added security checks

src/main/java/com/commafeed/backend/StartupBean.java

@@ -16,7 +16,9 @@ import com.commafeed.backend.model.Feed;
 import com.commafeed.backend.model.FeedCategory;
 import com.commafeed.backend.model.FeedSubscription;
 import com.commafeed.backend.model.User;
+import com.commafeed.backend.model.UserRole;
 import com.commafeed.backend.security.PasswordEncryptionService;
+import com.commafeed.backend.security.Role;
 
 @Startup
 @Singleton
@@ -48,6 +50,8 @@ public class StartupBean {
 			User user = new User();
 			byte[] salt = encryptionService.generateSalt();
 			user.setName("admin");
+			user.getRoles().add(new UserRole(user, Role.ADMIN));
+			user.getRoles().add(new UserRole(user, Role.USER));
 			user.setSalt(salt);
 			user.setPassword(encryptionService.getEncryptedPassword("admin",
 					salt));
@@ -56,6 +60,7 @@ public class StartupBean {
 			User testUser = new User();
 			byte[] saltTest = encryptionService.generateSalt();
 			testUser.setName("test");
+			testUser.getRoles().add(new UserRole(testUser, Role.USER));
 			testUser.setSalt(saltTest);
 			testUser.setPassword(encryptionService.getEncryptedPassword("test",
 					saltTest));

src/main/java/com/commafeed/backend/dao/UserRoleService.java

@@ -0,0 +1,23 @@
+package com.commafeed.backend.dao;
+
+import java.util.List;
+
+import javax.ejb.Stateless;
+
+import com.commafeed.backend.model.User;
+import com.commafeed.backend.model.UserRole;
+import com.commafeed.frontend.utils.ModelFactory.MF;
+import com.google.common.collect.Lists;
+
+@SuppressWarnings("serial")
+@Stateless
+public class UserRoleService extends GenericDAO<UserRole, Long> {
+
+	public List<String> getRoles(User user) {
+		List<String> list = Lists.newArrayList();
+		for (UserRole role : findByField(MF.i(proxy().getUser()), user)) {
+			list.add(role.getRole());
+		}
+		return list;
+	}
+}

src/main/java/com/commafeed/backend/model/User.java

@@ -1,9 +1,15 @@
 package com.commafeed.backend.model;
 
+import java.util.Set;
+
+import javax.persistence.CascadeType;
 import javax.persistence.Column;
 import javax.persistence.Entity;
+import javax.persistence.OneToMany;
 import javax.persistence.Table;
 
+import com.google.common.collect.Sets;
+
 @Entity
 @Table(name = "USERS")
 @SuppressWarnings("serial")
@@ -18,6 +24,9 @@ public class User extends AbstractModel {
 	@Column(length = 8)
 	private byte[] salt;
 
+	@OneToMany(mappedBy = "user", cascade = CascadeType.PERSIST)
+	private Set<UserRole> roles = Sets.newHashSet();
+
 	public String getName() {
 		return name;
 	}
@@ -42,4 +51,12 @@ public class User extends AbstractModel {
 		this.salt = salt;
 	}
 
+	public Set<UserRole> getRoles() {
+		return roles;
+	}
+
+	public void setRoles(Set<UserRole> roles) {
+		this.roles = roles;
+	}
+
 }

src/main/java/com/commafeed/backend/model/UserRole.java

@@ -0,0 +1,46 @@
+package com.commafeed.backend.model;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.JoinColumn;
+import javax.persistence.OneToOne;
+import javax.persistence.Table;
+
+@Entity
+@Table(name = "USERROLES")
+@SuppressWarnings("serial")
+public class UserRole extends AbstractModel {
+
+	@OneToOne
+	@JoinColumn(name = "user_id")
+	private User user;
+
+	@Column(name = "roleName")
+	private String role;
+
+	public UserRole() {
+
+	}
+
+	public UserRole(User user, String role) {
+		this.user = user;
+		this.role = role;
+	}
+
+	public User getUser() {
+		return user;
+	}
+
+	public void setUser(User user) {
+		this.user = user;
+	}
+
+	public String getRole() {
+		return role;
+	}
+
+	public void setRole(String role) {
+		this.role = role;
+	}
+
+}

src/main/java/com/commafeed/backend/security/Role.java

@@ -0,0 +1,6 @@
+package com.commafeed.backend.security;
+
+public class Role {
+	public static final String USER = "user";
+	public static final String ADMIN = "admin";
+}