org.argeo.node.repo.jackrabbit,\
org.argeo.security.manager.ldap,\
org.argeo.security.services,\
+org.argeo.security.services.admin,\
com.springsource.javax.servlet,\
org.argeo.security.equinox,\
org.eclipse.core.runtime,\
cardinality="0..N" />\r
\r
<!-- SERVICES -->\r
- <service ref="passwordEncoder"\r
- interface="org.springframework.security.providers.encoding.PasswordEncoder" />\r
<service ref="authenticationProvider"\r
interface="org.springframework.security.providers.AuthenticationProvider"\r
context-class-loader="service-provider" />\r
- <service ref="securityDao" interface="org.argeo.security.ArgeoSecurityDao"\r
+ <service ref="securityDao" interface="org.argeo.security.CurrentUserDao"\r
+ context-class-loader="service-provider" />\r
+ <service ref="securityDao" interface="org.argeo.security.UserAdminDao"\r
context-class-loader="service-provider" />\r
<service ref="userDetailsService"\r
interface="org.springframework.security.userdetails.UserDetailsService"\r
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="systemPropertiesModeName" value="SYSTEM_PROPERTIES_MODE_OVERRIDE" />
<property name="locations">
- <value>osgibundle:ldap.properties
- </value>
+ <value>osgibundle:ldap.properties</value>
</property>
</bean>
<bean id="securityDao" class="org.argeo.security.ldap.ArgeoSecurityDaoLdap">
<constructor-arg ref="contextSource" />
<property name="userNatureMappers" ref="userNatureMappers" />
+ <property name="passwordEncoder" ref="passwordEncoder" />
</bean>
<bean id="userDetailsService" factory-bean="securityDao"
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">\r
\r
<!-- REFERENCES -->\r
- <reference id="passwordEncoder"\r
- interface="org.springframework.security.providers.encoding.PasswordEncoder" />\r
-\r
- <reference id="securityDao" interface="org.argeo.security.ArgeoSecurityDao" />\r
-\r
- <list id="authenticationProviders"\r
- interface="org.springframework.security.providers.AuthenticationProvider"\r
- cardinality="0..N">\r
- <listener ref="authenticationManager" bind-method="register"\r
- unbind-method="unregister" />\r
- </list>\r
+ <reference id="userAdminDao" interface="org.argeo.security.UserAdminDao" />\r
\r
<!-- SERVICES -->\r
-<!-- <service ref="securityService" interface="org.argeo.security.ArgeoSecurityService" /> -->\r
- <service ref="securityService" interface="org.argeo.security.CurrentUserService" />\r
<service ref="securityService" interface="org.argeo.security.UserAdminService" />\r
- <service ref="systemExecutionService" interface="org.argeo.security.SystemExecutionService" />\r
-\r
- <service ref="authenticationManager"\r
- interface="org.springframework.security.AuthenticationManager" />\r
</beans:beans>
\ No newline at end of file
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
- <bean
- class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
- <property name="systemPropertiesModeName" value="SYSTEM_PROPERTIES_MODE_OVERRIDE" />
- <property name="locations">
- <value>osgibundle:security.properties
- </value>
- </property>
+ <bean id="securityService" class="org.argeo.security.core.DefaultUserAdminService">
+ <property name="userAdminDao" ref="userAdminDao" />
</bean>
-
- <bean id="securityService" class="org.argeo.security.core.DefaultSecurityService">
- <property name="securityDao" ref="securityDao" />
- <property name="passwordEncoder" ref="passwordEncoder" />
- <property name="authenticationManager" ref="authenticationManager" />
- <property name="systemAuthenticationKey" value="${argeo.security.systemKey}" />
- </bean>
-
- <bean id="systemExecutionService" class="org.argeo.security.core.KeyBasedSystemExecutionService">
- <property name="authenticationManager" ref="authenticationManager" />
- <property name="systemAuthenticationKey" value="${argeo.security.systemKey}" />
- </bean>
-
- <bean id="authenticationManager" class="org.argeo.security.core.ArgeoAuthenticationManager">
- <property name="providers">
- <list>
- <bean class="org.springframework.security.adapters.AuthByAdapterProvider">
- <property name="key" value="${argeo.security.systemKey}" />
- </bean>
- <bean
- class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
- <property name="key" value="${argeo.security.systemKey}" />
- </bean>
- </list>
- </property>
- </bean>
-
-
- <!-- <bean id="rememberMeAuthenticationProvider" -->
- <!-- class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider"> -->
