security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java

   1 /*
   2  * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 package org.argeo.security.core;
  18
  19 import java.util.Iterator;
  20 import java.util.List;
  21
  22 import org.argeo.ArgeoException;
  23 import org.argeo.security.ArgeoSecurity;
  24 import org.argeo.security.ArgeoSecurityDao;
  25 import org.argeo.security.ArgeoSecurityService;
  26 import org.argeo.security.ArgeoUser;
  27 import org.argeo.security.SimpleArgeoUser;
  28 import org.springframework.core.task.SimpleAsyncTaskExecutor;
  29 import org.springframework.core.task.TaskExecutor;
  30 import org.springframework.security.Authentication;
  31 import org.springframework.security.AuthenticationManager;
  32 import org.springframework.security.context.SecurityContext;
  33 import org.springframework.security.context.SecurityContextHolder;
  34
  35 public class DefaultSecurityService implements ArgeoSecurityService {
  36         private ArgeoSecurity argeoSecurity = new DefaultArgeoSecurity();
  37         private ArgeoSecurityDao securityDao;
  38         private AuthenticationManager authenticationManager;
  39
  40         private String systemAuthenticationKey;
  41
  42         public ArgeoUser getCurrentUser() {
  43                 ArgeoUser argeoUser = ArgeoUserDetails.securityContextUser();
  44                 if (argeoUser == null)
  45                         return null;
  46                 if (argeoUser.getRoles().contains(securityDao.getDefaultRole()))
  47                         argeoUser.getRoles().remove(securityDao.getDefaultRole());
  48                 return argeoUser;
  49         }
  50
  51         public ArgeoSecurityDao getSecurityDao() {
  52                 return securityDao;
  53         }
  54
  55         public void newRole(String role) {
  56                 securityDao.createRole(role, argeoSecurity.getSuperUsername());
  57         }
  58
  59         public void updateUserPassword(String username, String password) {
  60                 SimpleArgeoUser user = new SimpleArgeoUser(
  61                                 securityDao.getUser(username));
  62                 user.setPassword(securityDao.encodePassword(password));
  63                 securityDao.update(user);
  64         }
  65
  66         public void updateCurrentUserPassword(String oldPassword, String newPassword) {
  67                 SimpleArgeoUser user = new SimpleArgeoUser(getCurrentUser());
  68                 if (!securityDao.isPasswordValid(user.getPassword(), oldPassword))
  69                         throw new ArgeoException("Old password is not correct.");
  70                 user.setPassword(securityDao.encodePassword(newPassword));
  71                 securityDao.update(user);
  72         }
  73
  74         public void newUser(ArgeoUser user) {
  75                 argeoSecurity.beforeCreate(user);
  76                 // normalize password
  77                 if (user instanceof SimpleArgeoUser) {
  78                         if (user.getPassword() == null || user.getPassword().equals(""))
  79                                 ((SimpleArgeoUser) user).setPassword(securityDao
  80                                                 .encodePassword(user.getUsername()));
  81                         else if (!user.getPassword().startsWith("{"))
  82                                 ((SimpleArgeoUser) user).setPassword(securityDao
  83                                                 .encodePassword(user.getPassword()));
  84                 }
  85                 securityDao.create(user);
  86         }
  87
  88         public void updateUser(ArgeoUser user) {
  89                 String password = user.getPassword();
  90                 if (password == null)
  91                         password = securityDao.getUserWithPassword(user.getUsername())
  92                                         .getPassword();
  93                 if (!password.startsWith("{"))
  94                         password = securityDao.encodePassword(user.getPassword());
  95                 SimpleArgeoUser simpleArgeoUser = new SimpleArgeoUser(user);
  96                 simpleArgeoUser.setPassword(password);
  97                 securityDao.update(simpleArgeoUser);
  98         }
  99
 100         public TaskExecutor createSystemAuthenticatedTaskExecutor() {
 101                 return new SimpleAsyncTaskExecutor() {
 102                         private static final long serialVersionUID = -8126773862193265020L;
 103
 104                         @Override
 105                         public Thread createThread(Runnable runnable) {
 106                                 return super
 107                                                 .createThread(wrapWithSystemAuthentication(runnable));
 108                         }
 109
 110                 };
 111         }
 112
 113         /**
 114          * Wraps another runnable, adding security context <br/>
 115          * TODO: secure the call to this method with Java Security
 116          */
 117         public Runnable wrapWithSystemAuthentication(final Runnable runnable) {
 118                 return new Runnable() {
 119
 120                         public void run() {
 121                                 SecurityContext securityContext = SecurityContextHolder
 122                                                 .getContext();
 123                                 Authentication auth = authenticationManager
 124                                                 .authenticate(new InternalAuthentication(
 125                                                                 systemAuthenticationKey));
 126                                 securityContext.setAuthentication(auth);
 127
 128                                 runnable.run();
 129                         }
 130                 };
 131         }
 132
 133         public List<ArgeoUser> listUsersInRole(String role) {
 134                 List<ArgeoUser> lst = securityDao.listUsersInRole(role);
 135                 Iterator<ArgeoUser> it = lst.iterator();
 136                 while (it.hasNext()) {
 137                         if (it.next().getUsername()
 138                                         .equals(argeoSecurity.getSuperUsername())) {
 139                                 it.remove();
 140                                 break;
 141                         }
 142                 }
 143                 return lst;
 144         }
 145
 146         public void setArgeoSecurity(ArgeoSecurity argeoSecurity) {
 147                 this.argeoSecurity = argeoSecurity;
 148         }
 149
 150         public void setSecurityDao(ArgeoSecurityDao dao) {
 151                 this.securityDao = dao;
 152         }
 153
 154         public void setAuthenticationManager(
 155                         AuthenticationManager authenticationManager) {
 156                 this.authenticationManager = authenticationManager;
 157         }
 158
 159         public void setSystemAuthenticationKey(String systemAuthenticationKey) {
 160                 this.systemAuthenticationKey = systemAuthenticationKey;
 161         }
 162 }