diff --git a/security-support/core/src/it/java/org/seedstack/seed/security/SecurityIT.java b/security-support/core/src/it/java/org/seedstack/seed/security/SecurityIT.java
index b2e608246..133fb7064 100644
--- a/security-support/core/src/it/java/org/seedstack/seed/security/SecurityIT.java
+++ b/security-support/core/src/it/java/org/seedstack/seed/security/SecurityIT.java
@@ -49,6 +49,7 @@ public class SecurityIT {
public void Obiwan_should_be_a_jedi() {
assertThat(SecurityUtils.getSubject().hasRole("jedi")).isTrue();
assertThat(securitySupport.hasRole("jedi")).isTrue();
+ assertThat(securitySupport.hasRole("nothing")).isTrue();
}
@Test
@@ -88,6 +89,12 @@ public void Obiwan_should_be_able_to_call_the_force_and_teach() {
assertThat(annotatedClass.teach()).isTrue();
}
+ @Test
+ @WithUser(id = "nobody", password = "foreverAlone")
+ public void user_nobody_should_have_role_nothing() {
+ assertThat(securitySupport.hasRole("nothing")).isTrue();
+ }
+
@Test(expected = AuthorizationException.class)
@WithUser(id = "Anakin", password = "imsodark")
public void Anakin_should_not_be_able_to_call_the_force() {
diff --git a/security-support/core/src/it/resources/META-INF/configuration/org.seedstack.security.props b/security-support/core/src/it/resources/META-INF/configuration/org.seedstack.security.props
index 7ca1cadc1..13381f541 100644
--- a/security-support/core/src/it/resources/META-INF/configuration/org.seedstack.security.props
+++ b/security-support/core/src/it/resources/META-INF/configuration/org.seedstack.security.props
@@ -16,11 +16,13 @@ Obiwan = yodarulez, SEED.JEDI
Anakin = imsodark, SEED.PADAWAN
ThePoltergeist = bouh, SEED.MU.GHOST, SEED.SX.GHOST, SEED.JEDI
MDEFND00 = pouet, SEED.JEDI
+nobody = foreverAlone
[org.seedstack.seed.security.roles]
padawan = SEED.PADAWAN, FND.ETUDES
jedi = SEED.JEDI
ghost = SEED.$DOMAIN$.GHOST
+nothing = *
[org.seedstack.seed.security.permissions]
jedi = lightSaber:*, academy:*
diff --git a/security-support/core/src/main/java/org/seedstack/seed/security/internal/authorization/ConfigurationRoleMapping.java b/security-support/core/src/main/java/org/seedstack/seed/security/internal/authorization/ConfigurationRoleMapping.java
index e20bf0a57..697d46a3b 100644
--- a/security-support/core/src/main/java/org/seedstack/seed/security/internal/authorization/ConfigurationRoleMapping.java
+++ b/security-support/core/src/main/java/org/seedstack/seed/security/internal/authorization/ConfigurationRoleMapping.java
@@ -30,8 +30,9 @@
import org.seedstack.seed.security.api.principals.PrincipalProvider;
/**
- * Resolve the role mappings from an Configuration. This implementation manages
- * domains :
+ * Resolve the role mappings from an Configuration. Roles given to every user cans be defined by mapping it to
+ * the GLOBAL_WILDCARD character.
+ * This implementation manages domains :
* If mapping is titi.$DOMAIN$ = toto, tutu and given auth is titi.foo, then
* returned roles will be toto and tutu, each role having a domain foo.
*
@@ -40,6 +41,9 @@
*/
public class ConfigurationRoleMapping implements RoleMapping {
+ /** wildcard used to give role to every user */
+ private final static String GLOBAL_WILDCARD = "*";
+
/** domain wildcard */
private final static String DOMAIN_WILDCARD = "$DOMAIN$";
@@ -51,10 +55,16 @@ public class ConfigurationRoleMapping implements RoleMapping {
/** map : role = mapped roles */
private final Map> map = new HashMap>();
+
+ /** roles given to every user */
+ private final Set givenRoles = new HashSet();
@Override
public Collection resolveRoles(Set auths, Collection> principalProviders) {
Map roleMap = new HashMap();
+ for (String role : givenRoles) {
+ roleMap.put(role, new Role(role));
+ }
for (String auth : auths) {
if (map.containsKey(auth)) {
for (String roleName : map.get(auth)) {
@@ -116,10 +126,16 @@ private void processRolesConfiguration(Configuration rolesConfiguration) {
String roleName = keys.next();
String[] perms = rolesConfiguration.getStringArray(roleName);
for (String token : perms) {
- Set roles = map.get(token);
- roles = new HashSet();
- roles.add(roleName);
- map.put(token, roles);
+ if(GLOBAL_WILDCARD.equals(token)){
+ givenRoles.add(roleName);
+ }else{
+ Set roles = map.get(token);
+ if(roles == null){
+ roles = new HashSet();
+ }
+ roles.add(roleName);
+ map.put(token, roles);
+ }
}
}
}