role = role.trim().toUpperCase();
if (!role.startsWith(rolePrefix))
role = rolePrefix + role;
- if (securityService.getSecurityDao().listEditableRoles().contains(role))
+ if (securityService.listEditableRoles().contains(role))
throw new ArgeoException("Role " + role + " already exists");
securityService.newRole(role);
rolesView.refresh();
user.getUserNatures().put(SimpleUserNature.TYPE,
new SimpleUserNature());
} else
- user = securityService.getSecurityDao().getUser(username);
+ user = securityService.getUser(username);
this.setPartProperty("name", username != null ? username : "<new user>");
setPartName(username != null ? username : "<new user>");
}
// TODO: make it more generic
findPage(DefaultUserMainPage.ID).doSave(monitor);
- if (securityService.getSecurityDao().userExists(user.getUsername()))
+ if (securityService.userExists(user.getUsername()))
securityService.updateUser(user);
else {
securityService.newUser(user);
private class RolesContentProvider implements IStructuredContentProvider {
public Object[] getElements(Object inputElement) {
- return securityService.getSecurityDao().listEditableRoles()
- .toArray();
+ return securityService.listEditableRoles().toArray();
}
public void dispose() {
private class RolesContentProvider implements IStructuredContentProvider {
public Object[] getElements(Object inputElement) {
- return securityService.getSecurityDao().listEditableRoles()
- .toArray();
+ return securityService.listEditableRoles().toArray();
}
public void dispose() {
private class UsersContentProvider implements IStructuredContentProvider {
public Object[] getElements(Object inputElement) {
- return securityService.getSecurityDao().listUsers().toArray();
+ return securityService.listUsers().toArray();
}
public void dispose() {
package org.argeo.security;
-import java.util.List;
+import java.util.Set;
/**
* Access to the users and roles referential (dependent from the underlying
// public ArgeoUser getCurrentUser();
/** List all users */
- public List<ArgeoUser> listUsers();
+ public Set<ArgeoUser> listUsers();
/** List roles that can be modified */
- public List<String> listEditableRoles();
+ public Set<String> listEditableRoles();
/**
* Creates a new user in the underlying storage. <b>DO NOT CALL DIRECTLY</b>
* use {@link ArgeoSecurityService#newUser(ArgeoUser)} instead.
*/
- public void create(ArgeoUser user);
+ public void createUser(ArgeoUser user);
- public void update(ArgeoUser user);
+ public void updateUser(ArgeoUser user);
- public void delete(String username);
+ public void deleteUser(String username);
/**
* Creates a new role in the underlying storage. <b>DO NOT CALL DIRECTLY</b>
public void deleteRole(String role);
/** List all users having this role. */
- public List<ArgeoUser> listUsersInRole(String role);
+ public Set<ArgeoUser> listUsersInRole(String role);
public Boolean userExists(String username);
package org.argeo.security;
-import java.util.List;
/**
* High level access to the user referential (independent from the underlying
* storage).
*/
-public interface ArgeoSecurityService {
- public ArgeoUser getCurrentUser();
-
- public void newUser(ArgeoUser argeoUser);
-
- public void updateUser(ArgeoUser user);
-
- public void updateUserPassword(String username, String password);
-
- public void updateCurrentUserPassword(String oldPassword, String newPassword);
-
- public void newRole(String role);
-
- public ArgeoSecurityDao getSecurityDao();
-
- public Runnable wrapWithSystemAuthentication(final Runnable runnable);
-
- /** List users having this role (except the super user). */
- public List<ArgeoUser> listUsersInRole(String role);
-
+public interface ArgeoSecurityService extends CurrentUserService,
+ UserAdminService {
}
--- /dev/null
+package org.argeo.security;
+
+import java.util.Map;
+
+public interface CurrentUserService {
+ public ArgeoUser getCurrentUser();
+
+ public void updateCurrentUserPassword(String oldPassword, String newPassword);
+
+ public void updateCurrentUserNatures(Map<String, UserNature> userNatures);
+
+}
* Read-write implementation of an Argeo user. Typically initialized with a
* generic instance (read-only9 in order to modify a user.