- <!-- <property name="key" value="${argeo.security.systemKey}" /> -->
- <!-- </bean> -->
-
</beans>
\ No newline at end of file
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">\r
\r
<!-- REFERENCES -->\r
- <reference id="passwordEncoder"\r
- interface="org.springframework.security.providers.encoding.PasswordEncoder" />\r
-\r
- <reference id="securityDao" interface="org.argeo.security.ArgeoSecurityDao" />\r
+ <reference id="currentUserDao" interface="org.argeo.security.CurrentUserDao" />\r
\r
<list id="authenticationProviders"\r
interface="org.springframework.security.providers.AuthenticationProvider"\r
</list>\r
\r
<!-- SERVICES -->\r
-<!-- <service ref="securityService" interface="org.argeo.security.ArgeoSecurityService" /> -->\r
<service ref="securityService" interface="org.argeo.security.CurrentUserService" />\r
- <service ref="securityService" interface="org.argeo.security.UserAdminService" />\r
<service ref="systemExecutionService" interface="org.argeo.security.SystemExecutionService" />\r
\r
<service ref="authenticationManager"\r
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="systemPropertiesModeName" value="SYSTEM_PROPERTIES_MODE_OVERRIDE" />
<property name="locations">
- <value>osgibundle:security.properties
- </value>
+ <value>osgibundle:security.properties</value>
</property>
</bean>
- <bean id="securityService" class="org.argeo.security.core.DefaultSecurityService">
- <property name="securityDao" ref="securityDao" />
- <property name="passwordEncoder" ref="passwordEncoder" />
- <property name="authenticationManager" ref="authenticationManager" />
- <property name="systemAuthenticationKey" value="${argeo.security.systemKey}" />
+ <bean id="securityService" class="org.argeo.security.core.DefaultCurrentUserService">
+ <property name="currentUserDao" ref="currentUserDao" />
</bean>
<bean id="systemExecutionService" class="org.argeo.security.core.KeyBasedSystemExecutionService">
</list>
</property>
</bean>
-
-
- <!-- <bean id="rememberMeAuthenticationProvider" -->
- <!-- class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider"> -->
- <!-- <property name="key" value="${argeo.security.systemKey}" /> -->
- <!-- </bean> -->
-
</beans>
\ No newline at end of file
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security;
-
-/** Callback related to the lifecycle of a user. */
-public interface ArgeoSecurity {
- /**
- * Called before a user is actually created. Default user natures and roles
- * should be added there.
- */
- public void beforeCreate(ArgeoUser user);
-
- public String getSuperUsername();
-}
* Access to user backend for the currently logged in user
*/
public interface CurrentUserDao {
- public void updateUser(ArgeoUser user);
+ public void updateCurrentUserPassword(String oldPassword, String newPassword);
public String getDefaultRole();
/** List roles that can be modified */
public Set<String> listEditableRoles();
+ public void updateUser(ArgeoUser user);
+
+ public void updateUserPassword(String username, String password);
+
/**
* Creates a new user in the underlying storage. <b>DO NOT CALL DIRECTLY</b>
* use {@link ArgeoSecurityService#newUser(ArgeoUser)} instead.
public Set<String> listEditableRoles();
public void deleteRole(String role);
-
- /*
- * SYSTEM
- */
- @Deprecated
- /** @deprecated Use ${link SystemExecutionService} instead.*/
- public Runnable wrapWithSystemAuthentication(final Runnable runnable);
}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security.core;
-
-import org.argeo.security.ArgeoUser;
-import org.argeo.security.ArgeoSecurity;
-import org.argeo.security.nature.SimpleUserNature;
-
-/** Holds deployment specific security information. */
-public class DefaultArgeoSecurity implements ArgeoSecurity {
- private String superUsername = "root";
-
- public void beforeCreate(ArgeoUser user) {
- SimpleUserNature simpleUserNature;
- try {
- simpleUserNature = SimpleUserNature
- .findSimpleUserNature(user, null);
- } catch (Exception e) {
- simpleUserNature = new SimpleUserNature();
- user.getUserNatures().put("simpleUserNature", simpleUserNature);
- }
-
- if (simpleUserNature.getLastName() == null
- || simpleUserNature.getLastName().equals(""))
- simpleUserNature.setLastName("empty");// to prevent issue with sn in
- // LDAP
-
- }
-
- public String getSuperUsername() {
- return superUsername;
