]> git.argeo.org Git - lgpl/argeo-commons.git/blobdiff - security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/ArgeoLdapUserDetailsManager.java
Update license headers
[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.ldap / src / main / java / org / argeo / security / ldap / ArgeoLdapUserDetailsManager.java
index 040d650d7bba1c085aef3c379ffd1ba85fd601f1..7430eabb7a401c81b5082757e1b567df3de265c8 100644 (file)
@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2007-2012 Mathieu Baudier
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.argeo.security.ldap;
 
 import java.security.NoSuchAlgorithmException;
@@ -10,10 +25,12 @@ import java.util.Random;
 import java.util.Set;
 import java.util.TreeSet;
 
-import org.argeo.security.UserAdminDao;
+import org.argeo.ArgeoException;
 import org.argeo.security.UserAdminService;
 import org.springframework.ldap.core.ContextSource;
+import org.springframework.security.Authentication;
 import org.springframework.security.GrantedAuthority;
+import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.security.providers.encoding.PasswordEncoder;
 import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.ldap.LdapUserDetailsManager;
@@ -22,7 +39,7 @@ import org.springframework.security.userdetails.ldap.LdapUserDetailsManager;
 public class ArgeoLdapUserDetailsManager extends LdapUserDetailsManager
                implements UserAdminService {
        private String superUsername = "root";
-       private UserAdminDao userAdminDao;
+       private ArgeoUserAdminDaoLdap userAdminDao;
        private PasswordEncoder passwordEncoder;
        private final Random random;
 
@@ -41,7 +58,22 @@ public class ArgeoLdapUserDetailsManager extends LdapUserDetailsManager
 
        @Override
        public void changePassword(String oldPassword, String newPassword) {
-               super.changePassword(oldPassword, encodePassword(newPassword));
+               Authentication authentication = SecurityContextHolder.getContext()
+                               .getAuthentication();
+               if (authentication == null)
+                       throw new ArgeoException(
+                                       "Cannot change password without authentication");
+               String username = authentication.getName();
+               UserDetails userDetails = loadUserByUsername(username);
+               String currentPassword = userDetails.getPassword();
+               if (currentPassword == null)
+                       throw new ArgeoException("Cannot access current password");
+               if (!passwordEncoder
+                               .isPasswordValid(currentPassword, oldPassword, null))
+                       throw new ArgeoException("Old password invalid");
+               // Spring Security LDAP 2.0 is buggy when used with OpenLDAP and called
+               // with oldPassword argument
+               super.changePassword(null, encodePassword(newPassword));
        }
 
        public void newRole(String role) {
@@ -58,6 +90,10 @@ public class ArgeoLdapUserDetailsManager extends LdapUserDetailsManager
                userAdminDao.deleteRole(role);
        }
 
+       public Set<String> listUsers() {
+               return userAdminDao.listUsers();
+       }
+
        public Set<String> listUsersInRole(String role) {
                Set<String> lst = new TreeSet<String>(
                                userAdminDao.listUsersInRole(role));
@@ -102,7 +138,7 @@ public class ArgeoLdapUserDetailsManager extends LdapUserDetailsManager
                this.superUsername = superUsername;
        }
 
-       public void setUserAdminDao(UserAdminDao userAdminDao) {
+       public void setUserAdminDao(ArgeoUserAdminDaoLdap userAdminDao) {
                this.userAdminDao = userAdminDao;
        }