org.argeo.security.jcr,
org.argeo.security.ldap,
org.argeo.security.ldap.jcr,
- org.argeo.security.ldap.nature,
- org.argeo.security.nature,
org.springframework.beans.factory.config,
org.springframework.ldap.core.support,
org.springframework.security,
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">\r
\r
<!-- REFERENCES -->\r
- <!-- <list id="userNatureMappers" interface="org.argeo.security.ldap.UserNatureMapper" -->\r
- <!-- cardinality="0..N" /> -->\r
- <!-- <reference id="repositoryFactory" interface="javax.jcr.RepositoryFactory" -->\r
- <!-- cardinality="0..1"> -->\r
- <!-- <listener ref="jcrUserDetailsContextMapper" bind-method="register" -->\r
- <!-- unbind-method="unregister" /> -->\r
- <!-- </reference> -->\r
<reference id="nodeRepository" interface="javax.jcr.Repository"\r
filter="(argeo.jcr.repository.alias=node)" />\r
<reference id="systemExecutionService" interface="org.argeo.security.SystemExecutionService" />\r
interface="org.springframework.security.providers.AuthenticationProvider"\r
context-class-loader="service-provider" />\r
\r
- <service ref="securityDao" interface="org.argeo.security.CurrentUserDao"\r
- context-class-loader="service-provider" />\r
- <service ref="securityDao" interface="org.argeo.security.UserAdminDao"\r
- context-class-loader="service-provider" />\r
<service ref="userDetailsManager"\r
interface="org.springframework.security.userdetails.UserDetailsService"\r
context-class-loader="service-provider" />\r
<service ref="userDetailsManager"\r
interface="org.springframework.security.userdetails.UserDetailsManager"\r
context-class-loader="service-provider" />\r
+ <service ref="userDetailsManager" interface="org.argeo.security.UserAdminService"\r
+ context-class-loader="service-provider" />\r
</beans:beans>
\ No newline at end of file
<!-- </bean> -->
<!-- USER DETAILS -->
- <bean id="securityDao" class="org.argeo.security.ldap.ArgeoSecurityDaoLdap">
+ <bean id="userAdminDao" class="org.argeo.security.ldap.ArgeoSecurityDaoLdap">
<constructor-arg ref="contextSource" />
<property name="userBase" value="${argeo.ldap.userBase}" />
<property name="usernameAttribute" value="${argeo.ldap.usernameAttribute}" />
<property name="groupMemberAttribute" value="${argeo.ldap.groupMemberAttribute}" />
<property name="defaultRole" value="${argeo.security.defaultRole}" />
<property name="rolePrefix" value="${argeo.security.rolePrefix}" />
- <property name="passwordEncoder" ref="passwordEncoder" />
<property name="usernameMapper" ref="usernameMapper" />
- <property name="userDetailsManager" ref="userDetailsManager" />
</bean>
<bean id="usernameMapper"
<property name="groupMemberAttributeName" value="${argeo.ldap.groupMemberAttribute}" />
<property name="usernameMapper" ref="usernameMapper" />
<property name="userDetailsMapper" ref="jcrUserDetailsContextMapper" />
+ <property name="userAdminDao" ref="userAdminDao" />
<property name="passwordEncoder" ref="passwordEncoder" />
<property name="passwordAttributeName" value="${argeo.ldap.passwordAttribute}" />
</bean>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>\r
-<beans:beans xmlns="http://www.springframework.org/schema/osgi"\r
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"\r
- xsi:schemaLocation="http://www.springframework.org/schema/osgi \r
- http://www.springframework.org/schema/osgi/spring-osgi-1.1.xsd\r
- http://www.springframework.org/schema/beans \r
- http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">\r
-\r
- <service interface="org.argeo.security.ldap.UserNatureMapper">\r
- <beans:bean name="simpleUser" class="org.argeo.security.ldap.nature.SimpleUserNatureMapper" />\r
- </service>\r
-\r
- <service interface="org.argeo.security.ldap.UserNatureMapper">\r
- <beans:bean name="coworker" class="org.argeo.security.ldap.nature.CoworkerUserNatureMapper" />\r
- </service>\r
-\r
-</beans:beans>
\ No newline at end of file
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">\r
\r
<!-- REFERENCES -->\r
- <!-- Cardinality is 0, in order to let a bundle providing the DAO while \r
- depending on the system execution service. The dependency will then have \r
- been satisfied when the first user tries to log-in. -->\r
- <reference id="currentUserDao" interface="org.argeo.security.CurrentUserDao"\r
- cardinality="0..1" />\r
-\r
<list id="authenticationProviders"\r
interface="org.springframework.security.providers.AuthenticationProvider"\r
cardinality="0..N">\r
</list>\r
\r
<!-- SERVICES -->\r
- <service ref="securityService" interface="org.argeo.security.CurrentUserService" />\r
<service ref="systemExecutionService" interface="org.argeo.security.SystemExecutionService" />\r
\r
<service ref="authenticationManager"\r
</property>
</bean>
- <bean id="securityService" class="org.argeo.security.core.DefaultCurrentUserService">
- <property name="currentUserDao" ref="currentUserDao" />
- </bean>
-
<bean id="systemExecutionService" class="org.argeo.security.core.KeyBasedSystemExecutionService">
<property name="authenticationManager" ref="authenticationManager" />
<property name="systemAuthenticationKey" value="${argeo.security.systemKey}" />
loginException.initCause(e);
throw loginException;
}
- // }
}
@Override
public boolean logout() throws LoginException {
- // if (log.isDebugEnabled())
- // log.debug("logout subject=" + subject);
+ subject.getPrincipals().clear();
return super.logout();
}
class="org.argeo.security.ui.admin.commands.OpenArgeoUserEditor"
scope="prototype" />
- <bean id="newArgeoUserEditor" class="org.argeo.security.ui.admin.commands.NewUser"
+ <bean id="newUser" class="org.argeo.security.ui.admin.commands.NewUser"
scope="prototype">
- <property name="session" ref="nodeSession" />
- <property name="userDetailsManager" ref="userDetailsManager" />
+ <property name="session" ref="session" />
+ <property name="userAdminService" ref="userAdminService" />
</bean>
<bean id="addRole" class="org.argeo.security.ui.admin.commands.AddRole"
</bean>
<bean id="refreshUsersList" class="org.argeo.security.ui.admin.commands.RefreshUsersList"
- scope="prototype" />
+ scope="prototype">
+ <property name="userAdminService" ref="userAdminService" />
+ </bean>
</beans>
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\r
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">\r
\r
- <bean id="nodeSession" class="org.argeo.security.jcr.SecureThreadBoundSession">\r
+ <bean id="session" class="org.argeo.security.jcr.SecureThreadBoundSession">\r
<property name="repository" ref="nodeRepository" />\r
</bean>\r
</beans>
\ No newline at end of file
<bean id="adminArgeoUserEditor" class="org.argeo.security.ui.admin.editors.ArgeoUserEditor"
scope="prototype">
<property name="userAdminService" ref="userAdminService" />
- <property name="userDetailsManager" ref="userDetailsManager" />
+ <property name="session" ref="session" />
</bean>
</beans>
<reference id="nodeRepository" interface="javax.jcr.Repository"\r
filter="(argeo.jcr.repository.alias=node)" />\r
<reference id="userAdminService" interface="org.argeo.security.UserAdminService" />\r
- <reference id="currentUserService" interface="org.argeo.security.CurrentUserService" />\r
- <reference id="userDetailsManager"\r
- interface="org.springframework.security.userdetails.UserDetailsManager" />\r
</beans:beans>
\ No newline at end of file
<bean id="adminUsersView" class="org.argeo.security.ui.admin.views.UsersView"
scope="prototype">
-<!-- <property name="userAdminService" ref="userAdminService" /> -->
- <property name="session" ref="nodeSession" />
+ <property name="session" ref="session" />
</bean>
+
<bean id="adminRolesView" class="org.argeo.security.ui.admin.views.RolesView"
scope="prototype">
<property name="userAdminService" ref="userAdminService" />
</command>
<command
defaultHandler="org.argeo.eclipse.spring.SpringCommandHandler"
- id="org.argeo.security.ui.admin.newArgeoUserEditor"
- name="OpenArgeoUserEditor">
+ id="org.argeo.security.ui.admin.newUser"
+ name="New User">
</command>
<command
defaultHandler="org.argeo.eclipse.spring.SpringCommandHandler"
<menuContribution
locationURI="toolbar:org.argeo.security.ui.admin.adminUsersView">
<command
- commandId="org.argeo.security.ui.admin.newArgeoUserEditor"
+ commandId="org.argeo.security.ui.admin.newUser"
icon="icons/add.gif"
label="Add User"
tooltip="Add new user">
import org.eclipse.ui.IEditorReference;
import org.eclipse.ui.IWorkbenchPage;
import org.eclipse.ui.handlers.HandlerUtil;
-import org.eclipse.ui.internal.EditorReference;
/** Add a new role. */
public class AddRole extends AbstractHandler {
import javax.jcr.Session;
+import org.argeo.security.UserAdminService;
import org.argeo.security.ui.admin.wizards.NewUserWizard;
import org.eclipse.core.commands.AbstractHandler;
import org.eclipse.core.commands.ExecutionEvent;
import org.eclipse.core.commands.ExecutionException;
import org.eclipse.jface.wizard.WizardDialog;
import org.eclipse.ui.handlers.HandlerUtil;
-import org.springframework.security.userdetails.UserDetailsManager;