*/
-public class SimpleArgeoUser implements ArgeoUser, Serializable {
+public class SimpleArgeoUser implements ArgeoUser, Serializable,
+ Comparable<ArgeoUser> {
private static final long serialVersionUID = 1L;
private String username;
"Could not find a user nature of type " + type);
}
- // for (int i = 0; i < userNatures.size(); i++) {
- // String type = userNatures.get(i).getType();
- // boolean found = false;
- // for (int j = 0; j < userNatures.size(); j++) {
- // String newType = userNaturesData.get(j).getType();
- // if (type.equals(newType))
- // found = true;
- // }
- // if (!found)
- // throw new ArgeoException(
- // "Could not find a user nature of type " + type);
- // }
-
for (String key : userNatures.keySet()) {
userNatures.put(key, userNaturesData.get(key));
}
}
+ @Override
+ public boolean equals(Object obj) {
+ if (!(obj instanceof ArgeoUser))
+ return false;
+ return ((ArgeoUser) obj).getUsername().equals(username);
+ }
+
+ public int compareTo(ArgeoUser o) {
+ return username.compareTo(o.getUsername());
+ }
+
+ @Override
+ public int hashCode() {
+ return username.hashCode();
+ }
+
@Override
public String toString() {
return username;
--- /dev/null
+package org.argeo.security;
+
+import java.util.Set;
+
+public interface UserAdminService {
+ /*
+ * USERS
+ */
+ public void newUser(ArgeoUser argeoUser);
+
+ public ArgeoUser getUser(String username);
+
+ public Set<ArgeoUser> listUsers();
+
+ public Boolean userExists(String username);
+
+ public void updateUser(ArgeoUser user);
+
+ public void updateUserPassword(String username, String password);
+
+ /** List users having this role (except the super user). */
+ public Set<ArgeoUser> listUsersInRole(String role);
+
+ public void deleteUser(String username);
+
+ /*
+ * ROLES
+ */
+ public void newRole(String role);
+
+ public Set<String> listEditableRoles();
+
+ public void deleteRole(String role);
+
+ /*
+ * SYSTEM
+ */
+ public Runnable wrapWithSystemAuthentication(final Runnable runnable);
+}
package org.argeo.security.core;
import java.util.Iterator;
-import java.util.List;
+import java.util.Map;
+import java.util.Set;
import org.argeo.ArgeoException;
import org.argeo.security.ArgeoSecurity;
import org.argeo.security.ArgeoSecurityService;
import org.argeo.security.ArgeoUser;
import org.argeo.security.SimpleArgeoUser;
+import org.argeo.security.UserNature;
import org.springframework.core.task.SimpleAsyncTaskExecutor;
import org.springframework.core.task.TaskExecutor;
import org.springframework.security.Authentication;
SimpleArgeoUser user = new SimpleArgeoUser(
securityDao.getUser(username));
user.setPassword(securityDao.encodePassword(password));
- securityDao.update(user);
+ securityDao.updateUser(user);
}
public void updateCurrentUserPassword(String oldPassword, String newPassword) {
if (!securityDao.isPasswordValid(user.getPassword(), oldPassword))
throw new ArgeoException("Old password is not correct.");
user.setPassword(securityDao.encodePassword(newPassword));
- securityDao.update(user);
+ securityDao.updateUser(user);
}
public void newUser(ArgeoUser user) {
((SimpleArgeoUser) user).setPassword(securityDao
.encodePassword(user.getPassword()));
}
- securityDao.create(user);
+ securityDao.createUser(user);
+ }
+
+ public ArgeoUser getUser(String username) {
+ return securityDao.getUser(username);
+ }
+
+ public Boolean userExists(String username) {
+ return securityDao.userExists(username);
}
public void updateUser(ArgeoUser user) {
password = securityDao.encodePassword(user.getPassword());
SimpleArgeoUser simpleArgeoUser = new SimpleArgeoUser(user);
simpleArgeoUser.setPassword(password);
- securityDao.update(simpleArgeoUser);
+ securityDao.updateUser(simpleArgeoUser);
+ }
+
+ public void deleteUser(String username) {
+ securityDao.deleteUser(username);
+
+ }
+
+ public void deleteRole(String role) {
+ securityDao.deleteRole(role);
}
