DefaultSecurityService.java

   1 /*
   2  * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 package org.argeo.security.core;
  18
  19 import org.argeo.ArgeoException;
  20 import org.argeo.security.ArgeoSecurity;
  21 import org.argeo.security.ArgeoSecurityDao;
  22 import org.argeo.security.ArgeoSecurityService;
  23 import org.argeo.security.ArgeoUser;
  24 import org.argeo.security.SimpleArgeoUser;
  25 import org.springframework.core.task.SimpleAsyncTaskExecutor;
  26 import org.springframework.core.task.TaskExecutor;
  27 import org.springframework.security.Authentication;
  28 import org.springframework.security.AuthenticationManager;
  29 import org.springframework.security.context.SecurityContext;
  30 import org.springframework.security.context.SecurityContextHolder;
  31
  32 public class DefaultSecurityService implements ArgeoSecurityService {
  33         private ArgeoSecurity argeoSecurity = new DefaultArgeoSecurity();
  34         private ArgeoSecurityDao securityDao;
  35         private AuthenticationManager authenticationManager;
  36
  37         private String systemAuthenticationKey;
  38
  39         public ArgeoSecurityDao getSecurityDao() {
  40                 return securityDao;
  41         }
  42
  43         public void newRole(String role) {
  44                 securityDao.createRole(role, argeoSecurity.getSuperUsername());
  45         }
  46
  47         public void updateUserPassword(String username, String password) {
  48                 SimpleArgeoUser user = new SimpleArgeoUser(securityDao
  49                                 .getUser(username));
  50                 user.setPassword(password);
  51                 securityDao.update(user);
  52         }
  53
  54         public void updateCurrentUserPassword(String oldPassword, String newPassword) {
  55                 SimpleArgeoUser user = new SimpleArgeoUser(securityDao.getCurrentUser());
  56                 if (!user.getPassword().equals(oldPassword))
  57                         throw new ArgeoException("Old password is not correct.");
  58                 user.setPassword(newPassword);
  59                 securityDao.update(user);
  60         }
  61
  62         public void newUser(ArgeoUser user) {
  63                 user.getUserNatures().clear();
  64                 argeoSecurity.beforeCreate(user);
  65                 securityDao.create(user);
  66         }
  67
  68         public void updateUser(ArgeoUser user) {
  69                 String password = securityDao.getUserWithPassword(user.getUsername())
  70                                 .getPassword();
  71                 SimpleArgeoUser simpleArgeoUser = new SimpleArgeoUser(user);
  72                 simpleArgeoUser.setPassword(password);
  73                 securityDao.update(simpleArgeoUser);
  74         }
  75
  76         public TaskExecutor createSystemAuthenticatedTaskExecutor() {
  77                 return new SimpleAsyncTaskExecutor() {
  78                         private static final long serialVersionUID = -8126773862193265020L;
  79
  80                         @Override
  81                         public Thread createThread(Runnable runnable) {
  82                                 return super
  83                                                 .createThread(wrapWithSystemAuthentication(runnable));
  84                         }
  85
  86                 };
  87         }
  88
  89         /**
  90          * Wraps another runnable, adding security context <br/>
  91          * TODO: secure the call to this method with Java Security
  92          */
  93         public Runnable wrapWithSystemAuthentication(final Runnable runnable) {
  94                 return new Runnable() {
  95
  96                         public void run() {
  97                                 SecurityContext securityContext = SecurityContextHolder
  98                                                 .getContext();
  99                                 Authentication auth = authenticationManager
 100                                                 .authenticate(new InternalAuthentication(
 101                                                                 systemAuthenticationKey));
 102                                 securityContext.setAuthentication(auth);
 103
 104                                 runnable.run();
 105                         }
 106                 };
 107         }
 108
 109         public void setArgeoSecurity(ArgeoSecurity argeoSecurity) {
 110                 this.argeoSecurity = argeoSecurity;
 111         }
 112
 113         public void setSecurityDao(ArgeoSecurityDao dao) {
 114                 this.securityDao = dao;
 115         }
 116
 117         public void setAuthenticationManager(
 118                         AuthenticationManager authenticationManager) {
 119                 this.authenticationManager = authenticationManager;
 120         }
 121
 122         public void setSystemAuthenticationKey(String systemAuthenticationKey) {
 123                 this.systemAuthenticationKey = systemAuthenticationKey;
 124         }
 125
 126 }