/** Command handler to set visible or open a Argeo user. */
public class NewUser extends AbstractHandler {
private Session session;
- private UserDetailsManager userDetailsManager;
+ private UserAdminService userAdminService;
public Object execute(ExecutionEvent event) throws ExecutionException {
try {
NewUserWizard newUserWizard = new NewUserWizard(session,
- userDetailsManager);
+ userAdminService);
WizardDialog dialog = new WizardDialog(
HandlerUtil.getActiveShell(event), newUserWizard);
dialog.open();
} catch (Exception e) {
- throw new ExecutionException("Cannot open editor", e);
+ throw new ExecutionException("Cannot open wizard", e);
}
return null;
}
this.session = session;
}
- public void setUserDetailsManager(UserDetailsManager userDetailsManager) {
- this.userDetailsManager = userDetailsManager;
+ public void setUserAdminService(UserAdminService userAdminService) {
+ this.userAdminService = userAdminService;
}
}
package org.argeo.security.ui.admin.commands;
+import org.argeo.security.UserAdminService;
import org.argeo.security.ui.admin.views.UsersView;
import org.eclipse.core.commands.AbstractHandler;
import org.eclipse.core.commands.ExecutionEvent;
/** Refresh the main EBI list. */
public class RefreshUsersList extends AbstractHandler {
+ private UserAdminService userAdminService;
public Object execute(ExecutionEvent event) throws ExecutionException {
+ userAdminService.synchronize();
UsersView view = (UsersView) HandlerUtil
.getActiveWorkbenchWindow(event).getActivePage()
.findView(UsersView.ID);
return null;
}
+ public void setUserAdminService(UserAdminService userAdminService) {
+ this.userAdminService = userAdminService;
+ }
+
}
\ No newline at end of file
package org.argeo.security.ui.admin.editors;
import javax.jcr.Node;
+import javax.jcr.Session;
import org.argeo.ArgeoException;
import org.argeo.jcr.ArgeoNames;
-import org.argeo.security.ArgeoUser;
-import org.argeo.security.SimpleArgeoUser;
+import org.argeo.jcr.JcrUtils;
import org.argeo.security.UserAdminService;
import org.argeo.security.jcr.JcrUserDetails;
-import org.argeo.security.nature.SimpleUserNature;
import org.argeo.security.ui.admin.SecurityAdminPlugin;
import org.argeo.security.ui.admin.views.UsersView;
import org.eclipse.core.runtime.IProgressMonitor;
import org.eclipse.ui.IWorkbench;
import org.eclipse.ui.PartInitException;
import org.eclipse.ui.forms.editor.FormEditor;
-import org.springframework.security.userdetails.UserDetailsManager;
/** Editor for an Argeo user. */
public class ArgeoUserEditor extends FormEditor {
public final static String ID = "org.argeo.security.ui.admin.adminArgeoUserEditor";
- private ArgeoUser user;
private JcrUserDetails userDetails;
private Node userHome;
private UserAdminService userAdminService;
- private UserDetailsManager userDetailsManager;
+ private Session session;
public void init(IEditorSite site, IEditorInput input)
throws PartInitException {
super.init(site, input);
- userHome = ((ArgeoUserEditorInput) getEditorInput()).getUserHome();
String username = ((ArgeoUserEditorInput) getEditorInput())
.getUsername();
+ userHome = JcrUtils.getUserHome(session, username);
- userDetails = (JcrUserDetails) userDetailsManager
+ userDetails = (JcrUserDetails) userAdminService
.loadUserByUsername(username);
- if (username == null) {// new
- user = new SimpleArgeoUser();
- user.getUserNatures().put(SimpleUserNature.TYPE,
- new SimpleUserNature());
- } else
- user = userAdminService.getUser(username);
-
this.setPartProperty("name", username != null ? username : "<new user>");
setPartName(username != null ? username : "<new user>");
}
.getRoles());
}
- userDetailsManager.updateUser(userDetails);
+ userAdminService.updateUser(userDetails);
// if (userAdminService.userExists(user.getUsername()))
// userAdminService.updateUser(user);
this.userAdminService = userAdminService;
}
- public void setUserDetailsManager(UserDetailsManager userDetailsManager) {
- this.userDetailsManager = userDetailsManager;
+ public void setSession(Session session) {
+ this.session = session;
}
-
}
package org.argeo.security.ui.admin.editors;
-import javax.jcr.Node;
-import javax.jcr.PathNotFoundException;
-import javax.jcr.RepositoryException;
-import javax.jcr.ValueFormatException;
-
-import org.argeo.ArgeoException;
-import org.argeo.jcr.ArgeoNames;
import org.eclipse.jface.resource.ImageDescriptor;
import org.eclipse.ui.IEditorInput;
import org.eclipse.ui.IPersistableElement;
/** Editor input for an Argeo user. */
public class ArgeoUserEditorInput implements IEditorInput {
private final String username;
- private final Node userHome;
- @Deprecated
public ArgeoUserEditorInput(String username) {
this.username = username;
- this.userHome = null;
- }
-
- public ArgeoUserEditorInput(Node userHome) {
- try {
- this.username = userHome.getProperty(ArgeoNames.ARGEO_USER_ID)
- .getString();
- this.userHome = userHome;
- } catch (RepositoryException e) {
- throw new ArgeoException("Cannot initialize editor input for "
- + userHome, e);
- }
}
public Object getAdapter(@SuppressWarnings("rawtypes") Class adapter) {
public String getUsername() {
return username;
}
-
- public Node getUserHome() {
- return userHome;
- }
-
}
package org.argeo.security.ui.admin.views;
-import java.util.ArrayList;
-
import org.argeo.ArgeoException;
-import org.argeo.security.ArgeoUser;
import org.argeo.security.UserAdminService;
import org.argeo.security.ui.admin.SecurityAdminPlugin;
import org.argeo.security.ui.admin.commands.AddRole;
-import org.argeo.security.ui.admin.commands.OpenArgeoUserEditor;
-import org.eclipse.core.commands.Command;
-import org.eclipse.core.commands.IParameter;
-import org.eclipse.core.commands.Parameterization;
-import org.eclipse.core.commands.ParameterizedCommand;
-import org.eclipse.jface.viewers.DoubleClickEvent;
-import org.eclipse.jface.viewers.IDoubleClickListener;
import org.eclipse.jface.viewers.IStructuredContentProvider;
-import org.eclipse.jface.viewers.IStructuredSelection;
import org.eclipse.jface.viewers.ITableLabelProvider;
import org.eclipse.jface.viewers.LabelProvider;
import org.eclipse.jface.viewers.TableViewer;
import org.eclipse.swt.widgets.Table;
import org.eclipse.swt.widgets.Text;
import org.eclipse.ui.IWorkbench;
-import org.eclipse.ui.IWorkbenchWindow;
-import org.eclipse.ui.commands.ICommandService;
import org.eclipse.ui.handlers.IHandlerService;
import org.eclipse.ui.part.ViewPart;
viewer.setContentProvider(new RolesContentProvider());
viewer.setLabelProvider(new UsersLabelProvider());
viewer.setInput(getViewSite());
- viewer.addDoubleClickListener(new ViewDoubleClickListener());
}
@Override
}
- class ViewDoubleClickListener implements IDoubleClickListener {
- public void doubleClick(DoubleClickEvent evt) {
- Object obj = ((IStructuredSelection) evt.getSelection())
- .getFirstElement();
-
- if (obj instanceof ArgeoUser) {
- ArgeoUser argeoUser = (ArgeoUser) obj;
-
- IWorkbench iw = SecurityAdminPlugin.getDefault().getWorkbench();
- IHandlerService handlerService = (IHandlerService) iw
- .getService(IHandlerService.class);
- try {
- String commandId = OpenArgeoUserEditor.COMMAND_ID;
- String paramName = OpenArgeoUserEditor.PARAM_USERNAME;
-
- // TODO: factorize this
- // execute related command
- IWorkbenchWindow window = iw.getActiveWorkbenchWindow();
- ICommandService cmdService = (ICommandService) window
- .getService(ICommandService.class);
- Command cmd = cmdService.getCommand(commandId);
- ArrayList<Parameterization> parameters = new ArrayList<Parameterization>();
- IParameter iparam = cmd.getParameter(paramName);
- Parameterization param = new Parameterization(iparam,
- argeoUser.getUsername());
- parameters.add(param);
- ParameterizedCommand pc = new ParameterizedCommand(cmd,
- parameters.toArray(new Parameterization[parameters
- .size()]));
- handlerService = (IHandlerService) window
- .getService(IHandlerService.class);
- handlerService.executeCommand(pc, null);
- } catch (Exception e) {
- throw new ArgeoException("Cannot open editor", e);
- }
-
- }
- }
- }
-
public String getNewRole() {
return newRole.getText();
}
import javax.jcr.query.Query;
import org.argeo.ArgeoException;
-import org.argeo.eclipse.ui.dialogs.Error;
import org.argeo.jcr.ArgeoNames;
import org.argeo.jcr.ArgeoTypes;
-import org.argeo.security.ArgeoUser;
import org.argeo.security.ui.admin.SecurityAdminPlugin;
import org.argeo.security.ui.admin.commands.OpenArgeoUserEditor;
-import org.argeo.security.ui.admin.editors.ArgeoUserEditor;
-import org.argeo.security.ui.admin.editors.ArgeoUserEditorInput;
import org.eclipse.core.commands.Command;
import org.eclipse.core.commands.IParameter;
import org.eclipse.core.commands.Parameterization;
import org.eclipse.swt.widgets.TableColumn;
import org.eclipse.ui.IWorkbench;
import org.eclipse.ui.IWorkbenchWindow;
-import org.eclipse.ui.PartInitException;
import org.eclipse.ui.commands.ICommandService;
import org.eclipse.ui.handlers.IHandlerService;
