Index: src/main/java/org/apache/maven/continuum/security/ContinuumAuthenticator.java =================================================================== --- src/main/java/org/apache/maven/continuum/security/ContinuumAuthenticator.java (revision 420399) +++ src/main/java/org/apache/maven/continuum/security/ContinuumAuthenticator.java (working copy) @@ -19,6 +19,8 @@ import java.util.Map; +import org.acegisecurity.GrantedAuthority; +import org.acegisecurity.userdetails.User; import org.acegisecurity.userdetails.UserDetails; import org.acegisecurity.userdetails.UserDetailsService; import org.acegisecurity.userdetails.UsernameNotFoundException; @@ -32,6 +34,7 @@ import org.codehaus.plexus.security.exception.UnknownEntityException; import org.springframework.dao.DataAccessException; import org.springframework.dao.DataAccessResourceFailureException; +import org.springframework.web.servlet.handler.UserRoleAuthorizationInterceptor; /** * TODO: Move this to o.a.m.c.security once plexus-security doesn't depend on plexus-summit. @@ -125,9 +128,21 @@ */ private UserDetails getUserDetails( ContinuumUser user ) { - UserDetails userDetails = null; - //TODO - //new User( user.getUsername(), user.getPassword(),...); + //TODO: where to get roles (grantedAuthorities) for user? should we add it to the DB? + GrantedAuthority[] grantedAuthorities = null; + boolean enabled = true; + boolean accountNonExpired = true; + boolean credentialsNonExpired = true; + boolean accountNonLocked = true; + + UserDetails userDetails = new User( user.getUsername(), + user.getPassword(), + enabled, + accountNonExpired, + credentialsNonExpired, + accountNonLocked, + grantedAuthorities ); + return userDetails; } }