import static org.argeo.security.core.ArgeoUserDetails.createSimpleArgeoUser;
-import java.util.ArrayList;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.Collections;
import java.util.List;
+import java.util.Random;
+import java.util.Set;
+import java.util.TreeSet;
import javax.naming.Name;
import javax.naming.NamingException;
import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator;
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.providers.ldap.authenticator.LdapShaPasswordEncoder;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsManager;
import org.springframework.security.userdetails.UserDetailsService;
private LdapUserDetailsService ldapUserDetailsService;
private List<UserNatureMapper> userNatureMappers;
+ private LdapShaPasswordEncoder ldapShaPasswordEncoder = new LdapShaPasswordEncoder();
+ private Random random;
+
+ public ArgeoSecurityDaoLdap(BaseLdapPathContextSource contextSource) {
+ this.contextSource = contextSource;
+ ldapTemplate = new LdapTemplate(this.contextSource);
+ try {
+ random = SecureRandom.getInstance("SHA1PRNG");
+ } catch (NoSuchAlgorithmException e) {
+ random = new Random(System.currentTimeMillis());
+ }
+ }
+
public void afterPropertiesSet() throws Exception {
if (usernameMapper == null)
usernameMapper = new DefaultLdapUsernameToDnMapper(userBase,
}
}
- public ArgeoSecurityDaoLdap(BaseLdapPathContextSource contextSource) {
- this.contextSource = contextSource;
- ldapTemplate = new LdapTemplate(this.contextSource);
- }
-
- public synchronized void create(ArgeoUser user) {
+ public synchronized void createUser(ArgeoUser user) {
userDetailsManager.createUser(new ArgeoUserDetails(user));
}
return createSimpleArgeoUser(getDetails(uname));
}
-// public ArgeoUser getCurrentUser() {
-// ArgeoUser argeoUser = ArgeoUserDetails.securityContextUser();
-// if (argeoUser == null)
-// return null;
-// if (argeoUser.getRoles().contains(defaultRole))
-// argeoUser.getRoles().remove(defaultRole);
-// return argeoUser;
-// }
+ // public ArgeoUser getCurrentUser() {
+ // ArgeoUser argeoUser = ArgeoUserDetails.securityContextUser();
+ // if (argeoUser == null)
+ // return null;
+ // if (argeoUser.getRoles().contains(defaultRole))
+ // argeoUser.getRoles().remove(defaultRole);
+ // return argeoUser;
+ // }
@SuppressWarnings("unchecked")
- public synchronized List<ArgeoUser> listUsers() {
+ public synchronized Set<ArgeoUser> listUsers() {
List<String> usernames = (List<String>) ldapTemplate.listBindings(
new DistinguishedName(userBase), new ContextMapper() {
public Object mapFromContext(Object ctxArg) {
}
});
- List<ArgeoUser> lst = new ArrayList<ArgeoUser>();
+ TreeSet<ArgeoUser> lst = new TreeSet<ArgeoUser>();
for (String username : usernames) {
lst.add(createSimpleArgeoUser(getDetails(username)));
}
- return lst;
+ return Collections.unmodifiableSortedSet(lst);
}
@SuppressWarnings("unchecked")
- public List<String> listEditableRoles() {
- return (List<String>) ldapTemplate.listBindings(groupBase,
- new ContextMapper() {
+ public Set<String> listEditableRoles() {
+ return Collections.unmodifiableSortedSet(new TreeSet<String>(
+ ldapTemplate.listBindings(groupBase, new ContextMapper() {
public Object mapFromContext(Object ctxArg) {
String groupName = ((DirContextAdapter) ctxArg)
.getStringAttribute(groupRoleAttributeName);
String roleName = convertGroupToRole(groupName);
return roleName;
}
+ })));
+ }
+
+ @SuppressWarnings("unchecked")
+ public Set<ArgeoUser> listUsersInRole(String role) {
+ return (Set<ArgeoUser>) ldapTemplate.lookup(
+ buildGroupDn(convertRoleToGroup(role)), new ContextMapper() {
+ public Object mapFromContext(Object ctxArg) {
+ DirContextAdapter ctx = (DirContextAdapter) ctxArg;
+ String[] userDns = ctx
+ .getStringAttributes(groupMemberAttributeName);
+ TreeSet<ArgeoUser> set = new TreeSet<ArgeoUser>();
+ for (String userDn : userDns) {
+ DistinguishedName dn = new DistinguishedName(userDn);
+ String username = dn
+ .getValue(usernameAttributeName);
+ set.add(createSimpleArgeoUser(getDetails(username)));
+ }
+ return Collections.unmodifiableSortedSet(set);
+ }
});
}
- public synchronized void update(ArgeoUser user) {
+ public synchronized void updateUser(ArgeoUser user) {
ArgeoUserDetails argeoUserDetails = new ArgeoUserDetails(user);
userDetailsManager.updateUser(new ArgeoUserDetails(user));
// refresh logged in user
}
}
- public synchronized void delete(String username) {
+ public synchronized void deleteUser(String username) {
userDetailsManager.deleteUser(username);
}
ldapTemplate.unbind(dn);
}
+ public Boolean isPasswordValid(String encoded, String raw) {
+ return ldapShaPasswordEncoder.isPasswordValid(encoded, raw, null);
+ }
+
+ public String encodePassword(String raw) {
+ byte[] salt = null;
+ // TODO: check that Linux auth supports SSHA
+ // byte[] salt = new byte[16];
+ // random.nextBytes(salt);
+ return ldapShaPasswordEncoder.encodePassword(raw, salt);
+ }
+
protected String convertRoleToGroup(String role) {
String group = role;
if (group.startsWith(rolePrefix)) {