X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fcore%2FDefaultSecurityService.java;h=d6ff69cc23b549632e26edfbe4f93a7ac081b0ad;hb=d685633924a5ee0328f5053b375564ca8fe969e6;hp=ef64337ebed1d99762cf642a0c496a8892447980;hpb=00a5c6cc0b5ed08afba5b34567acd5a4fec4826f;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java index ef64337eb..d6ff69cc2 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java @@ -1,15 +1,52 @@ +/* + * Copyright (C) 2010 Mathieu Baudier + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.argeo.security.core; +import java.util.Iterator; +import java.util.List; + import org.argeo.ArgeoException; import org.argeo.security.ArgeoSecurity; import org.argeo.security.ArgeoSecurityDao; import org.argeo.security.ArgeoSecurityService; import org.argeo.security.ArgeoUser; import org.argeo.security.SimpleArgeoUser; +import org.springframework.core.task.SimpleAsyncTaskExecutor; +import org.springframework.core.task.TaskExecutor; +import org.springframework.security.Authentication; +import org.springframework.security.AuthenticationManager; +import org.springframework.security.context.SecurityContext; +import org.springframework.security.context.SecurityContextHolder; public class DefaultSecurityService implements ArgeoSecurityService { private ArgeoSecurity argeoSecurity = new DefaultArgeoSecurity(); private ArgeoSecurityDao securityDao; + private AuthenticationManager authenticationManager; + + private String systemAuthenticationKey; + + public ArgeoUser getCurrentUser() { + ArgeoUser argeoUser = ArgeoUserDetails.securityContextUser(); + if (argeoUser == null) + return null; + if (argeoUser.getRoles().contains(securityDao.getDefaultRole())) + argeoUser.getRoles().remove(securityDao.getDefaultRole()); + return argeoUser; + } public ArgeoSecurityDao getSecurityDao() { return securityDao; @@ -20,22 +57,22 @@ public class DefaultSecurityService implements ArgeoSecurityService { } public void updateUserPassword(String username, String password) { - SimpleArgeoUser user = new SimpleArgeoUser(securityDao - .getUser(username)); + SimpleArgeoUser user = new SimpleArgeoUser( + securityDao.getUser(username)); user.setPassword(password); securityDao.update(user); } public void updateCurrentUserPassword(String oldPassword, String newPassword) { - SimpleArgeoUser user = new SimpleArgeoUser(securityDao.getCurrentUser()); - if (!user.getPassword().equals(oldPassword)) + SimpleArgeoUser user = new SimpleArgeoUser(getCurrentUser()); + if (!securityDao.isPasswordValid(user.getPassword(), oldPassword)) throw new ArgeoException("Old password is not correct."); - user.setPassword(newPassword); + user.setPassword(securityDao.encodePassword(newPassword)); securityDao.update(user); } public void newUser(ArgeoUser user) { - user.getUserNatures().clear(); +// user.getUserNatures().clear(); argeoSecurity.beforeCreate(user); securityDao.create(user); } @@ -48,6 +85,52 @@ public class DefaultSecurityService implements ArgeoSecurityService { securityDao.update(simpleArgeoUser); } + public TaskExecutor createSystemAuthenticatedTaskExecutor() { + return new SimpleAsyncTaskExecutor() { + private static final long serialVersionUID = -8126773862193265020L; + + @Override + public Thread createThread(Runnable runnable) { + return super + .createThread(wrapWithSystemAuthentication(runnable)); + } + + }; + } + + /** + * Wraps another runnable, adding security context
+ * TODO: secure the call to this method with Java Security + */ + public Runnable wrapWithSystemAuthentication(final Runnable runnable) { + return new Runnable() { + + public void run() { + SecurityContext securityContext = SecurityContextHolder + .getContext(); + Authentication auth = authenticationManager + .authenticate(new InternalAuthentication( + systemAuthenticationKey)); + securityContext.setAuthentication(auth); + + runnable.run(); + } + }; + } + + public List listUsersInRole(String role) { + List lst = securityDao.listUsersInRole(role); + Iterator it = lst.iterator(); + while (it.hasNext()) { + if (it.next().getUsername() + .equals(argeoSecurity.getSuperUsername())) { + it.remove(); + break; + } + } + return lst; + } + public void setArgeoSecurity(ArgeoSecurity argeoSecurity) { this.argeoSecurity = argeoSecurity; } @@ -56,4 +139,12 @@ public class DefaultSecurityService implements ArgeoSecurityService { this.securityDao = dao; } + public void setAuthenticationManager( + AuthenticationManager authenticationManager) { + this.authenticationManager = authenticationManager; + } + + public void setSystemAuthenticationKey(String systemAuthenticationKey) { + this.systemAuthenticationKey = systemAuthenticationKey; + } }