+/*
+ * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package org.argeo.security.mvc;
+import java.io.Reader;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.List;
+
+import org.apache.commons.codec.binary.Base64;
+import org.argeo.security.ArgeoSecurityService;
import org.argeo.security.ArgeoUser;
-import org.argeo.security.core.ArgeoUserDetails;
-import org.springframework.security.Authentication;
-import org.springframework.security.context.SecurityContextHolder;
+import org.argeo.security.SimpleArgeoUser;
+import org.argeo.server.BooleanAnswer;
+import org.argeo.server.Deserializer;
+import org.argeo.server.ServerAnswer;
+import org.argeo.server.mvc.MvcConstants;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
@Controller
-public class UsersRolesController {
+public class UsersRolesController implements MvcConstants {
+ // private final static Log log = LogFactory
+ // .getLog(UsersRolesController.class);
+
+ private String digestType = "SHA";
+
+ private ArgeoSecurityService securityService;
+
+ private Deserializer userDeserializer = null;
- @RequestMapping("/getCredentials.security")
- @ModelAttribute("getCredentials")
+ /* USER */
+
+ @RequestMapping("/getCredentials.*")
+ @ModelAttribute("user")
public ArgeoUser getCredentials() {
- Authentication authentication = SecurityContextHolder.getContext()
- .getAuthentication();
+ ArgeoUser argeoUser = securityService.getCurrentUser();
+ if (argeoUser == null)
+ return new SimpleArgeoUser();
+ else
+ return argeoUser;
+ }
+
+ @RequestMapping("/getUsersList.*")
+ @ModelAttribute("users")
+ public List<ArgeoUser> getUsersList() {
+ return securityService.getSecurityDao().listUsers();
+ }
+
+ @RequestMapping("/userExists.*")
+ public BooleanAnswer userExists(@RequestParam("username") String username) {
+ return new BooleanAnswer(securityService.getSecurityDao().userExists(
+ username));
+ }
+
+ @RequestMapping("/createUser.*")
+ @ModelAttribute("user")
+ public ArgeoUser createUser(Reader reader) {
+ ArgeoUser user = userDeserializer.deserialize(reader,
+ SimpleArgeoUser.class);
+ // cleanUserBeforeCreate(user);
+ securityService.newUser(user);
+ return securityService.getSecurityDao().getUser(user.getUsername());
+ }
+
+ @RequestMapping("/updateUser.*")
+ @ModelAttribute("user")
+ public ArgeoUser updateUser(Reader reader) {
+ ArgeoUser user = userDeserializer.deserialize(reader,
+ SimpleArgeoUser.class);
+ securityService.updateUser(user);
+ return securityService.getSecurityDao().getUser(user.getUsername());
+ }
+
+ @RequestMapping("/updateUserSelf.*")
+ @ModelAttribute("user")
+ /** Will only update the user natures.*/
+ public ArgeoUser updateUserSelf(Reader reader) {
+ ArgeoUser user = securityService.getCurrentUser();
+ ArgeoUser userForNatures = userDeserializer.deserialize(reader,
+ SimpleArgeoUser.class);
+ user.updateUserNatures(userForNatures.getUserNatures());
+ securityService.updateUser(user);
+ return securityService.getSecurityDao().getUser(user.getUsername());
+ }
+
+ @RequestMapping("/deleteUser.*")
+ public ServerAnswer deleteUser(@RequestParam("username") String username) {
+ securityService.getSecurityDao().delete(username);
+ return ServerAnswer.ok("User " + username + " deleted");
+ }
- return ArgeoUserDetails.createBasicArgeoUser(authentication);
+ @RequestMapping("/getUserDetails.*")
+ @ModelAttribute("user")
+ public ArgeoUser getUserDetails(@RequestParam("username") String username) {
+ return securityService.getSecurityDao().getUser(username);
}
+
+ /* ROLE */
+ @RequestMapping("/getRolesList.*")
+ @ModelAttribute("roles")
+ public List<String> getEditableRolesList() {
+ return securityService.getSecurityDao().listEditableRoles();
+ }
+
+ @RequestMapping("/createRole.*")
+ public ServerAnswer createRole(@RequestParam("role") String role) {
+ securityService.newRole(role);
+ return ServerAnswer.ok("Role " + role + " created");
+ }
+
+ @RequestMapping("/deleteRole.*")
+ public ServerAnswer deleteRole(@RequestParam("role") String role) {
+ securityService.getSecurityDao().deleteRole(role);
+ return ServerAnswer.ok("Role " + role + " deleted");
+ }
+
+ @RequestMapping("/updateUserPassword.*")
+ public ServerAnswer updateUserPassword(
+ @RequestParam("username") String username,
+ @RequestParam("password") String password) {
+ securityService.updateUserPassword(username,
+ digestIfNecessary(password));
+ return ServerAnswer.ok("Password updated for user " + username);
+ }
+
+ @RequestMapping("/updatePassword.*")
+ public ServerAnswer updatePassword(
+ @RequestParam("oldPassword") String oldPassword,
+ @RequestParam("password") String password) {
+ securityService.updateCurrentUserPassword(
+ digestIfNecessary(oldPassword), digestIfNecessary(password));
+ return ServerAnswer.ok("Password updated");
+ }
+
+ protected String digestIfNecessary(String str) {
+ if (!str.startsWith("{" + digestType + "}"))
+ return digest(str);
+ else
+ return str;
+ }
+
+ protected String digest(String nonEncrypted) {
+ try {
+ MessageDigest md = MessageDigest.getInstance(digestType);
+ byte[] dig = md.digest(nonEncrypted.getBytes());
+ return "{" + digestType + "}"
+ + new String(Base64.encodeBase64(dig));
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException(
+ "Unexpected exception while digesting password");
+ }
+ }
+
+ public void setUserDeserializer(Deserializer userDeserializer) {
+ this.userDeserializer = userDeserializer;
+ }
+
+ public void setSecurityService(ArgeoSecurityService securityService) {
+ this.securityService = securityService;
+ }
+
}