]> git.argeo.org Git - lgpl/argeo-commons.git/blob - ArgeoLdapUserDetailsManager.java
projects / lgpl / argeo-commons.git / blob


040d650d7bba1c085aef3c379ffd1ba85fd601f1
[lgpl/argeo-commons.git] / ArgeoLdapUserDetailsManager.java
1 package org.argeo.security.ldap;
2
3 import java.security.NoSuchAlgorithmException;
4 import java.security.SecureRandom;
5 import java.util.ArrayList;
6 import java.util.Collections;
7 import java.util.Iterator;
8 import java.util.List;
9 import java.util.Random;
10 import java.util.Set;
11 import java.util.TreeSet;
12
13 import org.argeo.security.UserAdminDao;
14 import org.argeo.security.UserAdminService;
15 import org.springframework.ldap.core.ContextSource;
16 import org.springframework.security.GrantedAuthority;
17 import org.springframework.security.providers.encoding.PasswordEncoder;
18 import org.springframework.security.userdetails.UserDetails;
19 import org.springframework.security.userdetails.ldap.LdapUserDetailsManager;
20
21 /** Extends {@link LdapUserDetailsManager} by adding password encoding support. */
22 public class ArgeoLdapUserDetailsManager extends LdapUserDetailsManager
23 implements UserAdminService {
24 private String superUsername = "root";
25 private UserAdminDao userAdminDao;
26 private PasswordEncoder passwordEncoder;
27 private final Random random;
28
29 public ArgeoLdapUserDetailsManager(ContextSource contextSource) {
30 super(contextSource);
31 this.random = createRandom();
32 }
33
34 private static Random createRandom() {
35 try {
36 return SecureRandom.getInstance("SHA1PRNG");
37 } catch (NoSuchAlgorithmException e) {
38 return new Random(System.currentTimeMillis());
39 }
40 }
41
42 @Override
43 public void changePassword(String oldPassword, String newPassword) {
44 super.changePassword(oldPassword, encodePassword(newPassword));
45 }
46
47 public void newRole(String role) {
48 userAdminDao.createRole(role, superUsername);
49 }
50
51 public void synchronize() {
52 for (String username : userAdminDao.listUsers())
53 loadUserByUsername(username);
54 // TODO: find a way to remove from JCR
55 }
56
57 public void deleteRole(String role) {
58 userAdminDao.deleteRole(role);
59 }
60
61 public Set<String> listUsersInRole(String role) {
62 Set<String> lst = new TreeSet<String>(
63 userAdminDao.listUsersInRole(role));
64 Iterator<String> it = lst.iterator();
65 while (it.hasNext()) {
66 if (it.next().equals(superUsername)) {
67 it.remove();
68 break;
69 }
70 }
71 return lst;
72 }
73
74 public List<String> listUserRoles(String username) {
75 UserDetails userDetails = loadUserByUsername(username);
76 List<String> roles = new ArrayList<String>();
77 for (GrantedAuthority ga : userDetails.getAuthorities()) {
78 roles.add(ga.getAuthority());
79 }
80 return Collections.unmodifiableList(roles);
81 }
82
83 public Set<String> listEditableRoles() {
84 return userAdminDao.listEditableRoles();
85 }
86
87 protected String encodePassword(String password) {
88 if (!password.startsWith("{")) {
89 byte[] salt = new byte[16];
90 random.nextBytes(salt);
91 return passwordEncoder.encodePassword(password, salt);
92 } else {
93 return password;
94 }
95 }
96
97 public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
98 this.passwordEncoder = passwordEncoder;
99 }
100
101 public void setSuperUsername(String superUsername) {
102 this.superUsername = superUsername;
103 }
104
105 public void setUserAdminDao(UserAdminDao userAdminDao) {
106 this.userAdminDao = userAdminDao;
107 }
108
109 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi