package org.argeo.security.mvc;
+import java.io.Reader;
import java.util.List;
+import org.argeo.security.ArgeoSecurityService;
import org.argeo.security.ArgeoUser;
-import org.argeo.security.core.ArgeoUserDetails;
-import org.argeo.security.dao.RoleDao;
-import org.argeo.security.dao.UserDao;
import org.argeo.server.BooleanAnswer;
import org.argeo.server.ServerAnswer;
-import org.springframework.security.Authentication;
-import org.springframework.security.context.SecurityContextHolder;
+import org.argeo.server.ServerDeserializer;
+import org.argeo.server.mvc.MvcConstants;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
@Controller
-public class UsersRolesController {
- private UserDao userDao;
- private RoleDao roleDao;
+public class UsersRolesController implements MvcConstants {
+ // private final static Log log = LogFactory
+ // .getLog(UsersRolesController.class);
+
+ private ArgeoSecurityService securityService;
+
+ private ServerDeserializer userDeserializer = null;
+
+ /* USER */
@RequestMapping("/getCredentials.security")
- @ModelAttribute("getCredentials")
+ @ModelAttribute(ANSWER_MODEL_KEY)
public ArgeoUser getCredentials() {
- Authentication authentication = SecurityContextHolder.getContext()
- .getAuthentication();
+ return securityService.getSecurityDao().getCurrentUser();
+ }
+
+ @RequestMapping("/login.security")
+ @ModelAttribute(ANSWER_MODEL_KEY)
+ public ArgeoUser login(@RequestParam("username") String username,
+ @RequestParam("password") String password) {
+ return securityService.getSecurityDao().getCurrentUser();
+ }
- return ArgeoUserDetails.asArgeoUser(authentication);
+ @RequestMapping("/logout.security")
+ @ModelAttribute(ANSWER_MODEL_KEY)
+ public ServerAnswer logout() {
+ return ServerAnswer.ok("Logged out");
}
@RequestMapping("/getUsersList.security")
- @ModelAttribute("getUsersList")
+ @ModelAttribute(ANSWER_MODEL_KEY)
public List<ArgeoUser> getUsersList() {
- return userDao.listUsers();
+ return securityService.getSecurityDao().listUsers();
}
@RequestMapping("/userExists.security")
- @ModelAttribute("userExists")
+ @ModelAttribute(ANSWER_MODEL_KEY)
public BooleanAnswer userExists(@RequestParam("username") String username) {
- return new BooleanAnswer(userDao.userExists(username));
+ return new BooleanAnswer(securityService.getSecurityDao().userExists(
+ username));
}
+ @RequestMapping("/createUser.security")
+ @ModelAttribute(ANSWER_MODEL_KEY)
+ public ArgeoUser createUser(Reader reader) {
+ ArgeoUser user = (ArgeoUser) userDeserializer.deserialize(reader);
+ // cleanUserBeforeCreate(user);
+ securityService.newUser(user);
+ return securityService.getSecurityDao().getUser(user.getUsername());
+ }
+
+ @RequestMapping("/updateUser.security")
+ @ModelAttribute(ANSWER_MODEL_KEY)
+ public ArgeoUser updateUser(Reader reader) {
+ ArgeoUser user = (ArgeoUser) userDeserializer.deserialize(reader);
+ securityService.updateUser(user);
+ return securityService.getSecurityDao().getUser(user.getUsername());
+ }
+
+ /*
+ * @RequestMapping("/createUser2.security")
+ *
+ * @ModelAttribute(ANSWER_MODEL_KEY) public ArgeoUser
+ * createUser(@RequestParam("body") String body) { if (log.isDebugEnabled())
+ * log.debug("body:\n" + body); StringReader reader = new
+ * StringReader(body); ArgeoUser user = null; try { user = (ArgeoUser)
+ * userDeserializer.deserialize(reader); } finally {
+ * IOUtils.closeQuietly(reader); } cleanUserBeforeCreate(user);
+ * securityService.newUser(user); return
+ * securityService.getSecurityDao().getUser(user.getUsername()); }
+ */
+
@RequestMapping("/deleteUser.security")
- @ModelAttribute("deleteUser")
+ @ModelAttribute(ANSWER_MODEL_KEY)
public ServerAnswer deleteUser(@RequestParam("username") String username) {
- userDao.delete(username);
- return ServerAnswer.ok(username + " deleted");
+ securityService.getSecurityDao().delete(username);
+ return ServerAnswer.ok("User " + username + " deleted");
}
@RequestMapping("/getUserDetails.security")
- @ModelAttribute("getUserDetails")
+ @ModelAttribute(ANSWER_MODEL_KEY)
public ArgeoUser getUserDetails(@RequestParam("username") String username) {
- return userDao.getUser(username);
+ return securityService.getSecurityDao().getUser(username);
}
- public void setUserDao(UserDao userDao) {
- this.userDao = userDao;
+ /* ROLE */
+ @RequestMapping("/getRolesList.security")
+ @ModelAttribute(ANSWER_MODEL_KEY)
+ public List<String> getEditableRolesList() {
+ return securityService.getSecurityDao().listEditableRoles();
+ }
+
+ @RequestMapping("/createRole.security")
+ @ModelAttribute(ANSWER_MODEL_KEY)
+ public ServerAnswer createRole(@RequestParam("role") String role) {
+ securityService.newRole(role);
+ return ServerAnswer.ok("Role " + role + " created");
+ }
+
+ @RequestMapping("/deleteRole.security")
+ @ModelAttribute(ANSWER_MODEL_KEY)
+ public ServerAnswer deleteRole(@RequestParam("role") String role) {
+ securityService.getSecurityDao().deleteRole(role);
+ return ServerAnswer.ok("Role " + role + " deleted");
+ }
+
+ @RequestMapping("/updateUserPassword.security")
+ @ModelAttribute(ANSWER_MODEL_KEY)
+ public ServerAnswer updateUserPassword(
+ @RequestParam("username") String username,
+ @RequestParam("password") String password) {
+ securityService.updateUserPassword(username, password);
+ return ServerAnswer.ok("Password updated for user " + username);
+ }
+
+ @RequestMapping("/updatePassword.security")
+ @ModelAttribute(ANSWER_MODEL_KEY)
+ public ServerAnswer updatePassword(
+ @RequestParam("password") String password,
+ @RequestParam("oldPassword") String oldPassword) {
+ securityService.getSecurityDao().updatePassword(oldPassword, password);
+ return ServerAnswer.ok("Password updated");
+ }
+
+ // protected void cleanUserBeforeCreate(ArgeoUser user) {
+ // user.getUserNatures().clear();
+ // }
+
+ public void setUserDeserializer(ServerDeserializer userDeserializer) {
+ this.userDeserializer = userDeserializer;
}
- public void setRoleDao(RoleDao roleDao) {
- this.roleDao = roleDao;
+ public void setSecurityService(ArgeoSecurityService securityService) {
+ this.securityService = securityService;
}
}
projects / lgpl / argeo-commons.git / blobdiff