X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.mvc%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fmvc%2FUsersRolesController.java;h=31d2d0581797c1377edd3361a34e34dbec7f1f1d;hb=51cdd7c0883f0ccd756f0f5d0dc2ac97b327d25d;hp=7f5334564fe931ed00637a87cc82deadb2faed77;hpb=e241a5585404c07bea8351c4112be64512ad7fb9;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java index 7f5334564..31d2d0581 100644 --- a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java +++ b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java @@ -1,22 +1,161 @@ package org.argeo.security.mvc; +import java.io.Reader; +import java.util.List; + +import org.argeo.security.ArgeoSecurityService; import org.argeo.security.ArgeoUser; -import org.argeo.security.core.ArgeoUserDetails; -import org.springframework.security.Authentication; +import org.argeo.security.SimpleArgeoUser; +import org.argeo.server.BooleanAnswer; +import org.argeo.server.ServerAnswer; +import org.argeo.server.ServerDeserializer; +import org.argeo.server.mvc.MvcConstants; import org.springframework.security.context.SecurityContextHolder; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestParam; @Controller -public class UsersRolesController { +public class UsersRolesController implements MvcConstants { + // private final static Log log = LogFactory + // .getLog(UsersRolesController.class); + + private ArgeoSecurityService securityService; + + private ServerDeserializer userDeserializer = null; - @RequestMapping("/getCredentials.security") - @ModelAttribute("getCredentials") + /* USER */ + + @RequestMapping("/getCredentials.ria") + @ModelAttribute(ANSWER_MODEL_KEY) public ArgeoUser getCredentials() { - Authentication authentication = SecurityContextHolder.getContext() - .getAuthentication(); + ArgeoUser argeoUser = securityService.getSecurityDao().getCurrentUser(); + if (argeoUser == null) + return new SimpleArgeoUser(); + else + return argeoUser; + } + + // @RequestMapping("/login.security") + // @ModelAttribute(ANSWER_MODEL_KEY) + // public ArgeoUser login(@RequestParam("username") String username, + // @RequestParam("password") String password) { + // //SecurityContextHolder.getContext().getAuthentication(). + // return securityService.getSecurityDao().getCurrentUser(); + // } + // + // @RequestMapping("/logout.security") + // @ModelAttribute(ANSWER_MODEL_KEY) + // public ServerAnswer logout() { + // return ServerAnswer.ok("Logged out"); + // } + + @RequestMapping("/getUsersList.security") + @ModelAttribute(ANSWER_MODEL_KEY) + public List getUsersList() { + return securityService.getSecurityDao().listUsers(); + } + + @RequestMapping("/userExists.security") + @ModelAttribute(ANSWER_MODEL_KEY) + public BooleanAnswer userExists(@RequestParam("username") String username) { + return new BooleanAnswer(securityService.getSecurityDao().userExists( + username)); + } + + @RequestMapping("/createUser.security") + @ModelAttribute(ANSWER_MODEL_KEY) + public ArgeoUser createUser(Reader reader) { + ArgeoUser user = (ArgeoUser) userDeserializer.deserialize(reader); + // cleanUserBeforeCreate(user); + securityService.newUser(user); + return securityService.getSecurityDao().getUser(user.getUsername()); + } + + @RequestMapping("/updateUser.security") + @ModelAttribute(ANSWER_MODEL_KEY) + public ArgeoUser updateUser(Reader reader) { + ArgeoUser user = (ArgeoUser) userDeserializer.deserialize(reader); + securityService.updateUser(user); + return securityService.getSecurityDao().getUser(user.getUsername()); + } + + /* + * @RequestMapping("/createUser2.security") + * + * @ModelAttribute(ANSWER_MODEL_KEY) public ArgeoUser + * createUser(@RequestParam("body") String body) { if (log.isDebugEnabled()) + * log.debug("body:\n" + body); StringReader reader = new + * StringReader(body); ArgeoUser user = null; try { user = (ArgeoUser) + * userDeserializer.deserialize(reader); } finally { + * IOUtils.closeQuietly(reader); } cleanUserBeforeCreate(user); + * securityService.newUser(user); return + * securityService.getSecurityDao().getUser(user.getUsername()); } + */ + + @RequestMapping("/deleteUser.security") + @ModelAttribute(ANSWER_MODEL_KEY) + public ServerAnswer deleteUser(@RequestParam("username") String username) { + securityService.getSecurityDao().delete(username); + return ServerAnswer.ok("User " + username + " deleted"); + } - return ArgeoUserDetails.createBasicArgeoUser(authentication); + @RequestMapping("/getUserDetails.security") + @ModelAttribute(ANSWER_MODEL_KEY) + public ArgeoUser getUserDetails(@RequestParam("username") String username) { + return securityService.getSecurityDao().getUser(username); } + + /* ROLE */ + @RequestMapping("/getRolesList.security") + @ModelAttribute(ANSWER_MODEL_KEY) + public List getEditableRolesList() { + return securityService.getSecurityDao().listEditableRoles(); + } + + @RequestMapping("/createRole.security") + @ModelAttribute(ANSWER_MODEL_KEY) + public ServerAnswer createRole(@RequestParam("role") String role) { + securityService.newRole(role); + return ServerAnswer.ok("Role " + role + " created"); + } + + @RequestMapping("/deleteRole.security") + @ModelAttribute(ANSWER_MODEL_KEY) + public ServerAnswer deleteRole(@RequestParam("role") String role) { + securityService.getSecurityDao().deleteRole(role); + return ServerAnswer.ok("Role " + role + " deleted"); + } + + @RequestMapping("/updateUserPassword.security") + @ModelAttribute(ANSWER_MODEL_KEY) + public ServerAnswer updateUserPassword( + @RequestParam("username") String username, + @RequestParam("password") String password) { + securityService.updateUserPassword(username, password); + return ServerAnswer.ok("Password updated for user " + username); + } + + @RequestMapping("/updatePassword.security") + @ModelAttribute(ANSWER_MODEL_KEY) + public ServerAnswer updatePassword( + @RequestParam("password") String password, + @RequestParam("oldPassword") String oldPassword) { + securityService.getSecurityDao().updatePassword(oldPassword, password); + return ServerAnswer.ok("Password updated"); + } + + // protected void cleanUserBeforeCreate(ArgeoUser user) { + // user.getUserNatures().clear(); + // } + + public void setUserDeserializer(ServerDeserializer userDeserializer) { + this.userDeserializer = userDeserializer; + } + + public void setSecurityService(ArgeoSecurityService securityService) { + this.securityService = securityService; + } + }