import org.eclipse.ui.part.ViewPart;
} catch (RepositoryException e) {
throw new ArgeoException("Cannot get text", e);
}
-
- // String currentUsername = CurrentUser.getUsername();
- // String currentUsername = "";
- // ArgeoUser user = (ArgeoUser) element;
- // SimpleUserNature simpleNature = SimpleUserNature
- // .findSimpleUserNature(user, simpleNatureType);
- // switch (columnIndex) {
- // case 0:
- // String userName = user.getUsername();
- // if (userName.equals(currentUsername))
- // userName = userName + "*";
- // return userName;
- // case 1:
- // return simpleNature.getFirstName();
- // case 2:
- // return simpleNature.getLastName();
- // case 3:
- // return simpleNature.getEmail();
- // default:
- // throw new ArgeoException("Unmanaged column " + columnIndex);
- // }
}
public Image getColumnImage(Object element, int columnIndex) {
- // TODO Auto-generated method stub
return null;
}
Object obj = ((IStructuredSelection) evt.getSelection())
.getFirstElement();
if (obj instanceof Node) {
- try {
- IWorkbench iw = SecurityAdminPlugin.getDefault()
- .getWorkbench();
- iw.getActiveWorkbenchWindow()
- .getActivePage()
- .openEditor(new ArgeoUserEditorInput((Node) obj),
- ArgeoUserEditor.ID);
- } catch (PartInitException e) {
- Error.show("Cannot open user editor for " + obj, e);
- }
- } else if (obj instanceof ArgeoUser) {
- ArgeoUser argeoUser = (ArgeoUser) obj;
-
IWorkbench iw = SecurityAdminPlugin.getDefault().getWorkbench();
IHandlerService handlerService = (IHandlerService) iw
.getService(IHandlerService.class);
try {
+ String username = ((Node) obj).getProperty(ARGEO_USER_ID)
+ .getString();
String commandId = OpenArgeoUserEditor.COMMAND_ID;
String paramName = OpenArgeoUserEditor.PARAM_USERNAME;
ArrayList<Parameterization> parameters = new ArrayList<Parameterization>();
IParameter iparam = cmd.getParameter(paramName);
Parameterization param = new Parameterization(iparam,
- argeoUser.getUsername());
+ username);
parameters.add(param);
ParameterizedCommand pc = new ParameterizedCommand(cmd,
parameters.toArray(new Parameterization[parameters
import org.eclipse.swt.layout.GridLayout;
import org.eclipse.swt.widgets.Composite;
import org.eclipse.swt.widgets.Text;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.UsernameNotFoundException;
public class MainUserInfoWizardPage extends WizardPage implements
ModifyListener, ArgeoNames {
private Text username, firstName, lastName, primaryEmail, password1,
password2;
+ private UserAdminService userAdminService;
- public MainUserInfoWizardPage() {
+ public MainUserInfoWizardPage(UserAdminService userAdminService) {
super("Main");
+ this.userAdminService = userAdminService;
setTitle("Required Information");
}
protected String checkComplete() {
if (!username.getText().matches(UserAdminService.USERNAME_PATTERN))
return "Wrong user name format, should be lower case, between 3 and 15 characters with only '_' as acceptable special character.";
+ try {
+ UserDetails userDetails = userAdminService
+ .loadUserByUsername(username.getText());
+ return "User " + userDetails.getUsername() + " alreayd exists";
+ } catch (UsernameNotFoundException e) {
+ // silent
+ }
if (!primaryEmail.getText().matches(UserAdminService.EMAIL_PATTERN))
return "Not a valid email address";
if (firstName.getText().trim().equals(""))
import org.argeo.eclipse.ui.dialogs.Error;
import org.argeo.jcr.ArgeoNames;
import org.argeo.jcr.JcrUtils;
+import org.argeo.security.UserAdminService;
import org.argeo.security.jcr.JcrUserDetails;
import org.eclipse.jface.wizard.Wizard;
import org.springframework.security.GrantedAuthority;
-import org.springframework.security.userdetails.UserDetailsManager;
/** Wizard to create a new user */
public class NewUserWizard extends Wizard {
private String homeBasePath = "/home";
private Session session;
- private UserDetailsManager userDetailsManager;
+ private UserAdminService userAdminService;
// pages
private MainUserInfoWizardPage mainUserInfo;
- public NewUserWizard(Session session, UserDetailsManager userDetailsManager) {
+ public NewUserWizard(Session session, UserAdminService userAdminService) {
this.session = session;
- this.userDetailsManager = userDetailsManager;
+ this.userAdminService = userAdminService;
}
@Override
public void addPages() {
- mainUserInfo = new MainUserInfoWizardPage();
+ mainUserInfo = new MainUserInfoWizardPage(userAdminService);
addPage(mainUserInfo);
}
@Override
public boolean performFinish() {
+ if (!canFinish())
+ return false;
+
try {
String username = mainUserInfo.getUsername();
+ session.save();
Node userHome = JcrUtils.createUserHome(session, homeBasePath,
username);
Node userProfile = userHome.getNode(ArgeoNames.ARGEO_PROFILE);
userHome.getPath(), username, password, true, true, true,
true, new GrantedAuthority[0]);
session.save();
- userDetailsManager.createUser(jcrUserDetails);
+ userAdminService.createUser(jcrUserDetails);
return true;
} catch (Exception e) {
JcrUtils.discardQuietly(session);
showViewMenuAction = ActionFactory.SHOW_VIEW_MENU.create(window);
register(showViewMenuAction);
- // logoutAction = ActionFactory.QUIT.create(window);
+ // logout
+ logoutAction = createLogoutAction();
+ register(logoutAction);
+
+ // Save semantics
+ saveAction = ActionFactory.SAVE.create(window);
+ register(saveAction);
+ saveAllAction = ActionFactory.SAVE_ALL.create(window);
+ register(saveAllAction);
+ closeAllAction = ActionFactory.CLOSE_ALL.create(window);
+ register(closeAllAction);
+
+ }
+ protected IAction createLogoutAction() {
Subject subject = null;
try {
subject = SecureRapActivator.getLoginContext().getSubject();
}
final Principal principal = subject.getPrincipals().iterator().next();
- logoutAction = new Action() {
+ IAction logoutAction = new Action() {
public String getId() {
return SecureRapActivator.ID + ".logoutAction";
}
Subject subject = SecureRapActivator.getLoginContext()
.getSubject();
String subjectStr = subject.toString();
+ subject.getPrincipals().clear();
SecureRapActivator.getLoginContext().logout();
log.info(subjectStr + " logged out");
} catch (LoginException e) {
}
};
- register(logoutAction);
-
- // Save semantics
- saveAction = ActionFactory.SAVE.create(window);
- register(saveAction);
- saveAllAction = ActionFactory.SAVE_ALL.create(window);
- register(saveAllAction);
- closeAllAction = ActionFactory.CLOSE_ALL.create(window);
- register(closeAllAction);
-
+ return logoutAction;
}
protected void fillMenuBar(IMenuManager menuBar) {
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextOutputCallback;
-import org.eclipse.jface.dialogs.IMessageProvider;
import org.eclipse.swt.SWT;
import org.eclipse.swt.events.ModifyEvent;
import org.eclipse.swt.events.ModifyListener;
}
protected Point getInitialSize() {
- return new Point(300, 150);
+ return new Point(300, 180);
}
protected Control createDialogArea(Composite parent) {
Composite dialogarea = (Composite) super.createDialogArea(parent);
- // dialogarea.setLayoutData(new GridData(SWT.FILL, SWT.FILL, true,
- // true));
Composite composite = new Composite(dialogarea, SWT.NONE);
composite.setLayout(new GridLayout(2, false));
composite.setLayoutData(new GridData(SWT.FILL, SWT.FILL, true, false));
private void createTextoutputHandler(Composite composite,
TextOutputCallback callback) {
- int messageType = callback.getMessageType();
- int dialogMessageType = IMessageProvider.NONE;
- switch (messageType) {
- case TextOutputCallback.INFORMATION:
- dialogMessageType = IMessageProvider.INFORMATION;
- break;
- case TextOutputCallback.WARNING:
- dialogMessageType = IMessageProvider.WARNING;
- break;
- case TextOutputCallback.ERROR:
- dialogMessageType = IMessageProvider.ERROR;
- break;
- }
- //setMessage(callback.getMessage(), dialogMessageType);
+ // TODO: find a way to pass this information
+ // int messageType = callback.getMessageType();
+ // int dialogMessageType = IMessageProvider.NONE;
+ // switch (messageType) {
+ // case TextOutputCallback.INFORMATION:
+ // dialogMessageType = IMessageProvider.INFORMATION;
+ // break;
+ // case TextOutputCallback.WARNING:
+ // dialogMessageType = IMessageProvider.WARNING;
+ // break;
+ // case TextOutputCallback.ERROR:
+ // dialogMessageType = IMessageProvider.ERROR;
+ // break;
+ // }
+ // setMessage(callback.getMessage(), dialogMessageType);
}
public void internalHandle() {
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security;
-
-
-/** A set of specific data attached to a user. */
-@Deprecated
-public abstract class AbstractUserNature implements UserNature {
- private static final long serialVersionUID = 1169323440459736478L;
-
- private String type;
-
- public String getType() {
- if (type != null)
- return type;
- else
- return getClass().getName();
- }
-
- public void setType(String type) {
- this.type = type;
- }
-
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security;
-
-
-/**
- * Access to the users and roles referential (dependent from the underlying
- * storage, e.g. LDAP).
