Give role to every user

security-support/core/src/it/java/org/seedstack/seed/security/SecurityIT.java

@@ -49,6 +49,7 @@ public class SecurityIT {
     public void Obiwan_should_be_a_jedi() {
         assertThat(SecurityUtils.getSubject().hasRole("jedi")).isTrue();
         assertThat(securitySupport.hasRole("jedi")).isTrue();
+        assertThat(securitySupport.hasRole("nothing")).isTrue();
     }
 
     @Test
@@ -88,6 +89,12 @@ public void Obiwan_should_be_able_to_call_the_force_and_teach() {
         assertThat(annotatedClass.teach()).isTrue();
     }
 
+    @Test
+    @WithUser(id = "nobody", password = "foreverAlone")
+    public void user_nobody_should_have_role_nothing() {
+        assertThat(securitySupport.hasRole("nothing")).isTrue();
+    }
+
     @Test(expected = AuthorizationException.class)
     @WithUser(id = "Anakin", password = "imsodark")
     public void Anakin_should_not_be_able_to_call_the_force() {

security-support/core/src/it/resources/META-INF/configuration/org.seedstack.security.props

@@ -16,11 +16,13 @@ Obiwan = yodarulez, SEED.JEDI
 Anakin = imsodark, SEED.PADAWAN
 ThePoltergeist = bouh, SEED.MU.GHOST, SEED.SX.GHOST, SEED.JEDI
 MDEFND00 = pouet, SEED.JEDI
+nobody = foreverAlone
 
 [org.seedstack.seed.security.roles]
 padawan = SEED.PADAWAN, FND.ETUDES
 jedi = SEED.JEDI
 ghost = SEED.$DOMAIN$.GHOST
+nothing = *
 
 [org.seedstack.seed.security.permissions]
 jedi = lightSaber:*, academy:*

security-support/core/src/main/java/org/seedstack/seed/security/internal/authorization/ConfigurationRoleMapping.java

@@ -30,8 +30,9 @@
 import org.seedstack.seed.security.api.principals.PrincipalProvider;
 
 /**
- * Resolve the role mappings from an Configuration. This implementation manages
- * domains :<br>
+ * Resolve the role mappings from an Configuration. Roles given to every user cans be defined by mapping it to
+ * the GLOBAL_WILDCARD character.
+ * This implementation manages domains :<br>
  * If mapping is titi.$DOMAIN$ = toto, tutu and given auth is titi.foo, then
  * returned roles will be toto and tutu, each role having a domain foo.
  * 
@@ -40,6 +41,9 @@
  */
 public class ConfigurationRoleMapping implements RoleMapping {
 
+    /** wildcard used to give role to every user */
+    private final static String GLOBAL_WILDCARD = "*";
+
     /** domain wildcard */
     private final static String DOMAIN_WILDCARD = "$DOMAIN$";
 
@@ -51,10 +55,16 @@ public class ConfigurationRoleMapping implements RoleMapping {
 
     /** map : role = mapped roles */
     private final Map<String, Set<String>> map = new HashMap<String, Set<String>>();
+
+    /** roles given to every user */
+    private final Set<String> givenRoles = new HashSet<String>();
 
     @Override
     public Collection<Role> resolveRoles(Set<String> auths, Collection<PrincipalProvider<?>> principalProviders) {
         Map<String, Role> roleMap = new HashMap<String, Role>();
+        for (String role : givenRoles) {
+			roleMap.put(role, new Role(role));
+		}
         for (String auth : auths) {
             if (map.containsKey(auth)) {
                 for (String roleName : map.get(auth)) {
@@ -116,10 +126,16 @@ private void processRolesConfiguration(Configuration rolesConfiguration) {
             String roleName = keys.next();
             String[] perms = rolesConfiguration.getStringArray(roleName);
             for (String token : perms) {
-                Set<String> roles = map.get(token);
-                roles = new HashSet<String>();
-                roles.add(roleName);
-                map.put(token, roles);
+            	if(GLOBAL_WILDCARD.equals(token)){
+            		givenRoles.add(roleName);
+            	}else{
+            		Set<String> roles = map.get(token);
+            		if(roles == null){
+            			roles = new HashSet<String>();
+            		}
+            		roles.add(roleName);
+            		map.put(token, roles);
+            	}
             }
         }
     }