public TaskExecutor createSystemAuthenticatedTaskExecutor() {
};
}
- public List<ArgeoUser> listUsersInRole(String role) {
- List<ArgeoUser> lst = securityDao.listUsersInRole(role);
+ public Set<ArgeoUser> listUsersInRole(String role) {
+ Set<ArgeoUser> lst = securityDao.listUsersInRole(role);
Iterator<ArgeoUser> it = lst.iterator();
while (it.hasNext()) {
if (it.next().getUsername()
return lst;
}
+ public void updateCurrentUserNatures(Map<String, UserNature> userNatures) {
+ // TODO Auto-generated method stub
+
+ }
+
+ public Set<ArgeoUser> listUsers() {
+ return securityDao.listUsers();
+ }
+
+ public Set<String> listEditableRoles() {
+ // TODO Auto-generated method stub
+ return securityDao.listEditableRoles();
+ }
+
public void setArgeoSecurity(ArgeoSecurity argeoSecurity) {
this.argeoSecurity = argeoSecurity;
}
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
-import java.util.ArrayList;
+import java.util.Collections;
import java.util.List;
import java.util.Random;
+import java.util.Set;
+import java.util.TreeSet;
import javax.naming.Name;
import javax.naming.NamingException;
}
}
- public synchronized void create(ArgeoUser user) {
+ public synchronized void createUser(ArgeoUser user) {
userDetailsManager.createUser(new ArgeoUserDetails(user));
}
// }
@SuppressWarnings("unchecked")
- public synchronized List<ArgeoUser> listUsers() {
+ public synchronized Set<ArgeoUser> listUsers() {
List<String> usernames = (List<String>) ldapTemplate.listBindings(
new DistinguishedName(userBase), new ContextMapper() {
public Object mapFromContext(Object ctxArg) {
}
});
- List<ArgeoUser> lst = new ArrayList<ArgeoUser>();
+ TreeSet<ArgeoUser> lst = new TreeSet<ArgeoUser>();
for (String username : usernames) {
lst.add(createSimpleArgeoUser(getDetails(username)));
}
- return lst;
+ return Collections.unmodifiableSortedSet(lst);
}
@SuppressWarnings("unchecked")
- public List<String> listEditableRoles() {
- return (List<String>) ldapTemplate.listBindings(groupBase,
- new ContextMapper() {
+ public Set<String> listEditableRoles() {
+ return Collections.unmodifiableSortedSet(new TreeSet<String>(
+ ldapTemplate.listBindings(groupBase, new ContextMapper() {
public Object mapFromContext(Object ctxArg) {
String groupName = ((DirContextAdapter) ctxArg)
.getStringAttribute(groupRoleAttributeName);
String roleName = convertGroupToRole(groupName);
return roleName;
}
- });
+ })));
}
@SuppressWarnings("unchecked")
- public List<ArgeoUser> listUsersInRole(String role) {
- return (List<ArgeoUser>) ldapTemplate.lookup(
+ public Set<ArgeoUser> listUsersInRole(String role) {
+ return (Set<ArgeoUser>) ldapTemplate.lookup(
buildGroupDn(convertRoleToGroup(role)), new ContextMapper() {
public Object mapFromContext(Object ctxArg) {
DirContextAdapter ctx = (DirContextAdapter) ctxArg;
String[] userDns = ctx
.getStringAttributes(groupMemberAttributeName);
- List<ArgeoUser> lst = new ArrayList<ArgeoUser>();
+ TreeSet<ArgeoUser> set = new TreeSet<ArgeoUser>();
for (String userDn : userDns) {
DistinguishedName dn = new DistinguishedName(userDn);
String username = dn
.getValue(usernameAttributeName);
- lst.add(createSimpleArgeoUser(getDetails(username)));
+ set.add(createSimpleArgeoUser(getDetails(username)));
}
- return lst;
+ return Collections.unmodifiableSortedSet(set);
}
});
}
- public synchronized void update(ArgeoUser user) {
+ public synchronized void updateUser(ArgeoUser user) {
ArgeoUserDetails argeoUserDetails = new ArgeoUserDetails(user);
userDetailsManager.updateUser(new ArgeoUserDetails(user));
// refresh logged in user
}
}
- public synchronized void delete(String username) {
+ public synchronized void deleteUser(String username) {
userDetailsManager.deleteUser(username);
}
--- /dev/null
+package org.argeo.security.nature;
+
+import org.argeo.security.AbstractUserNature;
+
+/**
+ * Argeo infrastructure user nature. People with access to the infrastructure
+ * must be properly identified.