- */
-@Deprecated
-public interface ArgeoSecurityDao extends CurrentUserDao,UserAdminDao{
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security;
-
-
-/**
- * High level access to the user referential (independent from the underlying
- * storage).
- */
-@Deprecated
-public interface ArgeoSecurityService extends CurrentUserService,
- UserAdminService {
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security;
-
-import java.util.List;
-import java.util.Map;
-
-/** Abstraction for a user. */
-public interface ArgeoUser {
- public String getUsername();
-
- @Deprecated
- public Map<String, UserNature> getUserNatures();
-
- /** Implementation should refuse to add new user natures via this method. */
- @Deprecated
- public void updateUserNatures(Map<String, UserNature> userNatures);
-
- public List<String> getRoles();
-
- public String getPassword();
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security;
-
-/**
- * Access to user backend for the currently logged in user
- */
-@Deprecated
-public interface CurrentUserDao {
- public void updateCurrentUserPassword(String oldPassword, String newPassword);
-
- @Deprecated
- public String getDefaultRole();
-
-}
+++ /dev/null
-package org.argeo.security;
-
-import java.util.Map;
-
-@Deprecated
-public interface CurrentUserService {
- public ArgeoUser getCurrentUser();
-
- public void updateCurrentUserPassword(String oldPassword, String newPassword);
-
- @Deprecated
- public void updateCurrentUserNatures(Map<String, UserNature> userNatures);
-
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security;
-
-import java.io.Serializable;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.argeo.ArgeoException;
-
-/**
- * Read-write implementation of an Argeo user. Typically initialized with a
- * generic instance (read-only9 in order to modify a user.
- */
-@Deprecated
-public class SimpleArgeoUser implements ArgeoUser, Serializable,
- Comparable<ArgeoUser> {
- private static final long serialVersionUID = 1L;
-
- private String username;
- private String password;
- private Map<String, UserNature> userNatures = new HashMap<String, UserNature>();
- private List<String> roles = new ArrayList<String>();
-
- public SimpleArgeoUser() {
-
- }
-
- public SimpleArgeoUser(ArgeoUser argeoUser) {
- username = argeoUser.getUsername();
- password = argeoUser.getPassword();
- userNatures = new HashMap<String, UserNature>(
- argeoUser.getUserNatures());
- roles = new ArrayList<String>(argeoUser.getRoles());
- }
-
- public Map<String, UserNature> getUserNatures() {
- return userNatures;
- }
-
- @Deprecated
- public void updateUserNatures(Map<String, UserNature> userNaturesData) {
- updateUserNaturesWithCheck(userNatures, userNaturesData);
- }
-
- @Deprecated
- public static void updateUserNaturesWithCheck(
- Map<String, UserNature> userNatures,
- Map<String, UserNature> userNaturesData) {
- // checks consistency
- if (userNatures.size() != userNaturesData.size())
- throw new ArgeoException(
- "It is forbidden to add or remove user natures via this method");
-
- for (String type : userNatures.keySet()) {
- if (!userNaturesData.containsKey(type))
- throw new ArgeoException(
- "Could not find a user nature of type " + type);
- }
-
- for (String key : userNatures.keySet()) {
- userNatures.put(key, userNaturesData.get(key));
- }
- }
-
- @Override
- public boolean equals(Object obj) {
- if (!(obj instanceof ArgeoUser))
- return false;
- return ((ArgeoUser) obj).getUsername().equals(username);
- }
-
- public int compareTo(ArgeoUser o) {
- return username.compareTo(o.getUsername());
- }
-
- @Override
- public int hashCode() {
- return username.hashCode();
- }
-
- @Override
- public String toString() {
- return username;
- }
-
- public List<String> getRoles() {
- return roles;
- }
-
- public String getUsername() {
- return username;
- }
-
- public void setUsername(String username) {
- this.username = username;
- }
-
- @Deprecated
- public void setUserNatures(Map<String, UserNature> userNatures) {
- this.userNatures = userNatures;
- }
-
- public void setRoles(List<String> roles) {
- this.roles = roles;
- }
-
- public String getPassword() {
- return password;
- }
-
- public void setPassword(String password) {
- this.password = password;
- }
-}
* Access to the users and roles referential (dependent from the underlying
* storage, e.g. LDAP).
*/
-public interface UserAdminDao{
+public interface UserAdminDao {
/** List all users */
- public Set<ArgeoUser> listUsers();
+ public Set<String> listUsers();
/** List roles that can be modified */
public Set<String> listEditableRoles();
- public void updateUser(ArgeoUser user);
-
- public void updateUserPassword(String username, String password);
-
- /**
- * Creates a new user in the underlying storage. <b>DO NOT CALL DIRECTLY</b>
- * use {@link ArgeoSecurityService#newUser(ArgeoUser)} instead.
- */
- public void createUser(ArgeoUser user);
-
- public void deleteUser(String username);
-
/**
* Creates a new role in the underlying storage. <b>DO NOT CALL DIRECTLY</b>
* use {@link ArgeoSecurityService#newRole(String)} instead.
public void deleteRole(String role);
/** List all users having this role. */
- public Set<ArgeoUser> listUsersInRole(String role);
-
- public Boolean userExists(String username);
-
- public ArgeoUser getUser(String username);
+ public Set<String> listUsersInRole(String role);
- public ArgeoUser getUserWithPassword(String username);
}
package org.argeo.security;
-import java.util.List;
import java.util.Set;
-public interface UserAdminService {
+import org.springframework.security.userdetails.UserDetailsManager;
+
+public interface UserAdminService extends UserDetailsManager{
/**
* Usernames must match this regexp pattern ({@value #USERNAME_PATTERN}).
* Thanks to <a href=
/*
* USERS
*/
- public void newUser(ArgeoUser argeoUser);
-
- public ArgeoUser getUser(String username);
-
- public Set<ArgeoUser> listUsers();
-
- public Boolean userExists(String username);
-
- public void updateUser(ArgeoUser user);
-
- public void updateUserPassword(String username, String password);
-
/** List users having this role (except the super user). */
- public Set<ArgeoUser> listUsersInRole(String role);
-
- public List<String> listUserRoles(String username);
-
- public void deleteUser(String username);
+ public Set<String> listUsersInRole(String role);
/** Synchronize with the underlying DAO. */
public void synchronize();
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security;
-
-import java.io.Serializable;
-
-/**
- * A set of specific data attached to a user. TODO: is this interface really
- * useful?
