Use hasAuthority() instead of hasRole()

They are currently equivalent, but in Spring 4, hasRole() will prefix
authorities with 'ROLE_'.

Relates to #508.

gemma-rest/src/main/java/ubic/gemma/rest/RootWebService.java

@@ -101,7 +101,7 @@ public ResponseDataObject<ApiInfoValueObject> getApiInfo( // Params:
     @GET
     @Path("/users/{username}")
     @Produces(MediaType.APPLICATION_JSON)
-    @PreAuthorize("(isAuthenticated() && principal.username == #username) || hasRole('GROUP_ADMIN')")
+    @PreAuthorize("(isAuthenticated() && principal.username == #username) || hasAuthority('GROUP_ADMIN')")
     @Operation(summary = "Retrieve the user information associated to the authenticated session", hidden = true)
     public ResponseDataObject<UserValueObject> getUser( // Params:
             @PathParam("username") String username // Required

gemma-web/src/main/webapp/common/userStatusVariables.jsp

@@ -2,22 +2,22 @@
 
 
 <%-- Security fields used in Java script calls to hide or display information on pages, used to be in footer --%>
-<security:authorize access="hasRole('GROUP_ADMIN')">
+<security:authorize access="hasAuthority('GROUP_ADMIN')">
 	<input type="hidden" name="hasAdmin" id="hasAdmin" value="true" />
 </security:authorize>
-<security:authorize access="!hasRole('GROUP_ADMIN')">
+<security:authorize access="!hasAuthority('GROUP_ADMIN')">
 	<input type="hidden" name="hasAdmin" id="hasAdmin" value="" />
 </security:authorize>
-<security:authorize access="hasRole('GROUP_USER')">
+<security:authorize access="hasAuthority('GROUP_USER')">
 	<input type="hidden" name="hasUser" id="hasUser" value="true" />
 </security:authorize>
-<security:authorize access="!hasRole('GROUP_USER')">
+<security:authorize access="!hasAuthority('GROUP_USER')">
 	<input type="hidden" name="hasUser" id="hasUser" value="" />
 </security:authorize>
-<security:authorize ifAnyGranted="GROUP_USER,GROUP_ADMIN">
+<security:authorize access="isAuthenticated()">
 	<input type="hidden" name="loggedIn" id="loggedIn" value="true" />
 </security:authorize>
-<security:authorize ifNotGranted="GROUP_USER,GROUP_ADMIN">
+<security:authorize access="isAnonymous()">
 	<input type="hidden" name="loggedIn" id="loggedIn" value="" />
 </security:authorize>
 

gemma-web/src/main/webapp/pages/admin/activeUsers.jsp

@@ -20,7 +20,7 @@
 	<h2>
 		<fmt:message key="activeUsers.heading" />
 	</h2>
-	<security:authorize access="hasRole('GROUP_ADMIN')">
+	<security:authorize access="hasAuthority('GROUP_ADMIN')">
 		<span class="right"><fmt:message key="mainMenu.activeUsers" />
 			:&nbsp;<c:out value="${applicationScope.activeUsers}" />
 			<br> Signed in:&nbsp;<span id="auth-user-count">?</span></span>
@@ -38,7 +38,7 @@
 	<p>FIXME table of authenticated users should go here.</p>
 
 	<h2>System Stats</h2>
-	<security:authorize access="hasRole('GROUP_ADMIN')">
+	<security:authorize access="hasAuthority('GROUP_ADMIN')">
 		Gemma version ${appConfig['version']}&nbsp;<br>
 		<script type="text/javascript">
          document.writeln( "Page Loaded: " + document.lastModified );

gemma-web/src/main/webapp/pages/admin/indexer.jsp

@@ -11,7 +11,7 @@
 
 <body>
 
-	<security:authorize access="hasRole('GROUP_ADMIN')">
+	<security:authorize access="hasAuthority('GROUP_ADMIN')">
 
 		<p>
 			Choose the indexing options that are appropriate and then click

gemma-web/src/main/webapp/pages/admin/reIndexOntologies.jsp

@@ -12,7 +12,7 @@
 <body>
 <div style="padding-left:20px">
 
-	<security:authorize access="hasRole('GROUP_ADMIN')">
+	<security:authorize access="hasAuthority('GROUP_ADMIN')">
 		<p>
 			Click below to reinitialize Gemma's Jena database and all its ontology indicies.
 		</p>

gemma-web/src/main/webapp/pages/admin/systemStats.jsp

@@ -18,7 +18,7 @@ input[type=button] {
 
 </head>
 <body>
-	<security:authorize access="hasRole('GROUP_ADMIN')">
+	<security:authorize access="hasAuthority('GROUP_ADMIN')">
 		<div class="padded">
 
 			<h2>Hibernate statistics</h2>

gemma-web/src/main/webapp/pages/bibRefView.jsp

@@ -12,7 +12,7 @@
 <h2>Bibliographic Reference record</h2>
 
 <c:if test="${byAccession}">
-	<security:authorize access="hasRole('GROUP_ADMIN')">
+	<security:authorize access="hasAuthority('GROUP_ADMIN')">
 		<c:if test="${!requestScope.existsInSystem}">
 			<p>
 				This reference was obtained from PubMed; it is not in the Gemma

gemma-web/src/main/webapp/pages/characteristics.jsp

@@ -2,7 +2,7 @@
 
 <head>
 	<title><fmt:message key="characteristicBrowser.title" /></title>
-	<security:authorize access="hasRole('GROUP_ADMIN')">
+	<security:authorize access="hasAuthority('GROUP_ADMIN')">
 		<jwr:script src='/scripts/api/ext/data/DwrProxy.js' />
 		<jwr:script src='/scripts/app/CharacteristicBrowser.js' />
 	</security:authorize>

gemma-web/src/main/webapp/pages/error/500.jsp

@@ -61,7 +61,7 @@
                 <c:out value="${fn:escapeXml(param.exception.message)}"/>
             </p>
 
-            <security:authorize access="hasRole('GROUP_ADMIN')">
+            <security:authorize access="hasAuthority('GROUP_ADMIN')">
                 <Gemma:exception exception="${exception}"/>
             </security:authorize>
         </c:when>
@@ -72,7 +72,7 @@
                 <c:out value="${fn:escapeXml(requestScope['javax.servlet.error.exception'].message)}"/>
             </p>
 
-            <security:authorize access="hasRole('GROUP_ADMIN')">
+            <security:authorize access="hasAuthority('GROUP_ADMIN')">
                 <%-- this is causing stackoverflow errors ... no idea why, since upgrading to spring 3.2 from 3.0.7 --%>
                 <Gemma:exception exception="${requestScope['javax.servlet.error.exception']}"/>
             </security:authorize>
@@ -83,7 +83,7 @@
                 <c:out value="${fn:escapeXml(requestScope['exception'].message)}"/>
             </p>
 
-            <security:authorize access="hasRole('GROUP_ADMIN')">
+            <security:authorize access="hasAuthority('GROUP_ADMIN')">
                 <Gemma:exception exception="${requestScope['exception']}"/>
             </security:authorize>
         </c:when>