diff --git a/scm-webapp/pom.xml b/scm-webapp/pom.xml index 1b053644ab..84427e2955 100644 --- a/scm-webapp/pom.xml +++ b/scm-webapp/pom.xml @@ -356,7 +356,7 @@ 1.13 1.0 3.0.3 - gfv3ee6 + Tomcat diff --git a/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java b/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java index 58891c3a47..5f9ca864b1 100644 --- a/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java +++ b/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java @@ -123,43 +123,82 @@ public class BasicSecurityContext implements WebSecurityContext AuthenticationResult ar = authenticator.authenticate(request, response, username, password); - if (ar != null) + if ((ar != null) && (ar.getState() == AuthenticationState.SUCCESS)) { user = ar.getUser(); try { + Set groupSet = new HashSet(); + + // load external groups + Collection extGroups = ar.getGroups(); + + if (extGroups != null) + { + groupSet.addAll(extGroups); + } + + // load internal groups + loadGroups(groupSet); + + // check for admin user + if (!user.isAdmin()) + { + user.setAdmin(isAdmin(groupSet)); + + if (logger.isDebugEnabled() && user.isAdmin()) + { + logger.debug("user '{}' is marked as admin by configuration", + user.getType(), user.getName()); + } + } + else if (logger.isDebugEnabled()) + { + logger.debug("authenticator {} marked user '{}' as admin", + user.getType(), user.getName()); + } + + // store user User dbUser = userManager.get(user.getName()); - if ((dbUser != null) && user.copyProperties(dbUser, false)) + if (dbUser != null) { - userManager.modify(dbUser); + + // if database user is an admin, set admin for the current user + if (dbUser.isAdmin()) + { + if (logger.isDebugEnabled()) + { + logger.debug("user '{}' is marked as admin by local database", + user.getType(), user.getName()); + } + + user.setAdmin(true); + } + + // modify existing user, copy properties except password and admin + if (user.copyProperties(dbUser, false)) + { + userManager.modify(dbUser); + } } + + // create new user else if (dbUser == null) { userManager.create(user); } - Collection groupCollection = ar.getGroups(); - - if (groupCollection != null) - { - groups.addAll(groupCollection); - } - - loadGroups(); - - if (!user.isAdmin()) - { - user.setAdmin(isAdmin()); - } + groups = groupSet; if (logger.isDebugEnabled()) { logGroups(); } - String credentials = dbUser.getName(); + // store encrypted credentials in session + String credentials = user.getName(); if (Util.isNotEmpty(password)) { @@ -172,6 +211,12 @@ public class BasicSecurityContext implements WebSecurityContext catch (Exception ex) { user = null; + + if (groups != null) + { + groups.clear(); + } + logger.error("authentication failed", ex); } } @@ -253,8 +298,10 @@ public class BasicSecurityContext implements WebSecurityContext /** * Method description * + * + * @param groupSet */ - private void loadGroups() + private void loadGroups(Set groupSet) { Collection groupCollection = groupManager.getGroupsForMember(user.getName()); @@ -263,7 +310,7 @@ public class BasicSecurityContext implements WebSecurityContext { for (Group group : groupCollection) { - groups.add(group.getName()); + groupSet.add(group.getName()); } } } @@ -308,9 +355,11 @@ public class BasicSecurityContext implements WebSecurityContext * Method description * * + * + * @param groups * @return */ - private boolean isAdmin() + private boolean isAdmin(Collection groups) { boolean result = false; Set adminUsers = configuration.getAdminUsers(); diff --git a/scm-webapp/src/main/webapp/resources/js/user/sonia.user.formpanel.js b/scm-webapp/src/main/webapp/resources/js/user/sonia.user.formpanel.js index 84f6a906e4..a19ce5d471 100644 --- a/scm-webapp/src/main/webapp/resources/js/user/sonia.user.formpanel.js +++ b/scm-webapp/src/main/webapp/resources/js/user/sonia.user.formpanel.js @@ -62,12 +62,14 @@ Sonia.user.FormPanel = Ext.extend(Sonia.rest.FormPanel,{ fieldLabel: this.displayNameText, name: 'displayName', allowBlank: false, + readOnly: this.item != null && this.item != 'xml', helpText: this.displayNameHelpText },{ fieldLabel: this.mailText, name: 'mail', allowBlank: true, vtype: 'email', + readOnly: this.item != null && this.item != 'xml', helpText: this.mailHelpText }];