package org.argeo.security.mvc;
import java.io.Reader;
-import java.io.StringReader;
import java.util.List;
-import org.apache.commons.io.IOUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
import org.argeo.security.ArgeoSecurityService;
import org.argeo.security.ArgeoUser;
-import org.argeo.security.BasicArgeoUser;
-import org.argeo.security.core.ArgeoUserDetails;
+import org.argeo.security.SimpleArgeoUser;
import org.argeo.server.BooleanAnswer;
-import org.argeo.server.DeserializingEditor;
import org.argeo.server.ServerAnswer;
import org.argeo.server.ServerDeserializer;
import org.argeo.server.mvc.MvcConstants;
-import org.springframework.security.Authentication;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.WebDataBinder;
-import org.springframework.web.bind.annotation.InitBinder;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
@Controller
public class UsersRolesController implements MvcConstants {
- private final static Log log = LogFactory
- .getLog(UsersRolesController.class);
+ // private final static Log log = LogFactory
+ // .getLog(UsersRolesController.class);
private ArgeoSecurityService securityService;
private ServerDeserializer userDeserializer = null;
- @InitBinder
- public void initBinder(WebDataBinder binder) {
- binder.registerCustomEditor(BasicArgeoUser.class,
- new DeserializingEditor(userDeserializer));
- }
-
/* USER */
- @RequestMapping("/getCredentials.security")
+ @RequestMapping("/getCredentials.ria")
@ModelAttribute(ANSWER_MODEL_KEY)
public ArgeoUser getCredentials() {
- Authentication authentication = SecurityContextHolder.getContext()
- .getAuthentication();
- return ArgeoUserDetails.asArgeoUser(authentication);
+ ArgeoUser argeoUser = securityService.getSecurityDao().getCurrentUser();
+ if (argeoUser == null)
+ return new SimpleArgeoUser();
+ else
+ return argeoUser;
}
+ // @RequestMapping("/login.security")
+ // @ModelAttribute(ANSWER_MODEL_KEY)
+ // public ArgeoUser login(@RequestParam("username") String username,
+ // @RequestParam("password") String password) {
+ // //SecurityContextHolder.getContext().getAuthentication().
+ // return securityService.getSecurityDao().getCurrentUser();
+ // }
+ //
+ // @RequestMapping("/logout.security")
+ // @ModelAttribute(ANSWER_MODEL_KEY)
+ // public ServerAnswer logout() {
+ // return ServerAnswer.ok("Logged out");
+ // }
+
@RequestMapping("/getUsersList.security")
@ModelAttribute(ANSWER_MODEL_KEY)
public List<ArgeoUser> getUsersList() {
@ModelAttribute(ANSWER_MODEL_KEY)
public ArgeoUser createUser(Reader reader) {
ArgeoUser user = (ArgeoUser) userDeserializer.deserialize(reader);
- cleanUserBeforeCreate(user);
+ // cleanUserBeforeCreate(user);
securityService.newUser(user);
return securityService.getSecurityDao().getUser(user.getUsername());
}
@ModelAttribute(ANSWER_MODEL_KEY)
public ArgeoUser updateUser(Reader reader) {
ArgeoUser user = (ArgeoUser) userDeserializer.deserialize(reader);
- securityService.getSecurityDao().update(user);
+ securityService.updateUser(user);
return securityService.getSecurityDao().getUser(user.getUsername());
}
- @RequestMapping("/createUser2.security")
- @ModelAttribute(ANSWER_MODEL_KEY)
- public ArgeoUser createUser(@RequestParam("body") String body) {
- if (log.isDebugEnabled())
- log.debug("body:\n" + body);
- StringReader reader = new StringReader(body);
- ArgeoUser user = null;
- try {
- user = (ArgeoUser) userDeserializer.deserialize(reader);
- } finally {
- IOUtils.closeQuietly(reader);
- }
- cleanUserBeforeCreate(user);
- securityService.newUser(user);
- return securityService.getSecurityDao().getUser(user.getUsername());
- }
+ /*
+ * @RequestMapping("/createUser2.security")
+ *
+ * @ModelAttribute(ANSWER_MODEL_KEY) public ArgeoUser
+ * createUser(@RequestParam("body") String body) { if (log.isDebugEnabled())
+ * log.debug("body:\n" + body); StringReader reader = new
+ * StringReader(body); ArgeoUser user = null; try { user = (ArgeoUser)
+ * userDeserializer.deserialize(reader); } finally {
+ * IOUtils.closeQuietly(reader); } cleanUserBeforeCreate(user);
+ * securityService.newUser(user); return
+ * securityService.getSecurityDao().getUser(user.getUsername()); }
+ */
@RequestMapping("/deleteUser.security")
@ModelAttribute(ANSWER_MODEL_KEY)
@ModelAttribute(ANSWER_MODEL_KEY)
public ServerAnswer deleteRole(@RequestParam("role") String role) {
securityService.getSecurityDao().deleteRole(role);
- return ServerAnswer.ok("Role " + role + " created");
+ return ServerAnswer.ok("Role " + role + " deleted");
+ }
+
+ @RequestMapping("/updateUserPassword.security")
+ @ModelAttribute(ANSWER_MODEL_KEY)
+ public ServerAnswer updateUserPassword(
+ @RequestParam("username") String username,
+ @RequestParam("password") String password) {
+ securityService.updateUserPassword(username, password);
+ return ServerAnswer.ok("Password updated for user " + username);
}
- protected void cleanUserBeforeCreate(ArgeoUser user) {
- user.getUserNatures().clear();
- user.getRoles().clear();
+ @RequestMapping("/updatePassword.security")
+ @ModelAttribute(ANSWER_MODEL_KEY)
+ public ServerAnswer updatePassword(
+ @RequestParam("password") String password,
+ @RequestParam("oldPassword") String oldPassword) {
+ securityService.getSecurityDao().updatePassword(oldPassword, password);
+ return ServerAnswer.ok("Password updated");
}
+ // protected void cleanUserBeforeCreate(ArgeoUser user) {
+ // user.getUserNatures().clear();
+ // }
+
public void setUserDeserializer(ServerDeserializer userDeserializer) {
this.userDeserializer = userDeserializer;
}