- }
-
- public void setSuperUsername(String superUsername) {
- this.superUsername = superUsername;
- }
-
-}
package org.argeo.security.core;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
import java.util.Map;
-import java.util.Random;
-import org.argeo.ArgeoException;
import org.argeo.security.ArgeoUser;
import org.argeo.security.CurrentUserDao;
import org.argeo.security.CurrentUserService;
-import org.argeo.security.SimpleArgeoUser;
import org.argeo.security.UserNature;
-import org.springframework.security.providers.encoding.PasswordEncoder;
public class DefaultCurrentUserService implements CurrentUserService {
private CurrentUserDao currentUserDao;
- private PasswordEncoder passwordEncoder;
- private Random random;
public DefaultCurrentUserService() {
- try {
- random = SecureRandom.getInstance("SHA1PRNG");
- } catch (NoSuchAlgorithmException e) {
- random = new Random(System.currentTimeMillis());
- }
}
public ArgeoUser getCurrentUser() {
}
public void updateCurrentUserPassword(String oldPassword, String newPassword) {
- SimpleArgeoUser user = new SimpleArgeoUser(getCurrentUser());
- if (!passwordEncoder.isPasswordValid(user.getPassword(), oldPassword,
- null))
- throw new ArgeoException("Old password is not correct.");
- user.setPassword(encodePassword(newPassword));
- currentUserDao.updateUser(user);
- }
-
- protected String encodePassword(String password) {
- byte[] salt = new byte[16];
- random.nextBytes(salt);
- return passwordEncoder.encodePassword(password, salt);
+ currentUserDao.updateCurrentUserPassword(oldPassword, newPassword);
}
public void updateCurrentUserNatures(Map<String, UserNature> userNatures) {
public void setCurrentUserDao(CurrentUserDao dao) {
this.currentUserDao = dao;
}
-
- public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
- this.passwordEncoder = passwordEncoder;
- }
-
}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security.core;
-
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-import org.argeo.security.ArgeoSecurity;
-import org.argeo.security.ArgeoSecurityDao;
-import org.argeo.security.ArgeoSecurityService;
-import org.argeo.security.ArgeoUser;
-import org.argeo.security.SimpleArgeoUser;
-import org.argeo.security.UserAdminService;
-import org.springframework.core.task.SimpleAsyncTaskExecutor;
-import org.springframework.core.task.TaskExecutor;
-import org.springframework.security.Authentication;
-import org.springframework.security.AuthenticationManager;
-import org.springframework.security.context.SecurityContext;
-import org.springframework.security.context.SecurityContextHolder;
-
-public class DefaultSecurityService extends DefaultCurrentUserService implements
- UserAdminService, ArgeoSecurityService {
- private ArgeoSecurity argeoSecurity = new DefaultArgeoSecurity();
- private ArgeoSecurityDao securityDao;
- private AuthenticationManager authenticationManager;
-
- private String systemAuthenticationKey;
-
- public ArgeoSecurityDao getSecurityDao() {
- return securityDao;
- }
-
- public void newRole(String role) {
- securityDao.createRole(role, argeoSecurity.getSuperUsername());
- }
-
- public void updateUserPassword(String username, String password) {
- SimpleArgeoUser user = new SimpleArgeoUser(
- securityDao.getUser(username));
- user.setPassword(encodePassword(password));
- securityDao.updateUser(user);
- }
-
- public void newUser(ArgeoUser user) {
- argeoSecurity.beforeCreate(user);
- // normalize password
- if (user instanceof SimpleArgeoUser) {
- if (user.getPassword() == null || user.getPassword().equals(""))
- ((SimpleArgeoUser) user).setPassword(encodePassword(user
- .getUsername()));
- else if (!user.getPassword().startsWith("{"))
- ((SimpleArgeoUser) user).setPassword(encodePassword(user
- .getPassword()));
- }
- securityDao.createUser(user);
- }
-
- public ArgeoUser getUser(String username) {
- return securityDao.getUser(username);
- }
-
- public Boolean userExists(String username) {
- return securityDao.userExists(username);
- }
-
- public void updateUser(ArgeoUser user) {
- String password = user.getPassword();
- if (password == null)
- password = securityDao.getUserWithPassword(user.getUsername())
- .getPassword();
- if (!password.startsWith("{"))
- password = encodePassword(user.getPassword());
- SimpleArgeoUser simpleArgeoUser = new SimpleArgeoUser(user);
- simpleArgeoUser.setPassword(password);
