From 814f2e01731aca304d826d070922d51fd84efa29 Mon Sep 17 00:00:00 2001 From: Mathieu Baudier Date: Fri, 28 Jan 2011 15:22:33 +0000 Subject: [PATCH] Improve Security git-svn-id: https://svn.argeo.org/commons/trunk@4087 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc --- .../argeo/security/ui/SecurityUiPlugin.java | 23 ------------ .../ui/editors/DefaultUserMainPage.java | 2 +- .../argeo/security/ui/views/UsersView.java | 2 +- .../org/argeo/security/ArgeoSecurityDao.java | 3 ++ .../argeo/security/ArgeoSecurityService.java | 6 ++++ .../security/core/DefaultSecurityService.java | 16 +++++++++ .../security/ldap/ArgeoSecurityDaoLdap.java | 20 +++++++++++ .../security/nature/SimpleUserNature.java | 35 +++++++++++++++++++ 8 files changed, 82 insertions(+), 25 deletions(-) diff --git a/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/SecurityUiPlugin.java b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/SecurityUiPlugin.java index 971affa4b..bc05495b4 100644 --- a/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/SecurityUiPlugin.java +++ b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/SecurityUiPlugin.java @@ -1,9 +1,5 @@ package org.argeo.security.ui; -import org.argeo.ArgeoException; -import org.argeo.security.ArgeoUser; -import org.argeo.security.UserNature; -import org.argeo.security.nature.SimpleUserNature; import org.eclipse.jface.resource.ImageDescriptor; import org.eclipse.ui.plugin.AbstractUIPlugin; import org.osgi.framework.BundleContext; @@ -61,23 +57,4 @@ public class SecurityUiPlugin extends AbstractUIPlugin { public static ImageDescriptor getImageDescriptor(String path) { return imageDescriptorFromPlugin(PLUGIN_ID, path); } - - /* - * SECURITY UTILITIES - */ - public final static SimpleUserNature findSimpleUserNature(ArgeoUser user, - String simpleNatureType) { - SimpleUserNature simpleNature = null; - if (simpleNatureType != null) - simpleNature = (SimpleUserNature) user.getUserNatures().get( - simpleNatureType); - else - for (UserNature userNature : user.getUserNatures().values()) - if (userNature instanceof SimpleUserNature) - simpleNature = (SimpleUserNature) userNature; - - if (simpleNature == null) - throw new ArgeoException("No simple user nature in user " + user); - return simpleNature; - } } diff --git a/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/editors/DefaultUserMainPage.java b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/editors/DefaultUserMainPage.java index 3da89f37c..9ed5ccaec 100644 --- a/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/editors/DefaultUserMainPage.java +++ b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/editors/DefaultUserMainPage.java @@ -55,7 +55,7 @@ public class DefaultUserMainPage extends FormPage { super(editor, ID, "Main"); this.securityService = securityService; this.user = user; - this.simpleNature = SecurityUiPlugin.findSimpleUserNature(user, + this.simpleNature = SimpleUserNature.findSimpleUserNature(user, simpleNatureType); } diff --git a/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UsersView.java b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UsersView.java index 34feebbe8..6aad5d06a 100644 --- a/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UsersView.java +++ b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UsersView.java @@ -99,7 +99,7 @@ public class UsersView extends ViewPart { public String getColumnText(Object element, int columnIndex) { String currentUsername = CurrentUser.getUsername(); ArgeoUser user = (ArgeoUser) element; - SimpleUserNature simpleNature = SecurityUiPlugin + SimpleUserNature simpleNature = SimpleUserNature .findSimpleUserNature(user, simpleNatureType); switch (columnIndex) { case 0: diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityDao.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityDao.java index de2664851..67025dc5d 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityDao.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityDao.java @@ -49,6 +49,9 @@ public interface ArgeoSecurityDao { public void deleteRole(String role); + /** List all users having this role. */ + public List listUsersInRole(String role); + public Boolean userExists(String username); public ArgeoUser getUser(String username); diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityService.java index e6d8274b5..732ec72c2 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityService.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityService.java @@ -16,6 +16,8 @@ package org.argeo.security; +import java.util.List; + /** * High level access to the user referential (independent from the underlying * storage). @@ -36,4 +38,8 @@ public interface ArgeoSecurityService { public ArgeoSecurityDao getSecurityDao(); public Runnable wrapWithSystemAuthentication(final Runnable runnable); + + /** List users having this role (except the super user). */ + public List listUsersInRole(String role); + } diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java index b9220b269..e97180351 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java @@ -16,6 +16,9 @@ package org.argeo.security.core; +import java.util.Iterator; +import java.util.List; + import org.argeo.ArgeoException; import org.argeo.security.ArgeoSecurity; import org.argeo.security.ArgeoSecurityDao; @@ -115,6 +118,19 @@ public class DefaultSecurityService implements ArgeoSecurityService { }; } + public List listUsersInRole(String role) { + List lst = securityDao.listUsersInRole(role); + Iterator it = lst.iterator(); + while (it.hasNext()) { + if (it.next().getUsername() + .equals(argeoSecurity.getSuperUsername())) { + it.remove(); + break; + } + } + return lst; + } + public void setArgeoSecurity(ArgeoSecurity argeoSecurity) { this.argeoSecurity = argeoSecurity; } diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java index 807875db6..6aa31bbdc 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java @@ -183,6 +183,26 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean }); } + @SuppressWarnings("unchecked") + public List listUsersInRole(String role) { + return (List) ldapTemplate.lookup( + buildGroupDn(convertRoleToGroup(role)), new ContextMapper() { + public Object mapFromContext(Object ctxArg) { + DirContextAdapter ctx = (DirContextAdapter) ctxArg; + String[] userDns = ctx + .getStringAttributes(groupMemberAttributeName); + List lst = new ArrayList(); + for (String userDn : userDns) { + DistinguishedName dn = new DistinguishedName(userDn); + String username = dn + .getValue(usernameAttributeName); + lst.add(createSimpleArgeoUser(getDetails(username))); + } + return lst; + } + }); + } + public synchronized void update(ArgeoUser user) { ArgeoUserDetails argeoUserDetails = new ArgeoUserDetails(user); userDetailsManager.updateUser(new ArgeoUserDetails(user)); diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/nature/SimpleUserNature.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/nature/SimpleUserNature.java index 7d7723e33..a10ac4dbd 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/nature/SimpleUserNature.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/nature/SimpleUserNature.java @@ -16,7 +16,10 @@ package org.argeo.security.nature; +import org.argeo.ArgeoException; import org.argeo.security.AbstractUserNature; +import org.argeo.security.ArgeoUser; +import org.argeo.security.UserNature; public class SimpleUserNature extends AbstractUserNature { /** @@ -63,4 +66,36 @@ public class SimpleUserNature extends AbstractUserNature { this.description = description; } + /* + * SECURITY UTILITIES + */ + /** + * Finds a user nature extending {@link SimpleUserNature} in the provided + * user. + * + * @param user + * the user to scan + * @param simpleNatureType + * the type under which a {@link SimpleUserNature} is registered, + * useful if there are many. can be null. + * @return the {@link SimpleUserNature} + * @throws ArgeoException + * if no simple user nature was found + */ + public final static SimpleUserNature findSimpleUserNature(ArgeoUser user, + String simpleNatureType) { + SimpleUserNature simpleNature = null; + if (simpleNatureType != null) + simpleNature = (SimpleUserNature) user.getUserNatures().get( + simpleNatureType); + else + for (UserNature userNature : user.getUserNatures().values()) + if (userNature instanceof SimpleUserNature) + simpleNature = (SimpleUserNature) userNature; + + if (simpleNature == null) + throw new ArgeoException("No simple user nature in user " + user); + return simpleNature; + } + } -- 2.30.2