- */
-@Deprecated
-public interface UserNature extends Serializable {
- @Deprecated
- /** @deprecated will be removed soon*/
- public String getType();
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security.core;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.argeo.security.ArgeoUser;
-import org.argeo.security.SimpleArgeoUser;
-import org.argeo.security.UserNature;
-import org.springframework.security.Authentication;
-import org.springframework.security.GrantedAuthority;
-import org.springframework.security.GrantedAuthorityImpl;
-import org.springframework.security.context.SecurityContextHolder;
-import org.springframework.security.userdetails.User;
-import org.springframework.security.userdetails.UserDetails;
-
-@Deprecated
-public class ArgeoUserDetails extends User implements ArgeoUser {
- private static final long serialVersionUID = 1L;
- private final static Log log = LogFactory.getLog(ArgeoUserDetails.class);
-
- private final Map<String, UserNature> userNatures;
- private final List<String> roles;
-
- public ArgeoUserDetails(String username,
- Map<String, UserNature> userNatures, String password,
- GrantedAuthority[] authorities) throws IllegalArgumentException {
- super(username, password, true, true, true, true, authorities);
- this.userNatures = Collections.unmodifiableMap(userNatures);
-
- // Roles
- this.roles = Collections.unmodifiableList(addAuthoritiesToRoles(
- getAuthorities(), new ArrayList<String>()));
- }
-
- public ArgeoUserDetails(ArgeoUser argeoUser) {
- this(argeoUser.getUsername(), argeoUser.getUserNatures(), argeoUser
- .getPassword(), rolesToAuthorities(argeoUser.getRoles()));
- }
-
- public Map<String, UserNature> getUserNatures() {
- return userNatures;
- }
-
- public void updateUserNatures(Map<String, UserNature> userNaturesData) {
- SimpleArgeoUser
- .updateUserNaturesWithCheck(userNatures, userNaturesData);
- }
-
- public List<String> getRoles() {
- return roles;
- }
-
- /** The provided list, for chaining using {@link Collections} */
- public static List<String> addAuthoritiesToRoles(
- GrantedAuthority[] authorities, List<String> roles) {
- for (GrantedAuthority authority : authorities) {
- roles.add(authority.getAuthority());
- }
- return roles;
- }
-
- public static GrantedAuthority[] rolesToAuthorities(List<String> roles) {
- GrantedAuthority[] arr = new GrantedAuthority[roles.size()];
- for (int i = 0; i < roles.size(); i++) {
- String role = roles.get(i);
- if (log.isTraceEnabled())
- log.debug("Convert role " + role + " to authority (i=" + i
- + ")");
- arr[i] = new GrantedAuthorityImpl(role);
- }
- return arr;
- }
-
- public static SimpleArgeoUser createSimpleArgeoUser(UserDetails userDetails) {
- if (userDetails instanceof ArgeoUser) {
- return new SimpleArgeoUser((ArgeoUser) userDetails);
- } else {
- SimpleArgeoUser argeoUser = new SimpleArgeoUser();
- argeoUser.setUsername(userDetails.getUsername());
- addAuthoritiesToRoles(userDetails.getAuthorities(),
- argeoUser.getRoles());
- return argeoUser;
- }
- }
-
- /** Creates an argeo user based on spring authentication */
- public static ArgeoUser asArgeoUser(Authentication authentication) {
- if (authentication == null)
- return null;
-
- if (authentication.getPrincipal() instanceof ArgeoUser) {
- return new SimpleArgeoUser(
- (ArgeoUser) authentication.getPrincipal());
- } else {
- SimpleArgeoUser argeoUser = new SimpleArgeoUser();
- argeoUser.setUsername(authentication.getName());
- addAuthoritiesToRoles(authentication.getAuthorities(),
- argeoUser.getRoles());
- return argeoUser;
- }
- }
-
- /** The Spring security context as an argeo user */
- public static ArgeoUser securityContextUser() {
- Authentication authentication = SecurityContextHolder.getContext()
- .getAuthentication();
- ArgeoUser argeoUser = ArgeoUserDetails.asArgeoUser(authentication);
- return argeoUser;
- }
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security.core;
-
-import java.util.Map;
-
-import org.argeo.security.ArgeoUser;
-import org.argeo.security.CurrentUserDao;
-import org.argeo.security.CurrentUserService;
-import org.argeo.security.UserNature;
-
-@Deprecated
-public class DefaultCurrentUserService implements CurrentUserService {
- private CurrentUserDao currentUserDao;
-
- public DefaultCurrentUserService() {
- }
-
- public ArgeoUser getCurrentUser() {
- ArgeoUser argeoUser = ArgeoUserDetails.securityContextUser();
- if (argeoUser == null)
- return null;
- if (argeoUser.getRoles().contains(currentUserDao.getDefaultRole()))
- argeoUser.getRoles().remove(currentUserDao.getDefaultRole());
- return argeoUser;
- }
-
- public void updateCurrentUserPassword(String oldPassword, String newPassword) {
- currentUserDao.updateCurrentUserPassword(oldPassword, newPassword);
- }
-
- public void updateCurrentUserNatures(Map<String, UserNature> userNatures) {
- // TODO Auto-generated method stub
-
- }
-
- public void setCurrentUserDao(CurrentUserDao dao) {
- this.currentUserDao = dao;
- }
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security.core;
-
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-
-import org.argeo.security.ArgeoUser;
-import org.argeo.security.UserAdminDao;
-import org.argeo.security.UserAdminService;
-import org.argeo.security.nature.SimpleUserNature;
-
-public class DefaultUserAdminService implements UserAdminService {
- private String superUsername = "root";
- private UserAdminDao userAdminDao;
-
- public void newRole(String role) {
- userAdminDao.createRole(role, getSuperUsername());
- }
-
- public void updateUserPassword(String username, String password) {
- userAdminDao.updateUserPassword(username, password);
- }
-
- public void newUser(ArgeoUser user) {
- // pre-process
- SimpleUserNature simpleUserNature;
- try {
- simpleUserNature = SimpleUserNature
- .findSimpleUserNature(user, null);
- } catch (Exception e) {
- simpleUserNature = new SimpleUserNature();
- user.getUserNatures().put("simpleUserNature", simpleUserNature);
- }
-
- if (simpleUserNature.getLastName() == null
- || simpleUserNature.getLastName().equals("")) {
- // to prevent issue with sn in LDAP
- simpleUserNature.setLastName("empty");
- }
-
- userAdminDao.createUser(user);
- }
-
-
-
- public void synchronize() {
- // TODO Auto-generated method stub
-
- }
-
- public ArgeoUser getUser(String username) {
- return userAdminDao.getUser(username);
- }
-
- public Boolean userExists(String username) {
- return userAdminDao.userExists(username);
- }
-
- public void updateUser(ArgeoUser user) {
- userAdminDao.updateUser(user);
- }
-
- public void deleteUser(String username) {
- userAdminDao.deleteUser(username);
-
- }
-
- public void deleteRole(String role) {
- userAdminDao.deleteRole(role);
- }
-
- public Set<ArgeoUser> listUsersInRole(String role) {
- Set<ArgeoUser> lst = new HashSet<ArgeoUser>(
- userAdminDao.listUsersInRole(role));
- Iterator<ArgeoUser> it = lst.iterator();
- while (it.hasNext()) {
- if (it.next().getUsername().equals(getSuperUsername())) {
- it.remove();
- break;
- }
- }
- return lst;
- }
-
- public Set<ArgeoUser> listUsers() {
- return userAdminDao.listUsers();
- }
-
- public List<String> listUserRoles(String username) {
- return getUser(username).getRoles();
- }
-
- public Set<String> listEditableRoles() {
- return userAdminDao.listEditableRoles();
- }
-
- // TODO: expose it via the interface as well?
- public String getSuperUsername() {
- return superUsername;
- }
-
- public void setUserAdminDao(UserAdminDao userAdminDao) {
- this.userAdminDao = userAdminDao;
- }
-
-}
+++ /dev/null
-package org.argeo.security.jcr;
-
-import org.argeo.security.CurrentUserDao;
-
-public class CurrentUserDaoJcr implements CurrentUserDao {
- private String defaultRole= "ROLE_USER";
-
- public void updateCurrentUserPassword(String oldPassword, String newPassword) {
- throw new UnsupportedOperationException(
- "Updating passwords is not supported");
- }
-
- public String getDefaultRole() {
- return defaultRole;
- }
-
- public void setDefaultRole(String defaultRole) {
- this.defaultRole = defaultRole;
- }
-
-}
+++ /dev/null
-package org.argeo.security.jcr;
-
-import java.util.Map;
-
-import javax.jcr.Session;
-
-import org.argeo.ArgeoException;
-import org.argeo.security.ArgeoUser;
-import org.argeo.security.CurrentUserDao;
-import org.argeo.security.CurrentUserService;
-import org.argeo.security.UserNature;
-import org.springframework.security.Authentication;
-import org.springframework.security.context.SecurityContextHolder;
-
-public class CurrentUserServiceJcr implements CurrentUserService {
- private Session session;
- private CurrentUserDao currentUserDao;
-
- public ArgeoUser getCurrentUser() {
- Authentication authentication = SecurityContextHolder.getContext()
- .getAuthentication();
-
- Session userSession;
- if (authentication instanceof JcrAuthenticationToken) {
- userSession = ((JcrAuthenticationToken) authentication)
- .getSession();
- } else {
- if (session == null)
- throw new ArgeoException("No user JCR session available");
- userSession = session;
- }
-
- JcrUserDetails jcrUserDetails = (JcrUserDetails) authentication
- .getDetails();
- return JcrUserDetails.jcrUserDetailsToArgeoUser(userSession,
- jcrUserDetails);
- }
-
- public void updateCurrentUserPassword(String oldPassword, String newPassword) {
- currentUserDao.updateCurrentUserPassword(oldPassword, newPassword);
-
- }
-
- public void updateCurrentUserNatures(Map<String, UserNature> userNatures) {
- // TODO Auto-generated method stub
-
- }
-
- public void setSession(Session session) {
- this.session = session;
- }
-
- public void setCurrentUserDao(CurrentUserDao currentUserDao) {
- this.currentUserDao = currentUserDao;
- }
-
-}
+++ /dev/null
-package org.argeo.security.jcr;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
-
-import javax.jcr.Node;
-import javax.jcr.RepositoryException;
-
-import org.argeo.ArgeoException;
-import org.argeo.security.ArgeoUser;
-import org.argeo.security.UserNature;
-
-public class JcrArgeoUser implements ArgeoUser {
- /** Cached for performance reasons. */
- private final String username;
- private final Node home;
- private final List<String> roles;
- private final Boolean enabled;
- private final String password;
-
- public JcrArgeoUser(Node home, String password, List<String> roles,
- Boolean enabled) {
- this.home = home;
- this.password = password;
- this.roles = Collections.unmodifiableList(new ArrayList<String>(roles));
- this.enabled = enabled;
- try {
- username = home.getSession().getUserID();
- } catch (RepositoryException e) {
- throw new ArgeoException("Cannot find JCR user id", e);
- }
-
- }
-
- public String getUsername() {
- return username;
- }
-
- public Map<String, UserNature> getUserNatures() {
- throw new UnsupportedOperationException("deprecated");
- }
-
- public void updateUserNatures(Map<String, UserNature> userNatures) {
- throw new UnsupportedOperationException("deprecated");
- }
-
- public List<String> getRoles() {
- return roles;
- }
-
- public String getPassword() {
- return password;
- }
-
- public Node getHome() {
- return home;
- }
-
- public Boolean getEnabled() {
- return enabled;
- }
-
- public boolean equals(Object obj) {
- if (!(obj instanceof ArgeoUser))
- return false;
- return ((ArgeoUser) obj).getUsername().equals(username);
- }
-
- @Override
- public int hashCode() {
- return username.hashCode();
- }
-
- public String toString() {
- return getUsername() + "@" + getHome();
- }
-}
import java.util.ArrayList;
import java.util.List;
-import javax.jcr.Node;
-import javax.jcr.RepositoryException;
-import javax.jcr.Session;
-
-import org.argeo.ArgeoException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.User;
return homePath;
}
- public static JcrUserDetails argeoUserToJcrUserDetails(
- JcrArgeoUser argeoUser) {
- try {
- List<GrantedAuthority> gas = new ArrayList<GrantedAuthority>();
- for (String role : argeoUser.getRoles())
- gas.add(new GrantedAuthorityImpl(role));
- return new JcrUserDetails(argeoUser.getHome().getPath(),
- argeoUser.getUsername(), argeoUser.getPassword(),
- argeoUser.getEnabled(), true, true, true,
- gas.toArray(new GrantedAuthority[gas.size()]));
- } catch (Exception e) {
- throw new ArgeoException("Cannot convert " + argeoUser
- + " to JCR user details", e);
- }
- }
-
- public static JcrArgeoUser jcrUserDetailsToArgeoUser(Session userSession,
- JcrUserDetails jcrUserDetails) {
- if (!userSession.getUserID().equals(jcrUserDetails.getUsername()))
- throw new ArgeoException("User session has user id "
- + userSession.getUserID() + " while details has username "
- + jcrUserDetails.getUsername());
-
- Node userHome;
- try {
- userHome = userSession.getNode(jcrUserDetails.getHomePath());
- } catch (RepositoryException e) {
- throw new ArgeoException("Cannot retrieve user home with path "
- + jcrUserDetails.getHomePath(), e);
- }
- List<String> roles = new ArrayList<String>();
- for (GrantedAuthority ga : jcrUserDetails.getAuthorities())
- roles.add(ga.getAuthority());
- return new JcrArgeoUser(userHome, jcrUserDetails.getPassword(), roles,
- jcrUserDetails.isEnabled());
-
- }
-
public JcrUserDetails cloneWithNewRoles(List<String> roles) {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
for (String role : roles) {
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security.nature;
-
-import org.argeo.security.AbstractUserNature;
-
-public class CoworkerNature extends AbstractUserNature {
- private static final long serialVersionUID = 1L;
- private String mobile;
- private String telephoneNumber;
-
- public String getMobile() {
- return mobile;
- }
-
- public void setMobile(String mobile) {
- this.mobile = mobile;
- }
-
- public String getTelephoneNumber() {
- return telephoneNumber;
- }
-
- public void setTelephoneNumber(String telephoneNumber) {
- this.telephoneNumber = telephoneNumber;
- }
-
-}
+++ /dev/null
-package org.argeo.security.nature;
-
-import org.argeo.security.AbstractUserNature;
-
-/**
- * Argeo infrastructure user nature. People with access to the infrastructure
- * must be properly identified.
- */
-public class InfrastructureUserNature extends AbstractUserNature {
- private static final long serialVersionUID = 1L;
-
- private String mobile;
- private String telephoneNumber;
- private String postalAddress;
- private String postalCode;
- private String city;
- private String countryCode;
-
- public String getMobile() {
- return mobile;
- }
-
- public void setMobile(String mobile) {
- this.mobile = mobile;
- }
-
- public String getTelephoneNumber() {
- return telephoneNumber;
- }
-
- public void setTelephoneNumber(String telephoneNumber) {
- this.telephoneNumber = telephoneNumber;
- }
-
- public String getPostalAddress() {
- return postalAddress;
- }
-
- public void setPostalAddress(String postalAddress) {
- this.postalAddress = postalAddress;
- }
-
- public String getPostalCode() {
- return postalCode;
- }
-
- public void setPostalCode(String postalCode) {
- this.postalCode = postalCode;
- }
-
- public String getCity() {
- return city;
- }
-
- public void setCity(String city) {
- this.city = city;
- }
-
- public String getCountryCode() {
- return countryCode;
- }
-
- public void setCountryCode(String countryCode) {
- this.countryCode = countryCode;
- }
-
-}
+++ /dev/null
-package org.argeo.security.nature;
-
-import org.argeo.security.AbstractUserNature;
-
-/** User with access to POSIX operating systems*/
-public class PosixAccountNature extends AbstractUserNature {
- private static final long serialVersionUID = 1L;
-
- private Integer uidNumber;
- private Integer gidNumber;
- private String homeDirectory;
- private String authorizedKeys;
-
- public Integer getUidNumber() {
- return uidNumber;
- }
-
- public void setUidNumber(Integer uidNumber) {
- this.uidNumber = uidNumber;
- }
-
- public Integer getGidNumber() {
- return gidNumber;
- }
-
- public void setGidNumber(Integer gidNumber) {
- this.gidNumber = gidNumber;
- }
-
- public String getHomeDirectory() {
- return homeDirectory;
- }
-
- public void setHomeDirectory(String homeDirectory) {
- this.homeDirectory = homeDirectory;
- }
-
- public String getAuthorizedKeys() {
- return authorizedKeys;
- }
-
- public void setAuthorizedKeys(String authorizedKeys) {
- this.authorizedKeys = authorizedKeys;
- }
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security.nature;
-
-import org.argeo.ArgeoException;
-import org.argeo.security.AbstractUserNature;
-import org.argeo.security.ArgeoUser;
-import org.argeo.security.UserNature;
-
-@Deprecated
-public class SimpleUserNature extends AbstractUserNature {
- /**
- * No PAI, for internal use within the Argeo Security framework. Will
- * probably be removed.
- */
- public final static String TYPE = "simpleUser";
-
- private static final long serialVersionUID = 1L;
- private String email;
- private String firstName;
- private String lastName;
- private String description;
-
- public String getEmail() {
- return email;
- }
-
- public void setEmail(String email) {
- this.email = email;
- }
-
- public String getFirstName() {
- return firstName;
- }
-
- public void setFirstName(String firstName) {
- this.firstName = firstName;
- }
-
- public String getLastName() {
- return lastName;
- }
-
- public void setLastName(String lastName) {
- this.lastName = lastName;
- }
-
- public String getDescription() {
- return description;
- }
-
- public void setDescription(String description) {
- this.description = description;
- }
-
- /*
- * SECURITY UTILITIES
- */
- /**
- * Finds a user nature extending {@link SimpleUserNature} in the provided
- * user.
- *
- * @param user
- * the user to scan
- * @param simpleNatureType
- * the type under which a {@link SimpleUserNature} is registered,
- * useful if there are many. can be null.
- * @return the {@link SimpleUserNature}
- * @throws ArgeoException
- * if no simple user nature was found
- */
- public final static SimpleUserNature findSimpleUserNature(ArgeoUser user,
- String simpleNatureType) {
- SimpleUserNature simpleNature = null;
- if (simpleNatureType != null)
- simpleNature = (SimpleUserNature) user.getUserNatures().get(
- simpleNatureType);
- else
- for (UserNature userNature : user.getUserNatures().values())
- if (userNature instanceof SimpleUserNature)
- simpleNature = (SimpleUserNature) userNature;
-
- if (simpleNature == null)
- throw new ArgeoException("No simple user nature in user " + user);
- return simpleNature;
- }
-
-}
// we resync with Spring Security since the subject may have been reused
// in beetween
// TODO: check if this is clean
- subject.getPrincipals().addAll(syncPrincipals());
+ //subject.getPrincipals().addAll(syncPrincipals());
return true;
}
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
import java.util.Random;
+import java.util.Set;
+import java.util.TreeSet;
+import org.argeo.security.UserAdminDao;
+import org.argeo.security.UserAdminService;
import org.springframework.ldap.core.ContextSource;
+import org.springframework.security.GrantedAuthority;
import org.springframework.security.providers.encoding.PasswordEncoder;
+import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.ldap.LdapUserDetailsManager;
/** Extends {@link LdapUserDetailsManager} by adding password encoding support. */
-public class ArgeoLdapUserDetailsManager extends LdapUserDetailsManager {
+public class ArgeoLdapUserDetailsManager extends LdapUserDetailsManager
+ implements UserAdminService {
+ private String superUsername = "root";
+ private UserAdminDao userAdminDao;
private PasswordEncoder passwordEncoder;
private final Random random;
super.changePassword(oldPassword, encodePassword(newPassword));
}
+ public void newRole(String role) {
+ userAdminDao.createRole(role, superUsername);
+ }
+
+ public void synchronize() {
+ for (String username : userAdminDao.listUsers())
+ loadUserByUsername(username);
+ // TODO: find a way to remove from JCR
+ }
+
+ public void deleteRole(String role) {
+ userAdminDao.deleteRole(role);
+ }
+
+ public Set<String> listUsersInRole(String role) {
+ Set<String> lst = new TreeSet<String>(
+ userAdminDao.listUsersInRole(role));
+ Iterator<String> it = lst.iterator();
+ while (it.hasNext()) {
+ if (it.next().equals(superUsername)) {
+ it.remove();
+ break;
+ }
+ }
+ return lst;
+ }
+
+ public List<String> listUserRoles(String username) {
+ UserDetails userDetails = loadUserByUsername(username);
+ List<String> roles = new ArrayList<String>();
+ for (GrantedAuthority ga : userDetails.getAuthorities()) {
+ roles.add(ga.getAuthority());
+ }
+ return Collections.unmodifiableList(roles);
+ }
+
+ public Set<String> listEditableRoles() {
+ return userAdminDao.listEditableRoles();
+ }
+
protected String encodePassword(String password) {
if (!password.startsWith("{")) {
byte[] salt = new byte[16];
this.passwordEncoder = passwordEncoder;
}
+ public void setSuperUsername(String superUsername) {
+ this.superUsername = superUsername;
+ }
+
+ public void setUserAdminDao(UserAdminDao userAdminDao) {
+ this.userAdminDao = userAdminDao;
+ }
+
}
package org.argeo.security.ldap;
-import static org.argeo.security.core.ArgeoUserDetails.createSimpleArgeoUser;
-
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
import java.util.Collections;
import java.util.List;
-import java.util.Random;
import java.util.Set;
import java.util.TreeSet;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
-import org.argeo.ArgeoException;
-import org.argeo.security.ArgeoUser;
-import org.argeo.security.CurrentUserDao;
-import org.argeo.security.SimpleArgeoUser;
import org.argeo.security.UserAdminDao;
-import org.argeo.security.core.ArgeoUserDetails;
import org.springframework.ldap.core.ContextExecutor;
import org.springframework.ldap.core.ContextMapper;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DistinguishedName;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
-import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.ldap.LdapUsernameToDnMapper;
import org.springframework.security.ldap.LdapUtils;
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-import org.springframework.security.providers.encoding.PasswordEncoder;
-import org.springframework.security.userdetails.UserDetails;
-import org.springframework.security.userdetails.UserDetailsManager;
/**
* Wraps a Spring LDAP user details manager, providing additional methods to
* manage roles.
*/
-public class ArgeoSecurityDaoLdap implements CurrentUserDao, UserAdminDao {
+public class ArgeoSecurityDaoLdap implements UserAdminDao {
private String userBase;
private String usernameAttribute;
private String groupBase;
private String rolePrefix;
private final LdapTemplate ldapTemplate;
- private final Random random;
-
private LdapUsernameToDnMapper usernameMapper;
- private UserDetailsManager userDetailsManager;
-
- private PasswordEncoder passwordEncoder;
/**
* Standard constructor, using the LDAP context source shared with Spring
* Security components.
*/
public ArgeoSecurityDaoLdap(BaseLdapPathContextSource contextSource) {
- this(new LdapTemplate(contextSource), createRandom());
- }
-
- /**
- * Advanced constructor allowing to reuse an LDAP template and to explicitly
- * set the random used as seed for SSHA password generation.
- */
- public ArgeoSecurityDaoLdap(LdapTemplate ldapTemplate, Random random) {
- this.ldapTemplate = ldapTemplate;
- this.random = random;
- }
-
- private static Random createRandom() {
- try {
- return SecureRandom.getInstance("SHA1PRNG");
- } catch (NoSuchAlgorithmException e) {
- return new Random(System.currentTimeMillis());
- }
- }
-
- public synchronized void createUser(ArgeoUser user) {
- // normalize password
- if (user instanceof SimpleArgeoUser) {
- if (user.getPassword() == null || user.getPassword().equals(""))
- ((SimpleArgeoUser) user).setPassword(encodePassword(user
- .getUsername()));
- else if (!user.getPassword().startsWith("{"))
- ((SimpleArgeoUser) user).setPassword(encodePassword(user
- .getPassword()));
- }
- userDetailsManager.createUser(new ArgeoUserDetails(user));
- }
-
- public synchronized ArgeoUser getUser(String uname) {
- SimpleArgeoUser user = createSimpleArgeoUser(getDetails(uname));
- user.setPassword(null);
- return user;
- }
-
- public synchronized ArgeoUser getUserWithPassword(String uname) {
- return createSimpleArgeoUser(getDetails(uname));
+ this.ldapTemplate = new LdapTemplate(contextSource);
}
@SuppressWarnings("unchecked")
- public synchronized Set<ArgeoUser> listUsers() {
+ public synchronized Set<String> listUsers() {
List<String> usernames = (List<String>) ldapTemplate.listBindings(
new DistinguishedName(userBase), new ContextMapper() {
public Object mapFromContext(Object ctxArg) {
}
});
- TreeSet<ArgeoUser> lst = new TreeSet<ArgeoUser>();
- for (String username : usernames) {
- lst.add(createSimpleArgeoUser(getDetails(username)));
- }
- return Collections.unmodifiableSortedSet(lst);
+ return Collections
+ .unmodifiableSortedSet(new TreeSet<String>(usernames));
}
@SuppressWarnings("unchecked")
}
@SuppressWarnings("unchecked")
- public Set<ArgeoUser> listUsersInRole(String role) {
- return (Set<ArgeoUser>) ldapTemplate.lookup(
+ public Set<String> listUsersInRole(String role) {
+ return (Set<String>) ldapTemplate.lookup(
buildGroupDn(convertRoleToGroup(role)), new ContextMapper() {
public Object mapFromContext(Object ctxArg) {
DirContextAdapter ctx = (DirContextAdapter) ctxArg;
String[] userDns = ctx
.getStringAttributes(groupMemberAttribute);
- TreeSet<ArgeoUser> set = new TreeSet<ArgeoUser>();
+ TreeSet<String> set = new TreeSet<String>();
for (String userDn : userDns) {
DistinguishedName dn = new DistinguishedName(userDn);
String username = dn.getValue(usernameAttribute);
- set.add(createSimpleArgeoUser(getDetails(username)));
+ set.add(username);
}
return Collections.unmodifiableSortedSet(set);
}
});
}
- public synchronized void updateUser(ArgeoUser user) {
- // normalize password
- String password = user.getPassword();
- if (password == null)
- password = getUserWithPassword(user.getUsername()).getPassword();
- if (!password.startsWith("{"))
- password = encodePassword(user.getPassword());
- SimpleArgeoUser simpleArgeoUser = new SimpleArgeoUser(user);
- simpleArgeoUser.setPassword(password);
-
- ArgeoUserDetails argeoUserDetails = new ArgeoUserDetails(user);
- userDetailsManager.updateUser(new ArgeoUserDetails(user));
- // refresh logged in user
- if (ArgeoUserDetails.securityContextUser().getUsername()
- .equals(argeoUserDetails.getUsername())) {
- SecurityContextHolder.getContext().setAuthentication(
- new UsernamePasswordAuthenticationToken(argeoUserDetails,
- null, argeoUserDetails.getAuthorities()));
- }
- }
-
- public void updateCurrentUserPassword(String oldPassword, String newPassword) {
- SimpleArgeoUser user = new SimpleArgeoUser(
- ArgeoUserDetails.securityContextUser());
- if (!passwordEncoder.isPasswordValid(user.getPassword(), oldPassword,
- null))
- throw new ArgeoException("Old password is not correct.");
- user.setPassword(encodePassword(newPassword));
- updateUser(user);
- //userDetailsManager.changePassword(oldPassword, newPassword);
- }
-
- public void updateUserPassword(String username, String password) {
- SimpleArgeoUser user = new SimpleArgeoUser(getUser(username));
- user.setPassword(encodePassword(password));
- updateUser(user);
- }
-
- protected String encodePassword(String password) {
- byte[] salt = new byte[16];
- random.nextBytes(salt);
- return passwordEncoder.encodePassword(password, salt);
- }
-
- public synchronized void deleteUser(String username) {
- userDetailsManager.deleteUser(username);
- }
-
- public synchronized Boolean userExists(String username) {
- return userDetailsManager.userExists(username);
- }
-
public void createRole(String role, final String superuserName) {
String group = convertRoleToGroup(role);
DistinguishedName superuserDn = (DistinguishedName) ldapTemplate
+ groupBase);
}
- public void setUserDetailsManager(UserDetailsManager userDetailsManager) {
- this.userDetailsManager = userDetailsManager;
- }
-
public void setUserBase(String userBase) {
this.userBase = userBase;
}
this.usernameAttribute = usernameAttribute;
}
- protected UserDetails getDetails(String username) {
- return userDetailsManager.loadUserByUsername(username);
- }
-
public void setGroupBase(String groupBase) {
this.groupBase = groupBase;
}
public void setGroupClasses(String[] groupClasses) {
this.groupClasses = groupClasses;
}
-
- public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
- this.passwordEncoder = passwordEncoder;
- }
-
}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security.ldap;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.argeo.security.ArgeoUser;
-import org.argeo.security.UserNature;
-import org.argeo.security.core.ArgeoUserDetails;
-import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DirContextOperations;
-import org.springframework.security.GrantedAuthority;
-import org.springframework.security.userdetails.UserDetails;
-import org.springframework.security.userdetails.ldap.UserDetailsContextMapper;
-
-/**
- * Performs the mapping between LDAP and the user natures, using
- * {@link UserNatureMapper}.
