2 * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package org
.argeo
.security
.mvc
;
19 import java
.io
.Reader
;
20 import java
.security
.MessageDigest
;
21 import java
.security
.NoSuchAlgorithmException
;
22 import java
.util
.List
;
24 import org
.apache
.commons
.codec
.binary
.Base64
;
25 import org
.argeo
.security
.ArgeoSecurityService
;
26 import org
.argeo
.security
.ArgeoUser
;
27 import org
.argeo
.security
.SimpleArgeoUser
;
28 import org
.argeo
.server
.BooleanAnswer
;
29 import org
.argeo
.server
.Deserializer
;
30 import org
.argeo
.server
.ServerAnswer
;
31 import org
.argeo
.server
.mvc
.MvcConstants
;
32 import org
.springframework
.stereotype
.Controller
;
33 import org
.springframework
.web
.bind
.annotation
.ModelAttribute
;
34 import org
.springframework
.web
.bind
.annotation
.RequestMapping
;
35 import org
.springframework
.web
.bind
.annotation
.RequestParam
;
38 public class UsersRolesController
implements MvcConstants
{
39 // private final static Log log = LogFactory
40 // .getLog(UsersRolesController.class);
42 private String digestType
= "SHA";
44 private ArgeoSecurityService securityService
;
46 private Deserializer userDeserializer
= null;
50 @RequestMapping("/getCredentials.*")
51 @ModelAttribute("user")
52 public ArgeoUser
getCredentials() {
53 ArgeoUser argeoUser
= securityService
.getCurrentUser();
54 if (argeoUser
== null)
55 return new SimpleArgeoUser();
60 @RequestMapping("/getUsersList.*")
61 @ModelAttribute("users")
62 public List
<ArgeoUser
> getUsersList() {
63 return securityService
.getSecurityDao().listUsers();
66 @RequestMapping("/userExists.*")
67 public BooleanAnswer
userExists(@RequestParam("username") String username
) {
68 return new BooleanAnswer(securityService
.getSecurityDao().userExists(
72 @RequestMapping("/createUser.*")
73 @ModelAttribute("user")
74 public ArgeoUser
createUser(Reader reader
) {
75 ArgeoUser user
= userDeserializer
.deserialize(reader
,
76 SimpleArgeoUser
.class);
77 // cleanUserBeforeCreate(user);
78 securityService
.newUser(user
);
79 return securityService
.getSecurityDao().getUser(user
.getUsername());
82 @RequestMapping("/updateUser.*")
83 @ModelAttribute("user")
84 public ArgeoUser
updateUser(Reader reader
) {
85 ArgeoUser user
= userDeserializer
.deserialize(reader
,
86 SimpleArgeoUser
.class);
87 securityService
.updateUser(user
);
88 return securityService
.getSecurityDao().getUser(user
.getUsername());
91 @RequestMapping("/updateUserSelf.*")
92 @ModelAttribute("user")
93 /** Will only update the user natures.*/
94 public ArgeoUser
updateUserSelf(Reader reader
) {
95 ArgeoUser user
= securityService
.getCurrentUser();
96 ArgeoUser userForNatures
= userDeserializer
.deserialize(reader
,
97 SimpleArgeoUser
.class);
98 user
.updateUserNatures(userForNatures
.getUserNatures());
99 securityService
.updateUser(user
);
100 return securityService
.getSecurityDao().getUser(user
.getUsername());
103 @RequestMapping("/deleteUser.*")
104 public ServerAnswer
deleteUser(@RequestParam("username") String username
) {
105 securityService
.getSecurityDao().delete(username
);
106 return ServerAnswer
.ok("User " + username
+ " deleted");
109 @RequestMapping("/getUserDetails.*")
110 @ModelAttribute("user")
111 public ArgeoUser
getUserDetails(@RequestParam("username") String username
) {
112 return securityService
.getSecurityDao().getUser(username
);
116 @RequestMapping("/getRolesList.*")
117 @ModelAttribute("roles")
118 public List
<String
> getEditableRolesList() {
119 return securityService
.getSecurityDao().listEditableRoles();
122 @RequestMapping("/createRole.*")
123 public ServerAnswer
createRole(@RequestParam("role") String role
) {
124 securityService
.newRole(role
);
125 return ServerAnswer
.ok("Role " + role
+ " created");
128 @RequestMapping("/deleteRole.*")
129 public ServerAnswer
deleteRole(@RequestParam("role") String role
) {
130 securityService
.getSecurityDao().deleteRole(role
);
131 return ServerAnswer
.ok("Role " + role
+ " deleted");
134 @RequestMapping("/updateUserPassword.*")
135 public ServerAnswer
updateUserPassword(
136 @RequestParam("username") String username
,
137 @RequestParam("password") String password
) {
138 securityService
.updateUserPassword(username
,
139 digestIfNecessary(password
));
140 return ServerAnswer
.ok("Password updated for user " + username
);
143 @RequestMapping("/updatePassword.*")
144 public ServerAnswer
updatePassword(
145 @RequestParam("oldPassword") String oldPassword
,
146 @RequestParam("password") String password
) {
147 securityService
.updateCurrentUserPassword(
148 digestIfNecessary(oldPassword
), digestIfNecessary(password
));
149 return ServerAnswer
.ok("Password updated");
152 protected String
digestIfNecessary(String str
) {
153 if (!str
.startsWith("{" + digestType
+ "}"))
159 protected String
digest(String nonEncrypted
) {
161 MessageDigest md
= MessageDigest
.getInstance(digestType
);
162 byte[] dig
= md
.digest(nonEncrypted
.getBytes());
163 return "{" + digestType
+ "}"
164 + new String(Base64
.encodeBase64(dig
));
165 } catch (NoSuchAlgorithmException e
) {
166 throw new RuntimeException(
167 "Unexpected exception while digesting password");
171 public void setUserDeserializer(Deserializer userDeserializer
) {
172 this.userDeserializer
= userDeserializer
;
175 public void setSecurityService(ArgeoSecurityService securityService
) {
176 this.securityService
= securityService
;