From 1d138ac772906199b87e07827b0391897544b9ce Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Thu, 15 Nov 2012 13:29:06 +0000
Subject: [PATCH] Reintroduce security.mvc

git-svn-id: https://svn.argeo.org/commons/trunk@5832 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---
 .../org.argeo.security.dep.node.rap/pom.xml   |   5 +
 .../runtime/org.argeo.security.mvc/.classpath |   7 +
 .../runtime/org.argeo.security.mvc/.project   |  28 ++++
 .../.settings/org.eclipse.jdt.core.prefs      |   5 +
 .../.settings/org.maven.ide.eclipse.prefs     |   9 ++
 .../org.argeo.security.mvc/build.properties   |   2 +
 .../runtime/org.argeo.security.mvc/pom.xml    |  72 ++++++++++
 .../security/mvc/ArgeoRememberMeServices.java |  68 +++++++++
 .../security/mvc/ArgeoUserInterceptor.java    |  39 +++++
 .../security/mvc/UsersRolesController.java    | 134 ++++++++++++++++++
 security/runtime/pom.xml                      |   1 +
 11 files changed, 370 insertions(+)
 create mode 100644 security/runtime/org.argeo.security.mvc/.classpath
 create mode 100644 security/runtime/org.argeo.security.mvc/.project
 create mode 100644 security/runtime/org.argeo.security.mvc/.settings/org.eclipse.jdt.core.prefs
 create mode 100644 security/runtime/org.argeo.security.mvc/.settings/org.maven.ide.eclipse.prefs
 create mode 100644 security/runtime/org.argeo.security.mvc/build.properties
 create mode 100644 security/runtime/org.argeo.security.mvc/pom.xml
 create mode 100644 security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/ArgeoRememberMeServices.java
 create mode 100644 security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/ArgeoUserInterceptor.java
 create mode 100644 security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java

diff --git a/security/dep/org.argeo.security.dep.node.rap/pom.xml b/security/dep/org.argeo.security.dep.node.rap/pom.xml
index 97d80ca02..7404f1831 100644
--- a/security/dep/org.argeo.security.dep.node.rap/pom.xml
+++ b/security/dep/org.argeo.security.dep.node.rap/pom.xml
@@ -51,6 +51,11 @@
 			<artifactId>org.argeo.security.ui.admin</artifactId>
 			<version>1.1.6-SNAPSHOT</version>
 		</dependency>
+		<dependency>
+			<groupId>org.argeo.commons.security</groupId>
+			<artifactId>org.argeo.security.mvc</artifactId>
+			<version>1.1.6-SNAPSHOT</version>
+		</dependency>
 
 		<!-- Basis -->
 		<dependency>
diff --git a/security/runtime/org.argeo.security.mvc/.classpath b/security/runtime/org.argeo.security.mvc/.classpath
new file mode 100644
index 000000000..ff41fbb4d
--- /dev/null
+++ b/security/runtime/org.argeo.security.mvc/.classpath
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
+	<classpathentry kind="con" path="org.eclipse.pde.core.requiredPlugins"/>
+	<classpathentry kind="output" path="bin"/>
+</classpath>
diff --git a/security/runtime/org.argeo.security.mvc/.project b/security/runtime/org.argeo.security.mvc/.project
new file mode 100644
index 000000000..b287d0835
--- /dev/null
+++ b/security/runtime/org.argeo.security.mvc/.project
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>org.argeo.security.mvc</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.pde.ManifestBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.pde.SchemaBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+		<nature>org.eclipse.pde.PluginNature</nature>
+	</natures>
+</projectDescription>
diff --git a/security/runtime/org.argeo.security.mvc/.settings/org.eclipse.jdt.core.prefs b/security/runtime/org.argeo.security.mvc/.settings/org.eclipse.jdt.core.prefs
new file mode 100644
index 000000000..d2110d0b1
--- /dev/null
+++ b/security/runtime/org.argeo.security.mvc/.settings/org.eclipse.jdt.core.prefs
@@ -0,0 +1,5 @@
+#Tue Sep 15 11:35:07 CEST 2009
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
+org.eclipse.jdt.core.compiler.source=1.5
