2 * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package org
.argeo
.security
.core
;
19 import java
.util
.Iterator
;
23 import org
.argeo
.ArgeoException
;
24 import org
.argeo
.security
.ArgeoSecurity
;
25 import org
.argeo
.security
.ArgeoSecurityDao
;
26 import org
.argeo
.security
.ArgeoSecurityService
;
27 import org
.argeo
.security
.ArgeoUser
;
28 import org
.argeo
.security
.SimpleArgeoUser
;
29 import org
.argeo
.security
.UserNature
;
30 import org
.springframework
.core
.task
.SimpleAsyncTaskExecutor
;
31 import org
.springframework
.core
.task
.TaskExecutor
;
32 import org
.springframework
.security
.Authentication
;
33 import org
.springframework
.security
.AuthenticationManager
;
34 import org
.springframework
.security
.context
.SecurityContext
;
35 import org
.springframework
.security
.context
.SecurityContextHolder
;
37 public class DefaultSecurityService
implements ArgeoSecurityService
{
38 private ArgeoSecurity argeoSecurity
= new DefaultArgeoSecurity();
39 private ArgeoSecurityDao securityDao
;
40 private AuthenticationManager authenticationManager
;
42 private String systemAuthenticationKey
;
44 public ArgeoUser
getCurrentUser() {
45 ArgeoUser argeoUser
= ArgeoUserDetails
.securityContextUser();
46 if (argeoUser
== null)
48 if (argeoUser
.getRoles().contains(securityDao
.getDefaultRole()))
49 argeoUser
.getRoles().remove(securityDao
.getDefaultRole());
53 public ArgeoSecurityDao
getSecurityDao() {
57 public void newRole(String role
) {
58 securityDao
.createRole(role
, argeoSecurity
.getSuperUsername());
61 public void updateUserPassword(String username
, String password
) {
62 SimpleArgeoUser user
= new SimpleArgeoUser(
63 securityDao
.getUser(username
));
64 user
.setPassword(securityDao
.encodePassword(password
));
65 securityDao
.updateUser(user
);
68 public void updateCurrentUserPassword(String oldPassword
, String newPassword
) {
69 SimpleArgeoUser user
= new SimpleArgeoUser(getCurrentUser());
70 if (!securityDao
.isPasswordValid(user
.getPassword(), oldPassword
))
71 throw new ArgeoException("Old password is not correct.");
72 user
.setPassword(securityDao
.encodePassword(newPassword
));
73 securityDao
.updateUser(user
);
76 public void newUser(ArgeoUser user
) {
77 argeoSecurity
.beforeCreate(user
);
79 if (user
instanceof SimpleArgeoUser
) {
80 if (user
.getPassword() == null || user
.getPassword().equals(""))
81 ((SimpleArgeoUser
) user
).setPassword(securityDao
82 .encodePassword(user
.getUsername()));
83 else if (!user
.getPassword().startsWith("{"))
84 ((SimpleArgeoUser
) user
).setPassword(securityDao
85 .encodePassword(user
.getPassword()));
87 securityDao
.createUser(user
);
90 public ArgeoUser
getUser(String username
) {
91 return securityDao
.getUser(username
);
94 public Boolean
userExists(String username
) {
95 return securityDao
.userExists(username
);
98 public void updateUser(ArgeoUser user
) {
99 String password
= user
.getPassword();
100 if (password
== null)
101 password
= securityDao
.getUserWithPassword(user
.getUsername())
103 if (!password
.startsWith("{"))
104 password
= securityDao
.encodePassword(user
.getPassword());
105 SimpleArgeoUser simpleArgeoUser
= new SimpleArgeoUser(user
);
106 simpleArgeoUser
.setPassword(password
);
107 securityDao
.updateUser(simpleArgeoUser
);
110 public void deleteUser(String username
) {
111 securityDao
.deleteUser(username
);
115 public void deleteRole(String role
) {
116 securityDao
.deleteRole(role
);
119 public TaskExecutor
createSystemAuthenticatedTaskExecutor() {
120 return new SimpleAsyncTaskExecutor() {
121 private static final long serialVersionUID
= -8126773862193265020L;
124 public Thread
createThread(Runnable runnable
) {
126 .createThread(wrapWithSystemAuthentication(runnable
));
133 * Wraps another runnable, adding security context <br/>
134 * TODO: secure the call to this method with Java Security
136 public Runnable
wrapWithSystemAuthentication(final Runnable runnable
) {
137 return new Runnable() {
140 SecurityContext securityContext
= SecurityContextHolder
142 Authentication auth
= authenticationManager
143 .authenticate(new InternalAuthentication(
144 systemAuthenticationKey
));
145 securityContext
.setAuthentication(auth
);
152 public Set
<ArgeoUser
> listUsersInRole(String role
) {
153 Set
<ArgeoUser
> lst
= securityDao
.listUsersInRole(role
);
154 Iterator
<ArgeoUser
> it
= lst
.iterator();
155 while (it
.hasNext()) {
156 if (it
.next().getUsername()
157 .equals(argeoSecurity
.getSuperUsername())) {
165 public void updateCurrentUserNatures(Map
<String
, UserNature
> userNatures
) {
166 // TODO Auto-generated method stub
170 public Set
<ArgeoUser
> listUsers() {
171 return securityDao
.listUsers();
174 public Set
<String
> listEditableRoles() {
175 // TODO Auto-generated method stub
176 return securityDao
.listEditableRoles();
179 public void setArgeoSecurity(ArgeoSecurity argeoSecurity
) {
180 this.argeoSecurity
= argeoSecurity
;
183 public void setSecurityDao(ArgeoSecurityDao dao
) {
184 this.securityDao
= dao
;
187 public void setAuthenticationManager(
188 AuthenticationManager authenticationManager
) {
189 this.authenticationManager
= authenticationManager
;
192 public void setSystemAuthenticationKey(String systemAuthenticationKey
) {
193 this.systemAuthenticationKey
= systemAuthenticationKey
;