- securityDao.updateUser(simpleArgeoUser);
- }
-
- public void deleteUser(String username) {
- securityDao.deleteUser(username);
-
- }
-
- public void deleteRole(String role) {
- securityDao.deleteRole(role);
- }
-
- @Deprecated
- public TaskExecutor createSystemAuthenticatedTaskExecutor() {
- return new SimpleAsyncTaskExecutor() {
- private static final long serialVersionUID = -8126773862193265020L;
-
- @Override
- public Thread createThread(Runnable runnable) {
- return super
- .createThread(wrapWithSystemAuthentication(runnable));
- }
-
- };
- }
-
- /**
- * Wraps another runnable, adding security context <br/>
- * TODO: secure the call to this method with Java Security
- */
- @Deprecated
- public Runnable wrapWithSystemAuthentication(final Runnable runnable) {
- return new Runnable() {
-
- public void run() {
- SecurityContext securityContext = SecurityContextHolder
- .getContext();
- Authentication auth = authenticationManager
- .authenticate(new InternalAuthentication(
- systemAuthenticationKey));
- securityContext.setAuthentication(auth);
-
- runnable.run();
- }
- };
- }
-
- public Set<ArgeoUser> listUsersInRole(String role) {
- Set<ArgeoUser> lst = new HashSet<ArgeoUser>(
- securityDao.listUsersInRole(role));
- Iterator<ArgeoUser> it = lst.iterator();
- while (it.hasNext()) {
- if (it.next().getUsername()
- .equals(argeoSecurity.getSuperUsername())) {
- it.remove();
- break;
- }
- }
- return lst;
- }
-
- public Set<ArgeoUser> listUsers() {
- return securityDao.listUsers();
- }
-
- public Set<String> listEditableRoles() {
- // TODO Auto-generated method stub
- return securityDao.listEditableRoles();
- }
-
- public void setArgeoSecurity(ArgeoSecurity argeoSecurity) {
- this.argeoSecurity = argeoSecurity;
- }
-
- public void setSecurityDao(ArgeoSecurityDao dao) {
- this.securityDao = dao;
- setCurrentUserDao(dao);
- }
-
- public void setAuthenticationManager(
- AuthenticationManager authenticationManager) {
- this.authenticationManager = authenticationManager;
- }
-
- public void setSystemAuthenticationKey(String systemAuthenticationKey) {
- this.systemAuthenticationKey = systemAuthenticationKey;
- }
-}
--- /dev/null
+/*
+ * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.argeo.security.core;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import org.argeo.security.ArgeoUser;
+import org.argeo.security.UserAdminDao;
+import org.argeo.security.UserAdminService;
+import org.argeo.security.nature.SimpleUserNature;
+
+public class DefaultUserAdminService implements UserAdminService {
+ private String superUsername = "root";
+ private UserAdminDao userAdminDao;
+
+ public void newRole(String role) {
+ userAdminDao.createRole(role, getSuperUsername());
+ }
+
+ public void updateUserPassword(String username, String password) {
+ userAdminDao.updateUserPassword(username, password);
+ }
+
+ public void newUser(ArgeoUser user) {
+ // pre-process
+ SimpleUserNature simpleUserNature;
+ try {
+ simpleUserNature = SimpleUserNature
+ .findSimpleUserNature(user, null);
+ } catch (Exception e) {
+ simpleUserNature = new SimpleUserNature();
+ user.getUserNatures().put("simpleUserNature", simpleUserNature);
+ }
+
+ if (simpleUserNature.getLastName() == null
+ || simpleUserNature.getLastName().equals("")) {
+ // to prevent issue with sn in LDAP
+ simpleUserNature.setLastName("empty");
+ }
+
+ userAdminDao.createUser(user);
+ }
+
+ public ArgeoUser getUser(String username) {
+ return userAdminDao.getUser(username);
+ }
+
+ public Boolean userExists(String username) {
+ return userAdminDao.userExists(username);
+ }
+
+ public void updateUser(ArgeoUser user) {
+ userAdminDao.updateUser(user);
+ }
+
+ public void deleteUser(String username) {
+ userAdminDao.deleteUser(username);
+
+ }
+
+ public void deleteRole(String role) {
+ userAdminDao.deleteRole(role);
+ }
+
+ public Set<ArgeoUser> listUsersInRole(String role) {
+ Set<ArgeoUser> lst = new HashSet<ArgeoUser>(
+ userAdminDao.listUsersInRole(role));
+ Iterator<ArgeoUser> it = lst.iterator();
+ while (it.hasNext()) {
+ if (it.next().getUsername().equals(getSuperUsername())) {
+ it.remove();
+ break;
+ }
+ }
+ return lst;
+ }
+
+ public Set<ArgeoUser> listUsers() {
+ return userAdminDao.listUsers();
+ }
+
+ public Set<String> listEditableRoles() {
+ return userAdminDao.listEditableRoles();
+ }
+
+ // TODO: expose it via the interface as well?
