Improve security UI

[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.core / src / main / java / org / argeo / security / ldap / ArgeoSecurityDaoLdap.java

diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
index 171252848f08dabbb9ab38298a5ddf8c29d0e35e..3d6d8ff9949dd9c22664abb6788ae508e5a55a73 100644 (file)
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
@@ -1,3 +1,19 @@
+/*
+ * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package org.argeo.security.ldap;
 
 import static org.argeo.security.core.ArgeoUserDetails.createSimpleArgeoUser;
@@ -20,7 +36,6 @@ import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.ldap.core.DistinguishedName;
 import org.springframework.ldap.core.LdapTemplate;
 import org.springframework.ldap.core.support.BaseLdapPathContextSource;
-import org.springframework.security.Authentication;
 import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.security.ldap.DefaultLdapUsernameToDnMapper;
 import org.springframework.security.ldap.LdapAuthoritiesPopulator;
@@ -28,6 +43,7 @@ import org.springframework.security.ldap.LdapUsernameToDnMapper;
 import org.springframework.security.ldap.LdapUtils;
 import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator;
 import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.UserDetailsManager;
 import org.springframework.security.userdetails.UserDetailsService;
@@ -102,33 +118,31 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
                ldapTemplate = new LdapTemplate(this.contextSource);
        }
 
-       public void create(ArgeoUser user) {
+       public synchronized void create(ArgeoUser user) {
                userDetailsManager.createUser(new ArgeoUserDetails(user));
        }
 
-       public ArgeoUser getUser(String uname) {
+       public synchronized ArgeoUser getUser(String uname) {
                SimpleArgeoUser user = createSimpleArgeoUser(getDetails(uname));
                user.setPassword(null);
                return user;
        }
 
-       public ArgeoUser getUserWithPassword(String uname) {
+       public synchronized ArgeoUser getUserWithPassword(String uname) {
                return createSimpleArgeoUser(getDetails(uname));
        }
 
-       public ArgeoUser getCurrentUser() {
-               Authentication authentication = SecurityContextHolder.getContext()
-                               .getAuthentication();
-               ArgeoUser argeoUser = ArgeoUserDetails.asArgeoUser(authentication);
-               if (argeoUser == null)
-                       return null;
-               if (argeoUser.getRoles().contains(defaultRole))
-                       argeoUser.getRoles().remove(defaultRole);
-               return argeoUser;
-       }
+//     public ArgeoUser getCurrentUser() {
+//             ArgeoUser argeoUser = ArgeoUserDetails.securityContextUser();
+//             if (argeoUser == null)
+//                     return null;
+//             if (argeoUser.getRoles().contains(defaultRole))
+//                     argeoUser.getRoles().remove(defaultRole);
+//             return argeoUser;
+//     }
 
        @SuppressWarnings("unchecked")
-       public List<ArgeoUser> listUsers() {
+       public synchronized List<ArgeoUser> listUsers() {
                List<String> usernames = (List<String>) ldapTemplate.listBindings(
                                new DistinguishedName(userBase), new ContextMapper() {
                                        public Object mapFromContext(Object ctxArg) {
@@ -157,15 +171,23 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
                                });
        }
 
-       public void update(ArgeoUser user) {
+       public synchronized void update(ArgeoUser user) {
+               ArgeoUserDetails argeoUserDetails = new ArgeoUserDetails(user);
                userDetailsManager.updateUser(new ArgeoUserDetails(user));
+               // refresh logged in user
+               if (ArgeoUserDetails.securityContextUser().getUsername()
+                               .equals(argeoUserDetails.getUsername())) {
+                       SecurityContextHolder.getContext().setAuthentication(
+                                       new UsernamePasswordAuthenticationToken(argeoUserDetails,
+                                                       null, argeoUserDetails.getAuthorities()));
+               }
        }
 
-       public void delete(String username) {
+       public synchronized void delete(String username) {
                userDetailsManager.deleteUser(username);
        }
 
-       public Boolean userExists(String username) {
+       public synchronized Boolean userExists(String username) {
                return userDetailsManager.userExists(username);
        }
 
@@ -175,8 +197,8 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
                                .executeReadWrite(new ContextExecutor() {
                                        public Object executeWithContext(DirContext ctx)
                                                        throws NamingException {
-                                               return LdapUtils.getFullDn(usernameMapper
-                                                               .buildDn(superuserName), ctx);
+                                               return LdapUtils.getFullDn(
+                                                               usernameMapper.buildDn(superuserName), ctx);
                                        }
                                });
 
@@ -186,8 +208,8 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
                context.setAttributeValue("cn", group);
 
                // Add superuser because cannot create empty group
-               context.setAttributeValue(groupMemberAttributeName, superuserDn
-                               .toString());
+               context.setAttributeValue(groupMemberAttributeName,
+                               superuserDn.toString());
 
                ldapTemplate.bind(groupDn, context, null);
        }