- */
-public class ArgeoUserDetailsContextMapper implements UserDetailsContextMapper {
- // private final static Log log = LogFactory
- // .getLog(ArgeoUserDetailsContextMapper.class);
-
- private List<UserNatureMapper> userNatureMappers = new ArrayList<UserNatureMapper>();
-
- public UserDetails mapUserFromContext(DirContextOperations ctx,
- String username, GrantedAuthority[] authorities) {
- byte[] arr = (byte[]) ctx.getAttributeSortedStringSet("userPassword")
- .first();
- String password = new String(arr);
-
- Map<String, UserNature> userNatures = new HashMap<String, UserNature>();
- for (UserNatureMapper userInfoMapper : userNatureMappers) {
- UserNature userNature = userInfoMapper.mapUserInfoFromContext(ctx);
- if (userNature != null)
- userNatures.put(userInfoMapper.getName(), userNature);
- }
-
- return new ArgeoUserDetails(username,
- Collections.unmodifiableMap(userNatures), password, authorities);
- }
-
- public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
- ctx.setAttributeValues("objectClass", new String[] { "inetOrgPerson" });
- ctx.setAttributeValue("uid", user.getUsername());
- ctx.setAttributeValue("userPassword", user.getPassword());
- if (user instanceof ArgeoUser) {
- ArgeoUser argeoUser = (ArgeoUser) user;
- for (UserNature userNature : argeoUser.getUserNatures().values()) {
- for (UserNatureMapper userInfoMapper : userNatureMappers) {
- if (userInfoMapper.supports(userNature)) {
- userInfoMapper.mapUserInfoToContext(userNature, ctx);
- break;// use the first mapper found and no others
- }
- }
- }
- }
- }
-
- public void setUserNatureMappers(List<UserNatureMapper> userNatureMappers) {
- this.userNatureMappers = userNatureMappers;
- }
-
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security.ldap;
-
-import org.argeo.security.UserNature;
-import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DirContextOperations;
-
-/** Maps a user nature from LDAP. */
-public interface UserNatureMapper {
- public String getName();
-
- public void mapUserInfoToContext(UserNature userInfo, DirContextAdapter ctx);
-
- public UserNature mapUserInfoFromContext(DirContextOperations ctx);
-
- public Boolean supports(UserNature userInfo);
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security.ldap.nature;
-
-import org.argeo.security.UserNature;
-import org.argeo.security.ldap.UserNatureMapper;
-import org.argeo.security.nature.CoworkerNature;
-import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DirContextOperations;
-
-public class CoworkerUserNatureMapper implements UserNatureMapper {
-
- public String getName() {
- return "coworker";
- }
-
- public UserNature mapUserInfoFromContext(DirContextOperations ctx) {
- CoworkerNature nature = new CoworkerNature();
- nature.setMobile(ctx.getStringAttribute("mobile"));
- nature.setTelephoneNumber(ctx.getStringAttribute("telephoneNumber"));
-
- if (nature.getMobile() == null && nature.getTelephoneNumber() == null)
- return null;
- else
- return nature;
- }
-
- public void mapUserInfoToContext(UserNature userInfoArg,
- DirContextAdapter ctx) {
- CoworkerNature nature = (CoworkerNature) userInfoArg;
- if (nature.getMobile() == null || !nature.getMobile().equals("")) {
- ctx.setAttributeValue("mobile", nature.getMobile());
- }
- if (nature.getTelephoneNumber() == null
- || !nature.getTelephoneNumber().equals("")) {
- ctx.setAttributeValue("telephoneNumber",
- nature.getTelephoneNumber());
- }
- }
-
- public Boolean supports(UserNature userNature) {
- return userNature instanceof CoworkerNature;
- }
-
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security.ldap.nature;
-
-import org.argeo.security.UserNature;
-import org.argeo.security.ldap.UserNatureMapper;
-import org.argeo.security.nature.SimpleUserNature;
-import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DirContextOperations;
-
-public class SimpleUserNatureMapper implements UserNatureMapper {
- public String getName() {
- return SimpleUserNature.TYPE;
- }
-
- public UserNature mapUserInfoFromContext(DirContextOperations ctx) {
- SimpleUserNature nature = new SimpleUserNature();
- nature.setLastName(ctx.getStringAttribute("sn"));
- nature.setFirstName(ctx.getStringAttribute("givenName"));
- nature.setEmail(ctx.getStringAttribute("mail"));
- nature.setDescription(ctx.getStringAttribute("description"));
- return nature;
- }
-
- public void mapUserInfoToContext(UserNature userInfoArg,
- DirContextAdapter ctx) {
- SimpleUserNature nature = (SimpleUserNature) userInfoArg;
- ctx.setAttributeValue("cn",
- nature.getFirstName() + " " + nature.getLastName());
- ctx.setAttributeValue("sn", nature.getLastName());
- ctx.setAttributeValue("givenName", nature.getFirstName());
- ctx.setAttributeValue("mail", nature.getEmail());
- if (nature.getDescription() != null
- && !nature.getDescription().equals("")) {
- ctx.setAttributeValue("description", nature.getDescription());
- }
- }
-
- public Boolean supports(UserNature userNature) {
- return userNature instanceof SimpleUserNature;
- }
-
-}
<packaging>pom</packaging>
<modules>
<module>org.argeo.security.core</module>
- <module>org.argeo.security.mvc</module>
+<!-- <module>org.argeo.security.mvc</module> -->
<module>org.argeo.security.ldap</module>
<module>org.argeo.security.activemq</module>
<module>org.argeo.security.jackrabbit</module>
<activeByDefault>true</activeByDefault>
</activation>
<modules>
- <module>org.argeo.security.ria</module>
+<!-- <module>org.argeo.security.ria</module> -->
</modules>
</profile>
<profile>
* the session to use in order to perform the search, this can be
* a session with a different user ID than the one searched,
* typically when a system or admin session is used.
- * @param userID
- * the id of the user
+ * @param username
+ * the username of the user
*/
- public static Node getUserHome(Session session, String userID) {
+ public static Node getUserHome(Session session, String username) {
try {
QueryObjectModelFactory qomf = session.getWorkspace()
.getQueryManager().getQOMFactory();
DynamicOperand userIdDop = qomf.propertyValue("userHome",
ArgeoNames.ARGEO_USER_ID);
StaticOperand userIdSop = qomf.literal(session.getValueFactory()
- .createValue(userID));
+ .createValue(username));
Constraint constraint = qomf.comparison(userIdDop,
QueryObjectModelFactory.JCR_OPERATOR_EQUAL_TO, userIdSop);
Query query = qomf.createQuery(userHomeSel, constraint, null, null);
Node userHome = JcrUtils.querySingleNode(query);
return userHome;
} catch (RepositoryException e) {
- throw new ArgeoException("Cannot find home for user " + userID, e);
+ throw new ArgeoException("Cannot find home for user " + username, e);
}
}
- public static Node getUserProfile(Session session, String userID) {
+ public static Node getUserProfile(Session session, String username) {
try {
QueryObjectModelFactory qomf = session.getWorkspace()
.getQueryManager().getQOMFactory();
DynamicOperand userIdDop = qomf.propertyValue("userProfile",
ArgeoNames.ARGEO_USER_ID);
StaticOperand userIdSop = qomf.literal(session.getValueFactory()
- .createValue(userID));
+ .createValue(username));
Constraint constraint = qomf.comparison(userIdDop,
QueryObjectModelFactory.JCR_OPERATOR_EQUAL_TO, userIdSop);
Query query = qomf.createQuery(sel, constraint, null, null);
Node userHome = JcrUtils.querySingleNode(query);
return userHome;
} catch (RepositoryException e) {
- throw new ArgeoException("Cannot find profile for user " + userID,
- e);
+ throw new ArgeoException(
+ "Cannot find profile for user " + username, e);
}
}
public static Node createUserHome(Session session, String homeBasePath,
String username) {
try {
+ if (session == null)
+ throw new ArgeoException("Session is null");
if (session.hasPendingChanges())
throw new ArgeoException(
"Session has pending changes, save them first");
userProfile.setProperty(ArgeoNames.ARGEO_USER_ID, username);
session.save();
// we need to save the profile before adding the user home type
- PropertyIterator pit = userHome.getProperties();
- while (pit.hasNext()) {
- Property p = pit.nextProperty();
- log.debug(p.getName() + "=" + p.getValue().getString());
- }
userHome.addMixin(ArgeoTypes.ARGEO_USER_HOME);
// see
// http://jackrabbit.510166.n4.nabble.com/Jackrabbit-2-0-beta-6-Problem-adding-a-Mixin-type-with-mandatory-properties-after-setting-propertiesn-td1290332.html