X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fcore%2FDefaultSecurityService.java;h=68f97d4a069e3eaa73257d943da72913ea5bf24d;hb=977a7a352131b082a98739f15e421f2bff747567;hp=b69e02a4097115f08fa68e4fe982d663fac47754;hpb=ec59a58bc368dc922a454d52eb70bb91dfd68793;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java index b69e02a40..68f97d4a0 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java @@ -1,14 +1,44 @@ +/* + * Copyright (C) 2010 Mathieu Baudier + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.argeo.security.core; +import java.util.Iterator; +import java.util.Set; + import org.argeo.security.ArgeoSecurity; import org.argeo.security.ArgeoSecurityDao; import org.argeo.security.ArgeoSecurityService; import org.argeo.security.ArgeoUser; -import org.argeo.security.BasicArgeoUser; +import org.argeo.security.SimpleArgeoUser; +import org.argeo.security.UserAdminService; +import org.springframework.core.task.SimpleAsyncTaskExecutor; +import org.springframework.core.task.TaskExecutor; +import org.springframework.security.Authentication; +import org.springframework.security.AuthenticationManager; +import org.springframework.security.context.SecurityContext; +import org.springframework.security.context.SecurityContextHolder; -public class DefaultSecurityService implements ArgeoSecurityService { +public class DefaultSecurityService extends DefaultCurrentUserService implements + UserAdminService, ArgeoSecurityService { private ArgeoSecurity argeoSecurity = new DefaultArgeoSecurity(); private ArgeoSecurityDao securityDao; + private AuthenticationManager authenticationManager; + + private String systemAuthenticationKey; public ArgeoSecurityDao getSecurityDao() { return securityDao; @@ -19,14 +49,110 @@ public class DefaultSecurityService implements ArgeoSecurityService { } public void updateUserPassword(String username, String password) { - BasicArgeoUser user = new BasicArgeoUser(securityDao.getUser(username)); - user.setPassword(password); - securityDao.update(user); + SimpleArgeoUser user = new SimpleArgeoUser( + securityDao.getUser(username)); + user.setPassword(encodePassword(password)); + securityDao.updateUser(user); } public void newUser(ArgeoUser user) { argeoSecurity.beforeCreate(user); - securityDao.create(user); + // normalize password + if (user instanceof SimpleArgeoUser) { + if (user.getPassword() == null || user.getPassword().equals("")) + ((SimpleArgeoUser) user).setPassword(encodePassword(user + .getUsername())); + else if (!user.getPassword().startsWith("{")) + ((SimpleArgeoUser) user).setPassword(encodePassword(user + .getPassword())); + } + securityDao.createUser(user); + } + + public ArgeoUser getUser(String username) { + return securityDao.getUser(username); + } + + public Boolean userExists(String username) { + return securityDao.userExists(username); + } + + public void updateUser(ArgeoUser user) { + String password = user.getPassword(); + if (password == null) + password = securityDao.getUserWithPassword(user.getUsername()) + .getPassword(); + if (!password.startsWith("{")) + password = encodePassword(user.getPassword()); + SimpleArgeoUser simpleArgeoUser = new SimpleArgeoUser(user); + simpleArgeoUser.setPassword(password); + securityDao.updateUser(simpleArgeoUser); + } + + public void deleteUser(String username) { + securityDao.deleteUser(username); + + } + + public void deleteRole(String role) { + securityDao.deleteRole(role); + } + + @Deprecated + public TaskExecutor createSystemAuthenticatedTaskExecutor() { + return new SimpleAsyncTaskExecutor() { + private static final long serialVersionUID = -8126773862193265020L; + + @Override + public Thread createThread(Runnable runnable) { + return super + .createThread(wrapWithSystemAuthentication(runnable)); + } + + }; + } + + /** + * Wraps another runnable, adding security context
+ * TODO: secure the call to this method with Java Security + */ + @Deprecated + public Runnable wrapWithSystemAuthentication(final Runnable runnable) { + return new Runnable() { + + public void run() { + SecurityContext securityContext = SecurityContextHolder + .getContext(); + Authentication auth = authenticationManager + .authenticate(new InternalAuthentication( + systemAuthenticationKey)); + securityContext.setAuthentication(auth); + + runnable.run(); + } + }; + } + + public Set listUsersInRole(String role) { + Set lst = securityDao.listUsersInRole(role); + Iterator it = lst.iterator(); + while (it.hasNext()) { + if (it.next().getUsername() + .equals(argeoSecurity.getSuperUsername())) { + it.remove(); + break; + } + } + return lst; + } + + public Set listUsers() { + return securityDao.listUsers(); + } + + public Set listEditableRoles() { + // TODO Auto-generated method stub + return securityDao.listEditableRoles(); } public void setArgeoSecurity(ArgeoSecurity argeoSecurity) { @@ -35,6 +161,15 @@ public class DefaultSecurityService implements ArgeoSecurityService { public void setSecurityDao(ArgeoSecurityDao dao) { this.securityDao = dao; + setCurrentUserDao(dao); } + public void setAuthenticationManager( + AuthenticationManager authenticationManager) { + this.authenticationManager = authenticationManager; + } + + public void setSystemAuthenticationKey(String systemAuthenticationKey) { + this.systemAuthenticationKey = systemAuthenticationKey; + } }