diff --git a/security/runtime/org.argeo.security.mvc/.settings/org.maven.ide.eclipse.prefs b/security/runtime/org.argeo.security.mvc/.settings/org.maven.ide.eclipse.prefs
new file mode 100644
index 000000000..2169c4308
--- /dev/null
+++ b/security/runtime/org.argeo.security.mvc/.settings/org.maven.ide.eclipse.prefs
@@ -0,0 +1,9 @@
+#Tue Sep 15 11:35:01 CEST 2009
+activeProfiles=
+eclipse.preferences.version=1
+fullBuildGoals=process-test-resources
+includeModules=false
+resolveWorkspaceProjects=true
+resourceFilterGoals=process-resources resources\:testResources
+skipCompilerPlugin=true
+version=1
diff --git a/security/runtime/org.argeo.security.mvc/build.properties b/security/runtime/org.argeo.security.mvc/build.properties
new file mode 100644
index 000000000..a740a346d
--- /dev/null
+++ b/security/runtime/org.argeo.security.mvc/build.properties
@@ -0,0 +1,2 @@
+additional.bundles = org.springframework.beans
+source.. = src/main/java/
diff --git a/security/runtime/org.argeo.security.mvc/pom.xml b/security/runtime/org.argeo.security.mvc/pom.xml
new file mode 100644
index 000000000..fcc7772ff
--- /dev/null
+++ b/security/runtime/org.argeo.security.mvc/pom.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<groupId>org.argeo.commons.security</groupId>
+		<artifactId>runtime</artifactId>
+		<version>1.1.6-SNAPSHOT</version>
+		<relativePath>..</relativePath>
+	</parent>
+	<artifactId>org.argeo.security.mvc</artifactId>
+	<name>Commons Security MVC</name>
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-compiler-plugin</artifactId>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-source-plugin</artifactId>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-jar-plugin</artifactId>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.felix</groupId>
+				<artifactId>maven-bundle-plugin</artifactId>
+
+				<configuration>
+					<instructions>
+						<Export-Package>
+							org.argeo.security.mvc.*
+						</Export-Package>
+						<Import-Package>*,javax.servlet</Import-Package>
+					</instructions>
+				</configuration>
+			</plugin>
+		</plugins>
+	</build>
+	<dependencies>
+		<!-- Argeo Server -->
+		<dependency>
+			<groupId>org.argeo.commons.server</groupId>
+			<artifactId>org.argeo.server.core</artifactId>
+			<version>1.1.6-SNAPSHOT</version>
+		</dependency>
+
+		<!-- Argeo Security -->
+		<dependency>
+			<groupId>org.argeo.commons.security</groupId>
+			<artifactId>org.argeo.security.core</artifactId>
+			<version>1.1.6-SNAPSHOT</version>
+		</dependency>
+
+		<!-- Spring -->
+		<dependency>
+			<groupId>org.argeo.tp</groupId>
+			<artifactId>org.springframework.web.servlet</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.argeo.tp</groupId>
+			<artifactId>org.springframework.aop</artifactId>
+		</dependency>
+
+		<!-- J2EE -->
+		<dependency>
+			<groupId>org.argeo.tp</groupId>
+			<artifactId>javax.servlet</artifactId>
+		</dependency>
+
+	</dependencies>
+</project>
\ No newline at end of file
diff --git a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/ArgeoRememberMeServices.java b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/ArgeoRememberMeServices.java
new file mode 100644
index 000000000..fde9f3034
--- /dev/null
+++ b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/ArgeoRememberMeServices.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright (C) 2007-2012 Mathieu Baudier
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.argeo.security.mvc;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.ui.rememberme.TokenBasedRememberMeServices;
+
+public class ArgeoRememberMeServices extends TokenBasedRememberMeServices {
+	public final static String DEFAULT_COOKIE_NAME = "ARGEO_SECURITY";
+
+	public ArgeoRememberMeServices() {
+		setCookieName(DEFAULT_COOKIE_NAME);
+	}
+
+	/**
+	 * Sets a "cancel cookie" (with maxAge = 0) on the response to disable
+	 * persistent logins.
