Change default LDAP structure

[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.core / src / main / java / org / argeo / security / ldap / ArgeoSecurityDaoLdap.java
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java

index 763539ce25afb8d0b39d98bb94fb40a59756ec03..c9ba367c6ec58d450d5328bf719d81bf20cc9b88 100644 (file)
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
@@ -1,6 +1,6 @@
  package org.argeo.security.ldap;
  
-import static org.argeo.security.core.ArgeoUserDetails.createBasicArgeoUser;
+import static org.argeo.security.core.ArgeoUserDetails.createSimpleArgeoUser;
  
  import java.util.ArrayList;
  import java.util.List;
@@ -11,6 +11,7 @@ import javax.naming.directory.DirContext;
  
  import org.argeo.security.ArgeoSecurityDao;
  import org.argeo.security.ArgeoUser;
+import org.argeo.security.SimpleArgeoUser;
  import org.argeo.security.core.ArgeoUserDetails;
  import org.springframework.beans.factory.InitializingBean;
  import org.springframework.ldap.core.ContextExecutor;
@@ -36,11 +37,12 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
  
         private UserDetailsManager userDetailsManager;
         private LdapAuthoritiesPopulator authoritiesPopulator;
-       private String userBase = "ou=users";
+       private String userBase = "ou=People";
         private String usernameAttributeName = "uid";
-       private String groupBase = "ou=groups";
+       private String groupBase = "ou=Roles";
+       private String[] groupClasses = { "top", "groupOfNames" };
         private String groupRoleAttributeName = "cn";
-       private String groupMemberAttributeName = "uniquemember";
+       private String groupMemberAttributeName = "member";
         private String defaultRole = "ROLE_USER";
         private String rolePrefix = "ROLE_";
  
@@ -91,13 +93,21 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
         }
  
         public ArgeoUser getUser(String uname) {
-               return createBasicArgeoUser(getDetails(uname));
+               SimpleArgeoUser user = createSimpleArgeoUser(getDetails(uname));
+               user.setPassword(null);
+               return user;
+       }
+
+       public ArgeoUser getUserWithPassword(String uname) {
+               return createSimpleArgeoUser(getDetails(uname));
         }
  
         public ArgeoUser getCurrentUser() {
                 Authentication authentication = SecurityContextHolder.getContext()
                                 .getAuthentication();
                 ArgeoUser argeoUser = ArgeoUserDetails.asArgeoUser(authentication);
+               if (argeoUser == null)
+                       return null;
                 if (argeoUser.getRoles().contains(defaultRole))
                         argeoUser.getRoles().remove(defaultRole);
                 return argeoUser;
@@ -115,7 +125,7 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
  
                 List<ArgeoUser> lst = new ArrayList<ArgeoUser>();
                 for (String username : usernames) {
-                       lst.add(createBasicArgeoUser(getDetails(username)));
+                       lst.add(createSimpleArgeoUser(getDetails(username)));
                 }
                 return lst;
         }
@@ -141,10 +151,6 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
                 userDetailsManager.deleteUser(username);
         }
  
-       public void updatePassword(String oldPassword, String newPassword) {
-               userDetailsManager.changePassword(oldPassword, newPassword);
-       }
-
         public Boolean userExists(String username) {
                 return userDetailsManager.userExists(username);
         }
@@ -162,12 +168,12 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
  
                 Name groupDn = buildGroupDn(group);
                 DirContextAdapter context = new DirContextAdapter();
-               context.setAttributeValues("objectClass", new String[] { "top",
-                               "groupOfUniqueNames" });
+               context.setAttributeValues("objectClass", groupClasses);
                 context.setAttributeValue("cn", group);
  
                 // Add superuser because cannot create empty group
-               context.setAttributeValue("uniqueMember", superuserDn.toString());
+               context.setAttributeValue(groupMemberAttributeName, superuserDn
+                               .toString());
  
                 ldapTemplate.bind(groupDn, context, null);
         }
@@ -262,4 +268,8 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
         public String getDefaultRole() {
                 return defaultRole;
         }
+
+       public void setGroupClasses(String[] groupClasses) {
+               this.groupClasses = groupClasses;
+       }
  }