show user and role in logout menu

2014-09-11 07:16:41 -04:00 · 2014-09-11 07:16:41 -04:00 · 96ec99e65a
commit 96ec99e65a
parent b04622ff86
3 changed files with 29 additions and 4 deletions
--- a/pom.xml
+++ b/pom.xml
@ -26,7 +26,7 @@
            <resource>
                <directory>${basedir}/src/main/java</directory>
            </resource>
-                        <resource>
+            <resource>
                <directory>${basedir}/src/main/resources</directory>
            </resource>
        </resources>
@ -88,6 +88,11 @@
            <artifactId>axis-ant</artifactId>
            <version>1.2</version>
        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.3.2</version>
+        </dependency>
        <dependency>
            <groupId>commons-fileupload</groupId>
            <artifactId>commons-fileupload</artifactId>
--- a/src/main/java/org/owasp/webgoat/controller/Start.java
+++ b/src/main/java/org/owasp/webgoat/controller/Start.java
@ -5,12 +5,15 @@
 */
 package org.owasp.webgoat.controller;

+import java.util.Collection;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
-import org.owasp.webgoat.session.Course;
+import org.apache.commons.lang3.StringUtils;
 import org.owasp.webgoat.session.WebSession;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@ -40,12 +43,29 @@ public class Start {
            model.setViewName("redirect:/login.mvc");
            return model;
        }
+        String role = getRole();
+        String user = request.getUserPrincipal().getName();
+        model.addObject("role", role);
+        model.addObject("user", user);

        // if everything ok then go to webgoat UI
        model.setViewName("main_new");
        return model;
    }

+    private String getRole() {
+        Collection<GrantedAuthority> authorities = (Collection<GrantedAuthority>) SecurityContextHolder.getContext().getAuthentication().getAuthorities();
+        String role = "N/A";
+        for (GrantedAuthority authority : authorities) {
+            authority.getAuthority();
+            role = authority.getAuthority();
+            role = StringUtils.lowerCase(role);
+            role = StringUtils.remove(role, "role_");
+            break;
+        }
+        return role;
+    }
+
    public boolean checkWebSession(HttpSession session) {
        Object o = session.getAttribute(WebSession.SESSION);
        if (o == null) {
--- a/src/main/webapp/WEB-INF/pages/main_new.jsp
+++ b/src/main/webapp/WEB-INF/pages/main_new.jsp
@ -82,8 +82,8 @@
                            <i class="fa fa-user"></i> <span class="caret"></span>
                        </button>                   
                        <ul class="dropdown-menu dropdown-menu-left" role="menu" aria-labelledby="dropdownMenu1">
-                            <li role="presentation" class="disabled"><a role="menuitem" tabindex="-1" href="#">User: TODO</a></li>
-                            <li role="presentation" class="disabled"><a role="menuitem" tabindex="-1" href="#">Role: TODO</a></li>
+                            <li role="presentation" class="disabled"><a role="menuitem" tabindex="-1" href="#">User: ${user}</a></li>
+                            <li role="presentation" class="disabled"><a role="menuitem" tabindex="-1" href="#">Role: ${role}</a></li>
                            <li role="presentation" class="divider"></li>
                            <li role="presentation"><a role="menuitem" tabindex="-1" href="<c:url value="j_spring_security_logout" />">Logout</a></li>
                        </ul>