+	 * 
+	 * @param request
+	 * @param response
+	 */
+	protected void cancelCookie(HttpServletRequest request,
+			HttpServletResponse response) {
+		Cookie cookie = new Cookie(getCookieName(), null);
+		cookie.setMaxAge(0);
+		cookie.setPath("/");
+
+		response.addCookie(cookie);
+	}
+
+	/**
+	 * Sets the cookie on the response
+	 * 
+	 * @param tokens
+	 *            the tokens which will be encoded to make the cookie value.
+	 * @param maxAge
+	 *            the value passed to {@link Cookie#setMaxAge(int)}
+	 * @param request
+	 *            the request
+	 * @param response
+	 *            the response to add the cookie to.
+	 */
+	protected void setCookie(String[] tokens, int maxAge,
+			HttpServletRequest request, HttpServletResponse response) {
+		String cookieValue = encodeCookie(tokens);
+		Cookie cookie = new Cookie(getCookieName(), cookieValue);
+		cookie.setMaxAge(maxAge);
+		cookie.setPath("/");
+		response.addCookie(cookie);
+	}
+
+}
diff --git a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/ArgeoUserInterceptor.java b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/ArgeoUserInterceptor.java
new file mode 100644
index 000000000..fd83e9f73
--- /dev/null
+++ b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/ArgeoUserInterceptor.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2007-2012 Mathieu Baudier
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.argeo.security.mvc;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.argeo.security.UserAdminService;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+/** Add the current argeo user as an attribute to the request. */
+public class ArgeoUserInterceptor extends HandlerInterceptorAdapter {
+	private UserAdminService securityService;
+
+	@Override
+	public boolean preHandle(HttpServletRequest request,
+			HttpServletResponse response, Object handler) throws Exception {
+		//request.setAttribute("argeoUser", securityService.getCurrentUser());
+		return super.preHandle(request, response, handler);
+	}
+
+	public void setSecurityService(UserAdminService securityService) {
+		this.securityService = securityService;
+	}
+
+}
diff --git a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java
new file mode 100644
index 000000000..185d376a6
--- /dev/null
+++ b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java
@@ -0,0 +1,134 @@
+/*
+ * Copyright (C) 2007-2012 Mathieu Baudier
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.argeo.security.mvc;
+
+import org.argeo.server.mvc.MvcConstants;
+import org.springframework.stereotype.Controller;
+
+@Controller
+public class UsersRolesController implements MvcConstants {
+//	private ArgeoSecurityService securityService;
+//	private Deserializer userDeserializer = null;
+
+	/* USER */
+
+//	@RequestMapping("/getCredentials.*")
+//	@ModelAttribute("user")
+//	public ArgeoUser getCredentials() {
+//		ArgeoUser argeoUser = securityService.getCurrentUser();
+//		if (argeoUser == null)
+//			return new SimpleArgeoUser();
+//		else
+//			return argeoUser;
+//	}
+//
+//	@RequestMapping("/getUsersList.*")
+//	@ModelAttribute("users")
+//	public Set<ArgeoUser> getUsersList() {
+//		return securityService.listUsers();
+//	}
+//
+//	@RequestMapping("/userExists.*")
+//	public BooleanAnswer userExists(@RequestParam("username") String username) {
+//		return new BooleanAnswer(securityService.userExists(username));
+//	}
+//
+//	@RequestMapping("/createUser.*")
