2 * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package org
.argeo
.security
.core
;
19 import java
.util
.Iterator
;
20 import java
.util
.List
;
22 import org
.argeo
.ArgeoException
;
23 import org
.argeo
.security
.ArgeoSecurity
;
24 import org
.argeo
.security
.ArgeoSecurityDao
;
25 import org
.argeo
.security
.ArgeoSecurityService
;
26 import org
.argeo
.security
.ArgeoUser
;
27 import org
.argeo
.security
.SimpleArgeoUser
;
28 import org
.springframework
.core
.task
.SimpleAsyncTaskExecutor
;
29 import org
.springframework
.core
.task
.TaskExecutor
;
30 import org
.springframework
.security
.Authentication
;
31 import org
.springframework
.security
.AuthenticationManager
;
32 import org
.springframework
.security
.context
.SecurityContext
;
33 import org
.springframework
.security
.context
.SecurityContextHolder
;
35 public class DefaultSecurityService
implements ArgeoSecurityService
{
36 private ArgeoSecurity argeoSecurity
= new DefaultArgeoSecurity();
37 private ArgeoSecurityDao securityDao
;
38 private AuthenticationManager authenticationManager
;
40 private String systemAuthenticationKey
;
42 public ArgeoUser
getCurrentUser() {
43 ArgeoUser argeoUser
= ArgeoUserDetails
.securityContextUser();
44 if (argeoUser
== null)
46 if (argeoUser
.getRoles().contains(securityDao
.getDefaultRole()))
47 argeoUser
.getRoles().remove(securityDao
.getDefaultRole());
51 public ArgeoSecurityDao
getSecurityDao() {
55 public void newRole(String role
) {
56 securityDao
.createRole(role
, argeoSecurity
.getSuperUsername());
59 public void updateUserPassword(String username
, String password
) {
60 SimpleArgeoUser user
= new SimpleArgeoUser(
61 securityDao
.getUser(username
));
62 user
.setPassword(securityDao
.encodePassword(password
));
63 securityDao
.update(user
);
66 public void updateCurrentUserPassword(String oldPassword
, String newPassword
) {
67 SimpleArgeoUser user
= new SimpleArgeoUser(getCurrentUser());
68 if (!securityDao
.isPasswordValid(user
.getPassword(), oldPassword
))
69 throw new ArgeoException("Old password is not correct.");
70 user
.setPassword(securityDao
.encodePassword(newPassword
));
71 securityDao
.update(user
);
74 public void newUser(ArgeoUser user
) {
75 argeoSecurity
.beforeCreate(user
);
77 if (user
instanceof SimpleArgeoUser
) {
78 if (user
.getPassword() == null || user
.getPassword().equals(""))
79 ((SimpleArgeoUser
) user
).setPassword(securityDao
80 .encodePassword(user
.getUsername()));
81 else if (!user
.getPassword().startsWith("{"))
82 ((SimpleArgeoUser
) user
).setPassword(securityDao
83 .encodePassword(user
.getPassword()));
85 securityDao
.create(user
);
88 public void updateUser(ArgeoUser user
) {
89 String password
= user
.getPassword();
91 password
= securityDao
.getUserWithPassword(user
.getUsername())
93 if (!password
.startsWith("{"))
94 password
= securityDao
.encodePassword(user
.getPassword());
95 SimpleArgeoUser simpleArgeoUser
= new SimpleArgeoUser(user
);
96 simpleArgeoUser
.setPassword(password
);
97 securityDao
.update(simpleArgeoUser
);
100 public TaskExecutor
createSystemAuthenticatedTaskExecutor() {
101 return new SimpleAsyncTaskExecutor() {
102 private static final long serialVersionUID
= -8126773862193265020L;
105 public Thread
createThread(Runnable runnable
) {
107 .createThread(wrapWithSystemAuthentication(runnable
));
114 * Wraps another runnable, adding security context <br/>
115 * TODO: secure the call to this method with Java Security
117 public Runnable
wrapWithSystemAuthentication(final Runnable runnable
) {
118 return new Runnable() {
121 SecurityContext securityContext
= SecurityContextHolder
123 Authentication auth
= authenticationManager
124 .authenticate(new InternalAuthentication(
125 systemAuthenticationKey
));
126 securityContext
.setAuthentication(auth
);
133 public List
<ArgeoUser
> listUsersInRole(String role
) {
134 List
<ArgeoUser
> lst
= securityDao
.listUsersInRole(role
);
135 Iterator
<ArgeoUser
> it
= lst
.iterator();
136 while (it
.hasNext()) {
137 if (it
.next().getUsername()
138 .equals(argeoSecurity
.getSuperUsername())) {
146 public void setArgeoSecurity(ArgeoSecurity argeoSecurity
) {
147 this.argeoSecurity
= argeoSecurity
;
150 public void setSecurityDao(ArgeoSecurityDao dao
) {
151 this.securityDao
= dao
;
154 public void setAuthenticationManager(
155 AuthenticationManager authenticationManager
) {
156 this.authenticationManager
= authenticationManager
;
159 public void setSystemAuthenticationKey(String systemAuthenticationKey
) {
160 this.systemAuthenticationKey
= systemAuthenticationKey
;