]> git.argeo.org Git - lgpl/argeo-commons.git/blobdiff - security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java
projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Make security UI more robust
[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.core / src / main / java / org / argeo / security / core / DefaultSecurityService.java
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java
index 28f399f5a240078f2d8ef4531926cab390380909..b9b85087b31f45c1b15786e918eb2d9f5e60bc29 100644 (file)
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java
@@ -16,6 +16,9 @@
 
 package org.argeo.security.core;
 
+import java.util.Iterator;
+import java.util.List;
+
 import org.argeo.ArgeoException;
 import org.argeo.security.ArgeoSecurity;
 import org.argeo.security.ArgeoSecurityDao;
@@ -36,6 +39,15 @@ public class DefaultSecurityService implements ArgeoSecurityService {
 
        private String systemAuthenticationKey;
 
+       public ArgeoUser getCurrentUser() {
+               ArgeoUser argeoUser = ArgeoUserDetails.securityContextUser();
+               if (argeoUser == null)
+                       return null;
+               if (argeoUser.getRoles().contains(securityDao.getDefaultRole()))
+                       argeoUser.getRoles().remove(securityDao.getDefaultRole());
+               return argeoUser;
+       }
+
        public ArgeoSecurityDao getSecurityDao() {
                return securityDao;
        }
@@ -45,29 +57,41 @@ public class DefaultSecurityService implements ArgeoSecurityService {
        }
 
        public void updateUserPassword(String username, String password) {
-               SimpleArgeoUser user = new SimpleArgeoUser(securityDao
-                               .getUser(username));
-               user.setPassword(password);
+               SimpleArgeoUser user = new SimpleArgeoUser(
+                               securityDao.getUser(username));
+               user.setPassword(securityDao.encodePassword(password));
                securityDao.update(user);
        }
 
        public void updateCurrentUserPassword(String oldPassword, String newPassword) {
-               SimpleArgeoUser user = new SimpleArgeoUser(securityDao.getCurrentUser());
-               if (!user.getPassword().equals(oldPassword))
+               SimpleArgeoUser user = new SimpleArgeoUser(getCurrentUser());
+               if (!securityDao.isPasswordValid(user.getPassword(), oldPassword))
                        throw new ArgeoException("Old password is not correct.");
-               user.setPassword(newPassword);
+               user.setPassword(securityDao.encodePassword(newPassword));
                securityDao.update(user);
        }
 
        public void newUser(ArgeoUser user) {
-               user.getUserNatures().clear();
                argeoSecurity.beforeCreate(user);
+               // normalize password
+               if (user instanceof SimpleArgeoUser) {
+                       if (user.getPassword() == null || user.getPassword().equals(""))
+                               ((SimpleArgeoUser) user).setPassword(securityDao
+                                               .encodePassword(user.getUsername()));
+                       else if (!user.getPassword().startsWith("{"))
+                               ((SimpleArgeoUser) user).setPassword(securityDao
+                                               .encodePassword(user.getPassword()));
+               }
                securityDao.create(user);
        }
 
        public void updateUser(ArgeoUser user) {
-               String password = securityDao.getUserWithPassword(user.getUsername())
-                               .getPassword();
+               String password = user.getPassword();
+               if (password == null)
+                       password = securityDao.getUserWithPassword(user.getUsername())
+                                       .getPassword();
+               if (!password.startsWith("{"))
+                       password = securityDao.encodePassword(user.getPassword());
                SimpleArgeoUser simpleArgeoUser = new SimpleArgeoUser(user);
                simpleArgeoUser.setPassword(password);
                securityDao.update(simpleArgeoUser);
@@ -106,6 +130,19 @@ public class DefaultSecurityService implements ArgeoSecurityService {
                };
        }
 
+       public List<ArgeoUser> listUsersInRole(String role) {
+               List<ArgeoUser> lst = securityDao.listUsersInRole(role);
+               Iterator<ArgeoUser> it = lst.iterator();
+               while (it.hasNext()) {
+                       if (it.next().getUsername()
+                                       .equals(argeoSecurity.getSuperUsername())) {
+                               it.remove();
+                               break;
+                       }
+               }
+               return lst;
+       }
+
        public void setArgeoSecurity(ArgeoSecurity argeoSecurity) {
                this.argeoSecurity = argeoSecurity;
        }
@@ -122,5 +159,4 @@ public class DefaultSecurityService implements ArgeoSecurityService {
        public void setSystemAuthenticationKey(String systemAuthenticationKey) {
                this.systemAuthenticationKey = systemAuthenticationKey;
        }
-
 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi