security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java

   1 /*
   2  * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 package org.argeo.security.core;
  18
  19 import java.util.Iterator;
  20 import java.util.Map;
  21 import java.util.Set;
  22
  23 import org.argeo.ArgeoException;
  24 import org.argeo.security.ArgeoSecurity;
  25 import org.argeo.security.ArgeoSecurityDao;
  26 import org.argeo.security.ArgeoSecurityService;
  27 import org.argeo.security.ArgeoUser;
  28 import org.argeo.security.SimpleArgeoUser;
  29 import org.argeo.security.UserNature;
  30 import org.springframework.core.task.SimpleAsyncTaskExecutor;
  31 import org.springframework.core.task.TaskExecutor;
  32 import org.springframework.security.Authentication;
  33 import org.springframework.security.AuthenticationManager;
  34 import org.springframework.security.context.SecurityContext;
  35 import org.springframework.security.context.SecurityContextHolder;
  36
  37 public class DefaultSecurityService implements ArgeoSecurityService {
  38         private ArgeoSecurity argeoSecurity = new DefaultArgeoSecurity();
  39         private ArgeoSecurityDao securityDao;
  40         private AuthenticationManager authenticationManager;
  41
  42         private String systemAuthenticationKey;
  43
  44         public ArgeoUser getCurrentUser() {
  45                 ArgeoUser argeoUser = ArgeoUserDetails.securityContextUser();
  46                 if (argeoUser == null)
  47                         return null;
  48                 if (argeoUser.getRoles().contains(securityDao.getDefaultRole()))
  49                         argeoUser.getRoles().remove(securityDao.getDefaultRole());
  50                 return argeoUser;
  51         }
  52
  53         public ArgeoSecurityDao getSecurityDao() {
  54                 return securityDao;
  55         }
  56
  57         public void newRole(String role) {
  58                 securityDao.createRole(role, argeoSecurity.getSuperUsername());
  59         }
  60
  61         public void updateUserPassword(String username, String password) {
  62                 SimpleArgeoUser user = new SimpleArgeoUser(
  63                                 securityDao.getUser(username));
  64                 user.setPassword(securityDao.encodePassword(password));
  65                 securityDao.updateUser(user);
  66         }
  67
  68         public void updateCurrentUserPassword(String oldPassword, String newPassword) {
  69                 SimpleArgeoUser user = new SimpleArgeoUser(getCurrentUser());
  70                 if (!securityDao.isPasswordValid(user.getPassword(), oldPassword))
  71                         throw new ArgeoException("Old password is not correct.");
  72                 user.setPassword(securityDao.encodePassword(newPassword));
  73                 securityDao.updateUser(user);
  74         }
  75
  76         public void newUser(ArgeoUser user) {
  77                 argeoSecurity.beforeCreate(user);
  78                 // normalize password
  79                 if (user instanceof SimpleArgeoUser) {
  80                         if (user.getPassword() == null || user.getPassword().equals(""))
  81                                 ((SimpleArgeoUser) user).setPassword(securityDao
  82                                                 .encodePassword(user.getUsername()));
  83                         else if (!user.getPassword().startsWith("{"))
  84                                 ((SimpleArgeoUser) user).setPassword(securityDao
  85                                                 .encodePassword(user.getPassword()));
  86                 }
  87                 securityDao.createUser(user);
  88         }
  89
  90         public ArgeoUser getUser(String username) {
  91                 return securityDao.getUser(username);
  92         }
  93
  94         public Boolean userExists(String username) {
  95                 return securityDao.userExists(username);
  96         }
  97
  98         public void updateUser(ArgeoUser user) {
  99                 String password = user.getPassword();
 100                 if (password == null)
 101                         password = securityDao.getUserWithPassword(user.getUsername())
 102                                         .getPassword();
 103                 if (!password.startsWith("{"))
 104                         password = securityDao.encodePassword(user.getPassword());
 105                 SimpleArgeoUser simpleArgeoUser = new SimpleArgeoUser(user);
 106                 simpleArgeoUser.setPassword(password);
 107                 securityDao.updateUser(simpleArgeoUser);
 108         }
 109
 110         public void deleteUser(String username) {
 111                 securityDao.deleteUser(username);
 112
 113         }
 114
 115         public void deleteRole(String role) {
 116                 securityDao.deleteRole(role);
 117         }
 118
 119         public TaskExecutor createSystemAuthenticatedTaskExecutor() {
 120                 return new SimpleAsyncTaskExecutor() {
 121                         private static final long serialVersionUID = -8126773862193265020L;
 122
 123                         @Override
 124                         public Thread createThread(Runnable runnable) {
 125                                 return super
 126                                                 .createThread(wrapWithSystemAuthentication(runnable));
 127                         }
 128
 129                 };
 130         }
 131
 132         /**
 133          * Wraps another runnable, adding security context <br/>
 134          * TODO: secure the call to this method with Java Security
 135          */
 136         public Runnable wrapWithSystemAuthentication(final Runnable runnable) {
 137                 return new Runnable() {
 138
 139                         public void run() {
 140                                 SecurityContext securityContext = SecurityContextHolder
 141                                                 .getContext();
 142                                 Authentication auth = authenticationManager
 143                                                 .authenticate(new InternalAuthentication(
 144                                                                 systemAuthenticationKey));
 145                                 securityContext.setAuthentication(auth);
 146
 147                                 runnable.run();
 148                         }
 149                 };
 150         }
 151
 152         public Set<ArgeoUser> listUsersInRole(String role) {
 153                 Set<ArgeoUser> lst = securityDao.listUsersInRole(role);
 154                 Iterator<ArgeoUser> it = lst.iterator();
 155                 while (it.hasNext()) {
 156                         if (it.next().getUsername()
 157                                         .equals(argeoSecurity.getSuperUsername())) {
 158                                 it.remove();
 159                                 break;
 160                         }
 161                 }
 162                 return lst;
 163         }
 164
 165         public void updateCurrentUserNatures(Map<String, UserNature> userNatures) {
 166                 // TODO Auto-generated method stub
 167
 168         }
 169
 170         public Set<ArgeoUser> listUsers() {
 171                 return securityDao.listUsers();
 172         }
 173
 174         public Set<String> listEditableRoles() {
 175                 // TODO Auto-generated method stub
 176                 return securityDao.listEditableRoles();
 177         }
 178
 179         public void setArgeoSecurity(ArgeoSecurity argeoSecurity) {
 180                 this.argeoSecurity = argeoSecurity;
 181         }
 182
 183         public void setSecurityDao(ArgeoSecurityDao dao) {
 184                 this.securityDao = dao;
 185         }
 186
 187         public void setAuthenticationManager(
 188                         AuthenticationManager authenticationManager) {
 189                 this.authenticationManager = authenticationManager;
 190         }
 191
 192         public void setSystemAuthenticationKey(String systemAuthenticationKey) {
 193                 this.systemAuthenticationKey = systemAuthenticationKey;
 194         }
 195 }