security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java

   1 /*
   2  * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 package org.argeo.security.core;
  18
  19 import java.util.HashSet;
  20 import java.util.Iterator;
  21 import java.util.Set;
  22
  23 import org.argeo.security.ArgeoSecurity;
  24 import org.argeo.security.ArgeoSecurityDao;
  25 import org.argeo.security.ArgeoSecurityService;
  26 import org.argeo.security.ArgeoUser;
  27 import org.argeo.security.SimpleArgeoUser;
  28 import org.argeo.security.UserAdminService;
  29 import org.springframework.core.task.SimpleAsyncTaskExecutor;
  30 import org.springframework.core.task.TaskExecutor;
  31 import org.springframework.security.Authentication;
  32 import org.springframework.security.AuthenticationManager;
  33 import org.springframework.security.context.SecurityContext;
  34 import org.springframework.security.context.SecurityContextHolder;
  35
  36 public class DefaultSecurityService extends DefaultCurrentUserService implements
  37                 UserAdminService, ArgeoSecurityService {
  38         private ArgeoSecurity argeoSecurity = new DefaultArgeoSecurity();
  39         private ArgeoSecurityDao securityDao;
  40         private AuthenticationManager authenticationManager;
  41
  42         private String systemAuthenticationKey;
  43
  44         public ArgeoSecurityDao getSecurityDao() {
  45                 return securityDao;
  46         }
  47
  48         public void newRole(String role) {
  49                 securityDao.createRole(role, argeoSecurity.getSuperUsername());
  50         }
  51
  52         public void updateUserPassword(String username, String password) {
  53                 SimpleArgeoUser user = new SimpleArgeoUser(
  54                                 securityDao.getUser(username));
  55                 user.setPassword(encodePassword(password));
  56                 securityDao.updateUser(user);
  57         }
  58
  59         public void newUser(ArgeoUser user) {
  60                 argeoSecurity.beforeCreate(user);
  61                 // normalize password
  62                 if (user instanceof SimpleArgeoUser) {
  63                         if (user.getPassword() == null || user.getPassword().equals(""))
  64                                 ((SimpleArgeoUser) user).setPassword(encodePassword(user
  65                                                 .getUsername()));
  66                         else if (!user.getPassword().startsWith("{"))
  67                                 ((SimpleArgeoUser) user).setPassword(encodePassword(user
  68                                                 .getPassword()));
  69                 }
  70                 securityDao.createUser(user);
  71         }
  72
  73         public ArgeoUser getUser(String username) {
  74                 return securityDao.getUser(username);
  75         }
  76
  77         public Boolean userExists(String username) {
  78                 return securityDao.userExists(username);
  79         }
  80
  81         public void updateUser(ArgeoUser user) {
  82                 String password = user.getPassword();
  83                 if (password == null)
  84                         password = securityDao.getUserWithPassword(user.getUsername())
  85                                         .getPassword();
  86                 if (!password.startsWith("{"))
  87                         password = encodePassword(user.getPassword());
  88                 SimpleArgeoUser simpleArgeoUser = new SimpleArgeoUser(user);
  89                 simpleArgeoUser.setPassword(password);
  90                 securityDao.updateUser(simpleArgeoUser);
  91         }
  92
  93         public void deleteUser(String username) {
  94                 securityDao.deleteUser(username);
  95
  96         }
  97
  98         public void deleteRole(String role) {
  99                 securityDao.deleteRole(role);
 100         }
 101
 102         @Deprecated
 103         public TaskExecutor createSystemAuthenticatedTaskExecutor() {
 104                 return new SimpleAsyncTaskExecutor() {
 105                         private static final long serialVersionUID = -8126773862193265020L;
 106
 107                         @Override
 108                         public Thread createThread(Runnable runnable) {
 109                                 return super
 110                                                 .createThread(wrapWithSystemAuthentication(runnable));
 111                         }
 112
 113                 };
 114         }
 115
 116         /**
 117          * Wraps another runnable, adding security context <br/>
 118          * TODO: secure the call to this method with Java Security
 119          */
 120         @Deprecated
 121         public Runnable wrapWithSystemAuthentication(final Runnable runnable) {
 122                 return new Runnable() {
 123
 124                         public void run() {
 125                                 SecurityContext securityContext = SecurityContextHolder
 126                                                 .getContext();
 127                                 Authentication auth = authenticationManager
 128                                                 .authenticate(new InternalAuthentication(
 129                                                                 systemAuthenticationKey));
 130                                 securityContext.setAuthentication(auth);
 131
 132                                 runnable.run();
 133                         }
 134                 };
 135         }
 136
 137         public Set<ArgeoUser> listUsersInRole(String role) {
 138                 Set<ArgeoUser> lst = new HashSet<ArgeoUser>(
 139                                 securityDao.listUsersInRole(role));
 140                 Iterator<ArgeoUser> it = lst.iterator();
 141                 while (it.hasNext()) {
 142                         if (it.next().getUsername()
 143                                         .equals(argeoSecurity.getSuperUsername())) {
 144                                 it.remove();
 145                                 break;
 146                         }
 147                 }
 148                 return lst;
 149         }
 150
 151         public Set<ArgeoUser> listUsers() {
 152                 return securityDao.listUsers();
 153         }
 154
 155         public Set<String> listEditableRoles() {
 156                 // TODO Auto-generated method stub
 157                 return securityDao.listEditableRoles();
 158         }
 159
 160         public void setArgeoSecurity(ArgeoSecurity argeoSecurity) {
 161                 this.argeoSecurity = argeoSecurity;
 162         }
 163
 164         public void setSecurityDao(ArgeoSecurityDao dao) {
 165                 this.securityDao = dao;
 166                 setCurrentUserDao(dao);
 167         }
 168
 169         public void setAuthenticationManager(
 170                         AuthenticationManager authenticationManager) {
 171                 this.authenticationManager = authenticationManager;
 172         }
 173
 174         public void setSystemAuthenticationKey(String systemAuthenticationKey) {
 175                 this.systemAuthenticationKey = systemAuthenticationKey;
 176         }
 177 }