X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;ds=sidebyside;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fcore%2FDefaultSecurityService.java;h=68f97d4a069e3eaa73257d943da72913ea5bf24d;hb=977a7a352131b082a98739f15e421f2bff747567;hp=b9220b2692af7305657593944012b950cc96754c;hpb=c95922edc1d65ef4ef568d66e29ab0bd679693ef;p=lgpl%2Fargeo-commons.git

diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java
index b9220b269..68f97d4a0 100644
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java
@@ -16,12 +16,15 @@
 
 package org.argeo.security.core;
 
-import org.argeo.ArgeoException;
+import java.util.Iterator;
+import java.util.Set;
+
 import org.argeo.security.ArgeoSecurity;
 import org.argeo.security.ArgeoSecurityDao;
 import org.argeo.security.ArgeoSecurityService;
 import org.argeo.security.ArgeoUser;
 import org.argeo.security.SimpleArgeoUser;
+import org.argeo.security.UserAdminService;
 import org.springframework.core.task.SimpleAsyncTaskExecutor;
 import org.springframework.core.task.TaskExecutor;
 import org.springframework.security.Authentication;
@@ -29,22 +32,14 @@ import org.springframework.security.AuthenticationManager;
 import org.springframework.security.context.SecurityContext;
 import org.springframework.security.context.SecurityContextHolder;
 
-public class DefaultSecurityService implements ArgeoSecurityService {
+public class DefaultSecurityService extends DefaultCurrentUserService implements
+		UserAdminService, ArgeoSecurityService {
 	private ArgeoSecurity argeoSecurity = new DefaultArgeoSecurity();
 	private ArgeoSecurityDao securityDao;
 	private AuthenticationManager authenticationManager;
 
 	private String systemAuthenticationKey;
 
-	public ArgeoUser getCurrentUser() {
-		ArgeoUser argeoUser = ArgeoUserDetails.securityContextUser();
-		if (argeoUser == null)
-			return null;
-		if (argeoUser.getRoles().contains(securityDao.getDefaultRole()))
-			argeoUser.getRoles().remove(securityDao.getDefaultRole());
-		return argeoUser;
-	}
-
 	public ArgeoSecurityDao getSecurityDao() {
 		return securityDao;
 	}
@@ -56,32 +51,54 @@ public class DefaultSecurityService implements ArgeoSecurityService {
 	public void updateUserPassword(String username, String password) {
 		SimpleArgeoUser user = new SimpleArgeoUser(
 				securityDao.getUser(username));
-		user.setPassword(password);
-		securityDao.update(user);
-	}
-
-	public void updateCurrentUserPassword(String oldPassword, String newPassword) {
-		SimpleArgeoUser user = new SimpleArgeoUser(getCurrentUser());
-		if (!securityDao.isPasswordValid(user.getPassword(), oldPassword))
-			throw new ArgeoException("Old password is not correct.");
-		user.setPassword(securityDao.encodePassword(newPassword));
-		securityDao.update(user);
+		user.setPassword(encodePassword(password));
+		securityDao.updateUser(user);
 	}
 
 	public void newUser(ArgeoUser user) {
-		user.getUserNatures().clear();
 		argeoSecurity.beforeCreate(user);
-		securityDao.create(user);
+		// normalize password
+		if (user instanceof SimpleArgeoUser) {
+			if (user.getPassword() == null || user.getPassword().equals(""))
+				((SimpleArgeoUser) user).setPassword(encodePassword(user
+						.getUsername()));
+			else if (!user.getPassword().startsWith("{"))
+				((SimpleArgeoUser) user).setPassword(encodePassword(user
+						.getPassword()));
+		}
+		securityDao.createUser(user);
+	}
+
+	public ArgeoUser getUser(String username) {
+		return securityDao.getUser(username);
+	}
+
+	public Boolean userExists(String username) {
+		return securityDao.userExists(username);
 	}
 
 	public void updateUser(ArgeoUser user) {
-		String password = securityDao.getUserWithPassword(user.getUsername())
-				.getPassword();
+		String password = user.getPassword();
+		if (password == null)
+			password = securityDao.getUserWithPassword(user.getUsername())
+					.getPassword();
+		if (!password.startsWith("{"))
+			password = encodePassword(user.getPassword());
 		SimpleArgeoUser simpleArgeoUser = new SimpleArgeoUser(user);
 		simpleArgeoUser.setPassword(password);
-		securityDao.update(simpleArgeoUser);
+		securityDao.updateUser(simpleArgeoUser);
 	}
 
+	public void deleteUser(String username) {
+		securityDao.deleteUser(username);
+
+	}
+
+	public void deleteRole(String role) {
+		securityDao.deleteRole(role);
+	}
+
+	@Deprecated
 	public TaskExecutor createSystemAuthenticatedTaskExecutor() {
 		return new SimpleAsyncTaskExecutor() {
 			private static final long serialVersionUID = -8126773862193265020L;
@@ -99,6 +116,7 @@ public class DefaultSecurityService implements ArgeoSecurityService {
 	 * Wraps another runnable, adding security context <br/>
 	 * TODO: secure the call to this method with Java Security
 	 */
+	@Deprecated
 	public Runnable wrapWithSystemAuthentication(final Runnable runnable) {
 		return new Runnable() {
 
@@ -115,12 +133,35 @@ public class DefaultSecurityService implements ArgeoSecurityService {
 		};
 	}
 
+	public Set<ArgeoUser> listUsersInRole(String role) {
+		Set<ArgeoUser> lst = securityDao.listUsersInRole(role);
+		Iterator<ArgeoUser> it = lst.iterator();
+		while (it.hasNext()) {
+			if (it.next().getUsername()
+					.equals(argeoSecurity.getSuperUsername())) {
+				it.remove();
+				break;
+			}
+		}
+		return lst;
+	}
+
+	public Set<ArgeoUser> listUsers() {
+		return securityDao.listUsers();
+	}
+
+	public Set<String> listEditableRoles() {
+		// TODO Auto-generated method stub
+		return securityDao.listEditableRoles();
+	}
+
 	public void setArgeoSecurity(ArgeoSecurity argeoSecurity) {
 		this.argeoSecurity = argeoSecurity;
 	}
 
 	public void setSecurityDao(ArgeoSecurityDao dao) {
 		this.securityDao = dao;
+		setCurrentUserDao(dao);
 	}
 
 	public void setAuthenticationManager(