Added PermissionEvaluator to replace AOP authentication check

src/main/java/de/thm/arsnova/security/SessionPermissionEvaluator.java

+package de.thm.arsnova.security;
+
+import java.io.Serializable;
+
+import org.springframework.security.access.PermissionEvaluator;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import de.thm.arsnova.exceptions.UnauthorizedException;
+
+public class SessionPermissionEvaluator implements PermissionEvaluator {
+
+	@Override
+	public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
+		UserDetails user = getUserDetails(authentication);
+		return false;
+	}
+
+	@Override
+	public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) {
+		UserDetails user = getUserDetails(authentication);
+		return false;
+	}
+
+	private UserDetails getUserDetails(Authentication authentication)
+			throws UnauthorizedException {
+		if (authentication.getPrincipal() instanceof String) {
+			throw new UnauthorizedException();
+		}
+
+		return (UserDetails)authentication.getPrincipal();
+	}
+}

src/main/java/de/thm/arsnova/security/package-info.java

+/** This package contains security related implementations
+ * @author Paul-Christian Volkmer
+ *
+ */
+package de.thm.arsnova.security;
\ No newline at end of file

src/main/webapp/WEB-INF/spring/spring-security.xml

@@ -25,6 +25,8 @@
 		<security:custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />  
     </security:http>
 
+    <security:global-method-security pre-post-annotations="enabled"></security:global-method-security>
+    
     <!-- ######################### FACEBOOK ######################### -->
     <bean id="facebookEntryPoint" class="com.github.leleuj.ss.oauth.client.web.OAuthAuthenticationEntryPoint"
         p:provider-ref="facebookProvider" />