+ */
+public class InfrastructureUserNature extends AbstractUserNature {
+ private static final long serialVersionUID = 1L;
+
+ private String mobile;
+ private String telephoneNumber;
+ private String postalAddress;
+ private String postalCode;
+ private String city;
+ private String countryCode;
+
+ public String getMobile() {
+ return mobile;
+ }
+
+ public void setMobile(String mobile) {
+ this.mobile = mobile;
+ }
+
+ public String getTelephoneNumber() {
+ return telephoneNumber;
+ }
+
+ public void setTelephoneNumber(String telephoneNumber) {
+ this.telephoneNumber = telephoneNumber;
+ }
+
+ public String getPostalAddress() {
+ return postalAddress;
+ }
+
+ public void setPostalAddress(String postalAddress) {
+ this.postalAddress = postalAddress;
+ }
+
+ public String getPostalCode() {
+ return postalCode;
+ }
+
+ public void setPostalCode(String postalCode) {
+ this.postalCode = postalCode;
+ }
+
+ public String getCity() {
+ return city;
+ }
+
+ public void setCity(String city) {
+ this.city = city;
+ }
+
+ public String getCountryCode() {
+ return countryCode;
+ }
+
+ public void setCountryCode(String countryCode) {
+ this.countryCode = countryCode;
+ }
+
+}
--- /dev/null
+package org.argeo.security.nature;
+
+import org.argeo.security.AbstractUserNature;
+
+/** User with access to POSIX operating systems*/
+public class PosixAccountNature extends AbstractUserNature {
+ private static final long serialVersionUID = 1L;
+
+ private Integer uidNumber;
+ private Integer gidNumber;
+ private String homeDirectory;
+ private String authorizedKeys;
+
+ public Integer getUidNumber() {
+ return uidNumber;
+ }
+
+ public void setUidNumber(Integer uidNumber) {
+ this.uidNumber = uidNumber;
+ }
+
+ public Integer getGidNumber() {
+ return gidNumber;
+ }
+
+ public void setGidNumber(Integer gidNumber) {
+ this.gidNumber = gidNumber;
+ }
+
+ public String getHomeDirectory() {
+ return homeDirectory;
+ }
+
+ public void setHomeDirectory(String homeDirectory) {
+ this.homeDirectory = homeDirectory;
+ }
+
+ public String getAuthorizedKeys() {
+ return authorizedKeys;
+ }
+
+ public void setAuthorizedKeys(String authorizedKeys) {
+ this.authorizedKeys = authorizedKeys;
+ }
+}
package org.argeo.security.mvc;
import java.io.Reader;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.List;
+import java.util.Set;
-import org.apache.commons.codec.binary.Base64;
import org.argeo.security.ArgeoSecurityService;
import org.argeo.security.ArgeoUser;
import org.argeo.security.SimpleArgeoUser;
// private final static Log log = LogFactory
// .getLog(UsersRolesController.class);
- private String digestType = "SHA";
+ // private String digestType = "SHA";
private ArgeoSecurityService securityService;
@RequestMapping("/getUsersList.*")
@ModelAttribute("users")
- public List<ArgeoUser> getUsersList() {
- return securityService.getSecurityDao().listUsers();
+ public Set<ArgeoUser> getUsersList() {
+ return securityService.listUsers();
}
@RequestMapping("/userExists.*")
public BooleanAnswer userExists(@RequestParam("username") String username) {
- return new BooleanAnswer(securityService.getSecurityDao().userExists(
- username));
+ return new BooleanAnswer(securityService.userExists(username));
}
@RequestMapping("/createUser.*")
SimpleArgeoUser.class);
// cleanUserBeforeCreate(user);
securityService.newUser(user);
- return securityService.getSecurityDao().getUser(user.getUsername());
+ return securityService.getUser(user.getUsername());
}
