DefaultSecurityService.java

   1 /*
   2  * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 package org.argeo.security.core;
  18
  19 import org.argeo.ArgeoException;
  20 import org.argeo.security.ArgeoSecurity;
  21 import org.argeo.security.ArgeoSecurityDao;
  22 import org.argeo.security.ArgeoSecurityService;
  23 import org.argeo.security.ArgeoUser;
  24 import org.argeo.security.SimpleArgeoUser;
  25 import org.springframework.core.task.SimpleAsyncTaskExecutor;
  26 import org.springframework.core.task.TaskExecutor;
  27 import org.springframework.security.Authentication;
  28 import org.springframework.security.AuthenticationManager;
  29 import org.springframework.security.context.SecurityContext;
  30 import org.springframework.security.context.SecurityContextHolder;
  31
  32 public class DefaultSecurityService implements ArgeoSecurityService {
  33         private ArgeoSecurity argeoSecurity = new DefaultArgeoSecurity();
  34         private ArgeoSecurityDao securityDao;
  35         private AuthenticationManager authenticationManager;
  36
  37         private String systemAuthenticationKey;
  38
  39         public ArgeoUser getCurrentUser() {
  40                 ArgeoUser argeoUser = ArgeoUserDetails.securityContextUser();
  41                 if (argeoUser == null)
  42                         return null;
  43                 if (argeoUser.getRoles().contains(securityDao.getDefaultRole()))
  44                         argeoUser.getRoles().remove(securityDao.getDefaultRole());
  45                 return argeoUser;
  46         }
  47
  48         public ArgeoSecurityDao getSecurityDao() {
  49                 return securityDao;
  50         }
  51
  52         public void newRole(String role) {
  53                 securityDao.createRole(role, argeoSecurity.getSuperUsername());
  54         }
  55
  56         public void updateUserPassword(String username, String password) {
  57                 SimpleArgeoUser user = new SimpleArgeoUser(
  58                                 securityDao.getUser(username));
  59                 user.setPassword(password);
  60                 securityDao.update(user);
  61         }
  62
  63         public void updateCurrentUserPassword(String oldPassword, String newPassword) {
  64                 SimpleArgeoUser user = new SimpleArgeoUser(getCurrentUser());
  65                 if (!user.getPassword().equals(oldPassword))
  66                         throw new ArgeoException("Old password is not correct.");
  67                 user.setPassword(newPassword);
  68                 securityDao.update(user);
  69         }
  70
  71         public void newUser(ArgeoUser user) {
  72                 user.getUserNatures().clear();
  73                 argeoSecurity.beforeCreate(user);
  74                 securityDao.create(user);
  75         }
  76
  77         public void updateUser(ArgeoUser user) {
  78                 String password = securityDao.getUserWithPassword(user.getUsername())
  79                                 .getPassword();
  80                 SimpleArgeoUser simpleArgeoUser = new SimpleArgeoUser(user);
  81                 simpleArgeoUser.setPassword(password);
  82                 securityDao.update(simpleArgeoUser);
  83         }
  84
  85         public TaskExecutor createSystemAuthenticatedTaskExecutor() {
  86                 return new SimpleAsyncTaskExecutor() {
  87                         private static final long serialVersionUID = -8126773862193265020L;
  88
  89                         @Override
  90                         public Thread createThread(Runnable runnable) {
  91                                 return super
  92                                                 .createThread(wrapWithSystemAuthentication(runnable));
  93                         }
  94
  95                 };
  96         }
  97
  98         /**
  99          * Wraps another runnable, adding security context <br/>
 100          * TODO: secure the call to this method with Java Security
 101          */
 102         public Runnable wrapWithSystemAuthentication(final Runnable runnable) {
 103                 return new Runnable() {
 104
 105                         public void run() {
 106                                 SecurityContext securityContext = SecurityContextHolder
 107                                                 .getContext();
 108                                 Authentication auth = authenticationManager
 109                                                 .authenticate(new InternalAuthentication(
 110                                                                 systemAuthenticationKey));
 111                                 securityContext.setAuthentication(auth);
 112
 113                                 runnable.run();
 114                         }
 115                 };
 116         }
 117
 118         public void setArgeoSecurity(ArgeoSecurity argeoSecurity) {
 119                 this.argeoSecurity = argeoSecurity;
 120         }
 121
 122         public void setSecurityDao(ArgeoSecurityDao dao) {
 123                 this.securityDao = dao;
 124         }
 125
 126         public void setAuthenticationManager(
 127                         AuthenticationManager authenticationManager) {
 128                 this.authenticationManager = authenticationManager;
 129         }
 130
 131         public void setSystemAuthenticationKey(String systemAuthenticationKey) {
 132                 this.systemAuthenticationKey = systemAuthenticationKey;
 133         }
 134 }