Details
diff --git a/jaxrs/src/main/java/org/killbill/billing/jaxrs/resources/SecurityResource.java b/jaxrs/src/main/java/org/killbill/billing/jaxrs/resources/SecurityResource.java
index f9900a1..1ccf9ab 100644
--- a/jaxrs/src/main/java/org/killbill/billing/jaxrs/resources/SecurityResource.java
+++ b/jaxrs/src/main/java/org/killbill/billing/jaxrs/resources/SecurityResource.java
@@ -151,6 +151,7 @@ public class SecurityResource extends JaxRsResourceBase {
@Produces(APPLICATION_JSON)
@Path("/users/{username:" + ANYTHING_PATTERN + "}/roles")
@ApiOperation(value = "Get roles associated to a user", response = UserRolesJson.class)
+ @ApiResponses(value = {@ApiResponse(code = 404, message = "The user does not exist or has been inactivated")})
public Response getUserRoles(@PathParam("username") final String username,
@javax.ws.rs.core.Context final HttpServletRequest request,
@javax.ws.rs.core.Context final UriInfo uriInfo) throws SecurityApiException {
diff --git a/util/src/main/java/org/killbill/billing/util/security/api/DefaultSecurityApi.java b/util/src/main/java/org/killbill/billing/util/security/api/DefaultSecurityApi.java
index 3d30a3c..33b4ed5 100644
--- a/util/src/main/java/org/killbill/billing/util/security/api/DefaultSecurityApi.java
+++ b/util/src/main/java/org/killbill/billing/util/security/api/DefaultSecurityApi.java
@@ -188,7 +188,7 @@ public class DefaultSecurityApi implements SecurityApi {
}
@Override
- public List<String> getUserRoles(final String username, final TenantContext tenantContext) {
+ public List<String> getUserRoles(final String username, final TenantContext tenantContext) throws SecurityApiException {
final List<UserRolesModelDao> permissionsModelDao = userDao.getUserRoles(username);
return ImmutableList.copyOf(Iterables.transform(permissionsModelDao, new Function<UserRolesModelDao, String>() {
@Nullable
diff --git a/util/src/main/java/org/killbill/billing/util/security/shiro/dao/DefaultUserDao.java b/util/src/main/java/org/killbill/billing/util/security/shiro/dao/DefaultUserDao.java
index 8f02fe2..82bd893 100644
--- a/util/src/main/java/org/killbill/billing/util/security/shiro/dao/DefaultUserDao.java
+++ b/util/src/main/java/org/killbill/billing/util/security/shiro/dao/DefaultUserDao.java
@@ -17,11 +17,8 @@
package org.killbill.billing.util.security.shiro.dao;
-import java.util.HashSet;
import java.util.List;
-import java.util.Set;
-import javax.annotation.Nullable;
import javax.inject.Inject;
import org.apache.shiro.crypto.RandomNumberGenerator;
@@ -34,8 +31,6 @@ import org.killbill.billing.security.SecurityApiException;
import org.killbill.billing.util.config.definition.SecurityConfig;
import org.killbill.billing.util.security.shiro.KillbillCredentialsMatcher;
import org.killbill.clock.Clock;
-import org.killbill.commons.jdbi.mapper.LowerToCamelBeanMapperFactory;
-import org.skife.jdbi.v2.DBI;
import org.skife.jdbi.v2.Handle;
import org.skife.jdbi.v2.IDBI;
import org.skife.jdbi.v2.TransactionCallback;
@@ -85,10 +80,17 @@ public class DefaultUserDao implements UserDao {
});
}
- public List<UserRolesModelDao> getUserRoles(final String username) {
- return dbi.inTransaction(new TransactionCallback<List<UserRolesModelDao>>() {
+ @Override
+ public List<UserRolesModelDao> getUserRoles(final String username) throws SecurityApiException {
+ return inTransactionWithExceptionHandling(new TransactionCallback<List<UserRolesModelDao>>() {
@Override
public List<UserRolesModelDao> inTransaction(final Handle handle, final TransactionStatus status) throws Exception {
+ final UsersSqlDao usersSqlDao = handle.attach(UsersSqlDao.class);
+ final UserModelDao userModelDao = usersSqlDao.getByUsername(username);
+ if (userModelDao == null) {
+ throw new SecurityApiException(ErrorCode.SECURITY_INVALID_USER, username);
+ }
+
final UserRolesSqlDao userRolesSqlDao = handle.attach(UserRolesSqlDao.class);
return userRolesSqlDao.getByUsername(username);
}
diff --git a/util/src/main/java/org/killbill/billing/util/security/shiro/dao/UserDao.java b/util/src/main/java/org/killbill/billing/util/security/shiro/dao/UserDao.java
index f0b4427..5e80394 100644
--- a/util/src/main/java/org/killbill/billing/util/security/shiro/dao/UserDao.java
+++ b/util/src/main/java/org/killbill/billing/util/security/shiro/dao/UserDao.java
@@ -25,7 +25,7 @@ public interface UserDao {
public void insertUser(String username, String password, List<String> roles, String createdBy) throws SecurityApiException;
- public List<UserRolesModelDao> getUserRoles(String username);
+ public List<UserRolesModelDao> getUserRoles(String username) throws SecurityApiException;
public void addRoleDefinition(String role, List<String> permissions, String createdBy) throws SecurityApiException;