@RequestMapping("/updateUser.*")
ArgeoUser user = userDeserializer.deserialize(reader,
SimpleArgeoUser.class);
securityService.updateUser(user);
- return securityService.getSecurityDao().getUser(user.getUsername());
+ return securityService.getUser(user.getUsername());
}
@RequestMapping("/updateUserSelf.*")
SimpleArgeoUser.class);
user.updateUserNatures(userForNatures.getUserNatures());
securityService.updateUser(user);
- return securityService.getSecurityDao().getUser(user.getUsername());
+ return securityService.getUser(user.getUsername());
}
@RequestMapping("/deleteUser.*")
public ServerAnswer deleteUser(@RequestParam("username") String username) {
- securityService.getSecurityDao().delete(username);
+ securityService.deleteUser(username);
return ServerAnswer.ok("User " + username + " deleted");
}
@RequestMapping("/getUserDetails.*")
@ModelAttribute("user")
public ArgeoUser getUserDetails(@RequestParam("username") String username) {
- return securityService.getSecurityDao().getUser(username);
+ return securityService.getUser(username);
}
/* ROLE */
@RequestMapping("/getRolesList.*")
@ModelAttribute("roles")
- public List<String> getEditableRolesList() {
- return securityService.getSecurityDao().listEditableRoles();
+ public Set<String> getEditableRolesList() {
+ return securityService.listEditableRoles();
}
@RequestMapping("/createRole.*")
@RequestMapping("/deleteRole.*")
public ServerAnswer deleteRole(@RequestParam("role") String role) {
- securityService.getSecurityDao().deleteRole(role);
+ securityService.deleteRole(role);
return ServerAnswer.ok("Role " + role + " deleted");
}
public ServerAnswer updateUserPassword(
@RequestParam("username") String username,
@RequestParam("password") String password) {
- securityService.updateUserPassword(username,
- digestIfNecessary(password));
+ securityService.updateUserPassword(username, password);
return ServerAnswer.ok("Password updated for user " + username);
}
public ServerAnswer updatePassword(
@RequestParam("oldPassword") String oldPassword,
@RequestParam("password") String password) {
- securityService.updateCurrentUserPassword(
- digestIfNecessary(oldPassword), digestIfNecessary(password));
+ securityService.updateCurrentUserPassword(oldPassword, password);
return ServerAnswer.ok("Password updated");
}
- protected String digestIfNecessary(String str) {
- if (!str.startsWith("{" + digestType + "}"))
- return digest(str);
- else
- return str;
- }
-
- protected String digest(String nonEncrypted) {
- try {
- MessageDigest md = MessageDigest.getInstance(digestType);
- byte[] dig = md.digest(nonEncrypted.getBytes());
- return "{" + digestType + "}"
- + new String(Base64.encodeBase64(dig));
- } catch (NoSuchAlgorithmException e) {
- throw new RuntimeException(
- "Unexpected exception while digesting password");
- }
- }
+ // protected String digestIfNecessary(String str) {
+ //
+ // if (!str.startsWith("{" + digestType + "}"))
+ // return digest(str);
+ // else
+ // return str;
+ // }
+
+ // protected String digest(String nonEncrypted) {
+ // try {
+ // MessageDigest md = MessageDigest.getInstance(digestType);
+ // byte[] dig = md.digest(nonEncrypted.getBytes());
+ // return "{" + digestType + "}"
+ // + new String(Base64.encodeBase64(dig));
+ // } catch (NoSuchAlgorithmException e) {
+ // throw new RuntimeException(
+ // "Unexpected exception while digesting password");
+ // }
+ // }
public void setUserDeserializer(Deserializer userDeserializer) {
this.userDeserializer = userDeserializer;