X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fcore%2FDefaultSecurityService.java;h=d6ff69cc23b549632e26edfbe4f93a7ac081b0ad;hb=d685633924a5ee0328f5053b375564ca8fe969e6;hp=28f399f5a240078f2d8ef4531926cab390380909;hpb=490d9907457c43acfa965e7979ce5974bc1ba6ca;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java index 28f399f5a..d6ff69cc2 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java @@ -16,6 +16,9 @@ package org.argeo.security.core; +import java.util.Iterator; +import java.util.List; + import org.argeo.ArgeoException; import org.argeo.security.ArgeoSecurity; import org.argeo.security.ArgeoSecurityDao; @@ -36,6 +39,15 @@ public class DefaultSecurityService implements ArgeoSecurityService { private String systemAuthenticationKey; + public ArgeoUser getCurrentUser() { + ArgeoUser argeoUser = ArgeoUserDetails.securityContextUser(); + if (argeoUser == null) + return null; + if (argeoUser.getRoles().contains(securityDao.getDefaultRole())) + argeoUser.getRoles().remove(securityDao.getDefaultRole()); + return argeoUser; + } + public ArgeoSecurityDao getSecurityDao() { return securityDao; } @@ -45,22 +57,22 @@ public class DefaultSecurityService implements ArgeoSecurityService { } public void updateUserPassword(String username, String password) { - SimpleArgeoUser user = new SimpleArgeoUser(securityDao - .getUser(username)); + SimpleArgeoUser user = new SimpleArgeoUser( + securityDao.getUser(username)); user.setPassword(password); securityDao.update(user); } public void updateCurrentUserPassword(String oldPassword, String newPassword) { - SimpleArgeoUser user = new SimpleArgeoUser(securityDao.getCurrentUser()); - if (!user.getPassword().equals(oldPassword)) + SimpleArgeoUser user = new SimpleArgeoUser(getCurrentUser()); + if (!securityDao.isPasswordValid(user.getPassword(), oldPassword)) throw new ArgeoException("Old password is not correct."); - user.setPassword(newPassword); + user.setPassword(securityDao.encodePassword(newPassword)); securityDao.update(user); } public void newUser(ArgeoUser user) { - user.getUserNatures().clear(); +// user.getUserNatures().clear(); argeoSecurity.beforeCreate(user); securityDao.create(user); } @@ -106,6 +118,19 @@ public class DefaultSecurityService implements ArgeoSecurityService { }; } + public List listUsersInRole(String role) { + List lst = securityDao.listUsersInRole(role); + Iterator it = lst.iterator(); + while (it.hasNext()) { + if (it.next().getUsername() + .equals(argeoSecurity.getSuperUsername())) { + it.remove(); + break; + } + } + return lst; + } + public void setArgeoSecurity(ArgeoSecurity argeoSecurity) { this.argeoSecurity = argeoSecurity; } @@ -122,5 +147,4 @@ public class DefaultSecurityService implements ArgeoSecurityService { public void setSystemAuthenticationKey(String systemAuthenticationKey) { this.systemAuthenticationKey = systemAuthenticationKey; } - }