa45..bd69380f903d0f3d20895f33677d767f296521c4 100644
--- a/src/main/java/de/thm/arsnova/security/DbUserDetailsService.java
+++ b/src/main/java/de/thm/arsnova/security/DbUserDetailsService.java
@@ -19,6 +19,7 @@ package de.thm.arsnova.security;
import de.thm.arsnova.dao.IDatabaseDao;
import de.thm.arsnova.entities.DbUser;
+import de.thm.arsnova.services.IUserService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -41,6 +42,9 @@ public class DbUserDetailsService implements UserDetailsService {
@Autowired
private IDatabaseDao dao;
+ @Autowired
+ private IUserService userService;
+
private static final Logger logger = LoggerFactory
.getLogger(DbUserDetailsService.class);
@@ -56,6 +60,9 @@ public class DbUserDetailsService implements UserDetailsService {
final List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_USER"));
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_DB_USER"));
+ if (userService.isAdmin(uid)) {
+ grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
+ }
return new User(uid, dbUser.getPassword(),
null == dbUser.getActivationKey(), true, true, true,
diff --git a/src/main/java/de/thm/arsnova/services/IUserService.java b/src/main/java/de/thm/arsnova/services/IUserService.java
index fe4b64424896166c2125bdc3c2fcede24cd7cf82..9ae1c79cead3fc9c83a6926c503f1235c35ca6b0 100644
--- a/src/main/java/de/thm/arsnova/services/IUserService.java
+++ b/src/main/java/de/thm/arsnova/services/IUserService.java
@@ -30,6 +30,8 @@ import java.util.UUID;
public interface IUserService {
User getCurrentUser();
+ boolean isAdmin(String username);
+
boolean isBannedFromLogin(String addr);
void increaseFailedLoginCount(String addr);
diff --git a/src/main/java/de/thm/arsnova/services/UserService.java b/src/main/java/de/thm/arsnova/services/UserService.java
index e350f10633e5a8e9a0c748a4e33fb97794b61423..cb499b6d7bab504e2a0bb7df88d480a561577177 100644
--- a/src/main/java/de/thm/arsnova/services/UserService.java
+++ b/src/main/java/de/thm/arsnova/services/UserService.java
@@ -206,11 +206,17 @@ public class UserService implements IUserService {
throw new UnauthorizedException();
}
- user.setAdmin(Arrays.asList(adminAccounts).contains(user.getUsername()));
+ user.setAdmin(!authentication.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_GUEST"))
+ && isAdmin(user.getUsername()));
return user;
}
+ @Override
+ public boolean isAdmin(final String username) {
+ return Arrays.asList(adminAccounts).contains(username);
+ }
+
private User getOAuthUser(final Authentication authentication) {
User user = null;
final Pac4jAuthenticationToken token = (Pac4jAuthenticationToken) authentication;