+ public String getSuperUsername() {
+ return superUsername;
+ }
+
+ public void setUserAdminDao(UserAdminDao userAdminDao) {
+ this.userAdminDao = userAdminDao;
+ }
+
+}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security.core;
-
-import org.argeo.security.ArgeoSecurityService;
-import org.springframework.core.task.SimpleAsyncTaskExecutor;
-
-public class SystemAuthenticatedTaskExecutor extends SimpleAsyncTaskExecutor {
- private static final long serialVersionUID = 453384889461147359L;
-
- private ArgeoSecurityService securityService;
-
- @Override
- public Thread createThread(Runnable runnable) {
- return super.createThread(securityService
- .wrapWithSystemAuthentication(runnable));
- }
-
- public void setSecurityService(ArgeoSecurityService securityService) {
- this.securityService = securityService;
- }
-
-}
import static org.argeo.security.core.ArgeoUserDetails.createSimpleArgeoUser;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
import java.util.Collections;
import java.util.List;
+import java.util.Random;
import java.util.Set;
import java.util.TreeSet;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
-import org.argeo.security.ArgeoSecurityDao;
+import org.argeo.ArgeoException;
import org.argeo.security.ArgeoUser;
import org.argeo.security.CurrentUserDao;
import org.argeo.security.SimpleArgeoUser;
import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator;
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.providers.encoding.PasswordEncoder;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsManager;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.ldap.LdapUserDetailsService;
import org.springframework.security.userdetails.ldap.UserDetailsContextMapper;
-public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, CurrentUserDao,
- UserAdminDao, InitializingBean {
+public class ArgeoSecurityDaoLdap implements CurrentUserDao, UserAdminDao,
+ InitializingBean {
// private final static Log log = LogFactory.getLog(UserDaoLdap.class);
private UserDetailsManager userDetailsManager;
private LdapUserDetailsService ldapUserDetailsService;
private List<UserNatureMapper> userNatureMappers;
+ private PasswordEncoder passwordEncoder;
+ private Random random;
+
public ArgeoSecurityDaoLdap(BaseLdapPathContextSource contextSource) {
this.contextSource = contextSource;
ldapTemplate = new LdapTemplate(this.contextSource);
+
+ try {
+ random = SecureRandom.getInstance("SHA1PRNG");
+ } catch (NoSuchAlgorithmException e) {
+ random = new Random(System.currentTimeMillis());
+ }
}
public void afterPropertiesSet() throws Exception {
}
public synchronized void createUser(ArgeoUser user) {
+ // normalize password
+ if (user instanceof SimpleArgeoUser) {
+ if (user.getPassword() == null || user.getPassword().equals(""))
+ ((SimpleArgeoUser) user).setPassword(encodePassword(user
+ .getUsername()));
+ else if (!user.getPassword().startsWith("{"))
+ ((SimpleArgeoUser) user).setPassword(encodePassword(user
+ .getPassword()));
+ }
userDetailsManager.createUser(new ArgeoUserDetails(user));
}
}
public synchronized void updateUser(ArgeoUser user) {
+ // normalize password
+ String password = user.getPassword();
+ if (password == null)
+ password = getUserWithPassword(user.getUsername()).getPassword();
+ if (!password.startsWith("{"))
+ password = encodePassword(user.getPassword());
+ SimpleArgeoUser simpleArgeoUser = new SimpleArgeoUser(user);
+ simpleArgeoUser.setPassword(password);
+
ArgeoUserDetails argeoUserDetails = new ArgeoUserDetails(user);
userDetailsManager.updateUser(new ArgeoUserDetails(user));
// refresh logged in user
}
}
+ public void updateCurrentUserPassword(String oldPassword, String newPassword) {
+ SimpleArgeoUser user = new SimpleArgeoUser(
+ ArgeoUserDetails.securityContextUser());
+ if (!passwordEncoder.isPasswordValid(user.getPassword(), oldPassword,
+ null))
+ throw new ArgeoException("Old password is not correct.");
+ user.setPassword(encodePassword(newPassword));
+ updateUser(user);
+ }
+
+ public void updateUserPassword(String username, String password) {
+ SimpleArgeoUser user = new SimpleArgeoUser(getUser(username));
+ user.setPassword(encodePassword(password));
+ updateUser(user);
+ }
+
+ protected String encodePassword(String password) {
+ byte[] salt = new byte[16];
+ random.nextBytes(salt);
+ return passwordEncoder.encodePassword(password, salt);
+ }
+
public synchronized void deleteUser(String username) {
userDetailsManager.deleteUser(username);
}
return ldapUserDetailsService;
}
+ public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
+ this.passwordEncoder = passwordEncoder;
+ }
+
}