show user and role in logout menu

Author: lawson89

pom.xml

@@ -26,7 +26,7 @@
             <resource>
                 <directory>${basedir}/src/main/java</directory>
             </resource>
-                        <resource>
+            <resource>
                 <directory>${basedir}/src/main/resources</directory>
             </resource>
         </resources>
@@ -88,6 +88,11 @@
             <artifactId>axis-ant</artifactId>
             <version>1.2</version>
         </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.3.2</version>
+        </dependency>
         <dependency>
             <groupId>commons-fileupload</groupId>
             <artifactId>commons-fileupload</artifactId>

src/main/java/org/owasp/webgoat/controller/Start.java

@@ -5,12 +5,15 @@
  */
 package org.owasp.webgoat.controller;
 
+import java.util.Collection;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
-import org.owasp.webgoat.session.Course;
+import org.apache.commons.lang3.StringUtils;
 import org.owasp.webgoat.session.WebSession;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -40,12 +43,29 @@ public ModelAndView start(HttpServletRequest request,
             model.setViewName("redirect:/login.mvc");
             return model;
         }
+        String role = getRole();
+        String user = request.getUserPrincipal().getName();
+        model.addObject("role", role);
+        model.addObject("user", user);
 
         // if everything ok then go to webgoat UI
         model.setViewName("main_new");
         return model;
     }
 
+    private String getRole() {
+        Collection<GrantedAuthority> authorities = (Collection<GrantedAuthority>) SecurityContextHolder.getContext().getAuthentication().getAuthorities();
+        String role = "N/A";
+        for (GrantedAuthority authority : authorities) {
+            authority.getAuthority();
+            role = authority.getAuthority();
+            role = StringUtils.lowerCase(role);
+            role = StringUtils.remove(role, "role_");
+            break;
+        }
+        return role;
+    }
+
     public boolean checkWebSession(HttpSession session) {
         Object o = session.getAttribute(WebSession.SESSION);
         if (o == null) {

src/main/webapp/WEB-INF/pages/main_new.jsp

@@ -82,8 +82,8 @@
                             <i class="fa fa-user"></i> <span class="caret"></span>
                         </button>                   
                         <ul class="dropdown-menu dropdown-menu-left" role="menu" aria-labelledby="dropdownMenu1">
-                            <li role="presentation" class="disabled"><a role="menuitem" tabindex="-1" href="#">User: TODO</a></li>
-                            <li role="presentation" class="disabled"><a role="menuitem" tabindex="-1" href="#">Role: TODO</a></li>
+                            <li role="presentation" class="disabled"><a role="menuitem" tabindex="-1" href="#">User: ${user}</a></li>
+                            <li role="presentation" class="disabled"><a role="menuitem" tabindex="-1" href="#">Role: ${role}</a></li>
                             <li role="presentation" class="divider"></li>
                             <li role="presentation"><a role="menuitem" tabindex="-1" href="<c:url value="j_spring_security_logout" />">Logout</a></li>
                         </ul>