org.argeo.security,
org.argeo.security.ldap,
org.argeo.security.ldap.nature,
+ org.argeo.security.nature,
+ org.argeo.server.json,
org.springframework.beans.factory.config,
org.springframework.ldap.core.support,
org.springframework.security,
interface="org.springframework.security.AuthenticationManager"\r
context-class-loader="service-provider" />\r
\r
- <service ref="securityDao" interface="org.argeo.security.ArgeoSecurityDao" />\r
+ <service ref="securityDao" interface="org.argeo.security.ArgeoSecurityDao"\r
+ context-class-loader="service-provider" />\r
\r
<list id="userNatureMappers" interface="org.argeo.security.ldap.UserNatureMapper"\r
cardinality="0..N" />\r
+\r
+ <!-- Provides deserialization -->\r
+ <service interface="org.argeo.server.json.JsonObjectFactory">\r
+ <beans:bean class="org.argeo.server.json.JsonObjectFactoryImpl" />\r
+ </service>\r
+\r
</beans:beans>
\ No newline at end of file
Bundle-SymbolicName: org.argeo.security.services
Bundle-Version: 0.1.3.SNAPSHOT
Import-Package: org.argeo.security,
- org.argeo.security.core,
- org.argeo.security.ldap,
- org.argeo.security.nature,
- org.argeo.server.json
+ org.argeo.security.core
Bundle-Name: Security Services
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
-
- <bean id="jsonObjectFactory" class="org.argeo.server.json.JsonObjectFactoryImpl">
- </bean>
-</beans>
\ No newline at end of file
http://www.springframework.org/schema/beans \r
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">\r
\r
- <service ref="jsonObjectFactory" interface="org.argeo.server.json.JsonObjectFactory" />\r
<service ref="securityService" interface="org.argeo.security.ArgeoSecurityService" />\r
\r
<reference id="securityDao" interface="org.argeo.security.ArgeoSecurityDao"\r
- context-class-loader="service-provider" />\r
+ />\r
</beans:beans>
\ No newline at end of file
public void deleteRole(String role);
- public void updatePassword(String oldPassword, String newPassword);
-
public Boolean userExists(String username);
public ArgeoUser getUser(String username);
public void updateUserPassword(String username, String password);
+ public void updateCurrentUserPassword(String oldPassword, String newPassword);
+
public void newRole(String role);
public ArgeoSecurityDao getSecurityDao();
package org.argeo.security.core;
+import org.argeo.ArgeoException;
import org.argeo.security.ArgeoSecurity;
import org.argeo.security.ArgeoSecurityDao;
import org.argeo.security.ArgeoSecurityService;
securityDao.update(user);
}
+ public void updateCurrentUserPassword(String oldPassword, String newPassword) {
+ SimpleArgeoUser user = new SimpleArgeoUser(securityDao.getCurrentUser());
+ if (!user.getPassword().equals(oldPassword))
+ throw new ArgeoException("Old password is not correct.");
+ user.setPassword(newPassword);
+ securityDao.update(user);
+ }
+
public void newUser(ArgeoUser user) {
user.getUserNatures().clear();
argeoSecurity.beforeCreate(user);
userDetailsManager.deleteUser(username);
}
- public void updatePassword(String oldPassword, String newPassword) {
- userDetailsManager.changePassword(oldPassword, newPassword);
- }
-
public Boolean userExists(String username) {
return userDetailsManager.userExists(username);
}
return argeoUser;
}
- // @RequestMapping("/login.security")
- // @ModelAttribute(ANSWER_MODEL_KEY)
- // public ArgeoUser login(@RequestParam("username") String username,
- // @RequestParam("password") String password) {
- // //SecurityContextHolder.getContext().getAuthentication().
- // return securityService.getSecurityDao().getCurrentUser();
- // }
- //
- // @RequestMapping("/logout.security")
- // @ModelAttribute(ANSWER_MODEL_KEY)
- // public ServerAnswer logout() {
- // return ServerAnswer.ok("Logged out");
- // }
-
@RequestMapping("/getUsersList.security")
@ModelAttribute(ANSWER_MODEL_KEY)
public List<ArgeoUser> getUsersList() {
@RequestMapping("/updatePassword.security")
@ModelAttribute(ANSWER_MODEL_KEY)
public ServerAnswer updatePassword(
- @RequestParam("password") String password,
- @RequestParam("oldPassword") String oldPassword) {
- securityService.getSecurityDao().updatePassword(oldPassword, password);
+ @RequestParam("oldPassword") String oldPassword,
+ @RequestParam("password") String password) {
+ securityService.updateCurrentUserPassword(oldPassword, password);
return ServerAnswer.ok("Password updated");
}