+//	@ModelAttribute("user")
+//	public ArgeoUser createUser(Reader reader) {
+//		ArgeoUser user = userDeserializer.deserialize(reader,
+//				SimpleArgeoUser.class);
+//		securityService.newUser(user);
+//		return securityService.getUser(user.getUsername());
+//	}
+//
+//	@RequestMapping("/updateUser.*")
+//	@ModelAttribute("user")
+//	public ArgeoUser updateUser(Reader reader) {
+//		ArgeoUser user = userDeserializer.deserialize(reader,
+//				SimpleArgeoUser.class);
+//		securityService.updateUser(user);
+//		return securityService.getUser(user.getUsername());
+//	}
+//
+//	@RequestMapping("/updateUserSelf.*")
+//	@ModelAttribute("user")
+//	/** Will only update the user natures.*/
+//	public ArgeoUser updateUserSelf(Reader reader) {
+//		ArgeoUser user = securityService.getCurrentUser();
+//		ArgeoUser userForNatures = userDeserializer.deserialize(reader,
+//				SimpleArgeoUser.class);
+//		user.updateUserNatures(userForNatures.getUserNatures());
+//		securityService.updateUser(user);
+//		return securityService.getUser(user.getUsername());
+//	}
+//
+//	@RequestMapping("/deleteUser.*")
+//	public ServerAnswer deleteUser(@RequestParam("username") String username) {
+//		securityService.deleteUser(username);
+//		return ServerAnswer.ok("User " + username + " deleted");
+//	}
+//
+//	@RequestMapping("/getUserDetails.*")
+//	@ModelAttribute("user")
+//	public ArgeoUser getUserDetails(@RequestParam("username") String username) {
+//		return securityService.getUser(username);
+//	}
+
+	/* ROLE */
+//	@RequestMapping("/getRolesList.*")
+//	@ModelAttribute("roles")
+//	public Set<String> getEditableRolesList() {
+//		return securityService.listEditableRoles();
+//	}
+//
+//	@RequestMapping("/createRole.*")
+//	public ServerAnswer createRole(@RequestParam("role") String role) {
+//		securityService.newRole(role);
+//		return ServerAnswer.ok("Role " + role + " created");
+//	}
+//
+//	@RequestMapping("/deleteRole.*")
+//	public ServerAnswer deleteRole(@RequestParam("role") String role) {
+//		securityService.deleteRole(role);
+//		return ServerAnswer.ok("Role " + role + " deleted");
+//	}
+//
+//	@RequestMapping("/updateUserPassword.*")
+//	public ServerAnswer updateUserPassword(
+//			@RequestParam("username") String username,
+//			@RequestParam("password") String password) {
+//		securityService.updateUserPassword(username, password);
+//		return ServerAnswer.ok("Password updated for user " + username);
+//	}
+//
+//	@RequestMapping("/updatePassword.*")
+//	public ServerAnswer updatePassword(
+//			@RequestParam("oldPassword") String oldPassword,
+//			@RequestParam("password") String password) {
+//		securityService.updateCurrentUserPassword(oldPassword, password);
+//		return ServerAnswer.ok("Password updated");
+//	}
+//
+//	public void setUserDeserializer(Deserializer userDeserializer) {
+//		this.userDeserializer = userDeserializer;
+//	}
+//
+//	public void setSecurityService(ArgeoSecurityService securityService) {
+//		this.securityService = securityService;
+//	}
+
+}
diff --git a/security/runtime/pom.xml b/security/runtime/pom.xml
index ffd79433c..d0f065446 100644
--- a/security/runtime/pom.xml
+++ b/security/runtime/pom.xml
@@ -16,5 +16,6 @@
 		<module>org.argeo.security.ldap</module>
 		<module>org.argeo.security.activemq</module>
 		<module>org.argeo.security.jackrabbit</module>
+		<module>org.argeo.security.mvc</module>
 	</modules>
 </project>
\ No newline at end of file
-- 
2.30.2