X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fldap%2FArgeoSecurityDaoLdap.java;h=3d6d8ff9949dd9c22664abb6788ae508e5a55a73;hb=5fdef8bfcf058d698a9be5bcc1ae8cdcbe4ce0f0;hp=171252848f08dabbb9ab38298a5ddf8c29d0e35e;hpb=90c20e8a20aaed36e8a5ff55205737574d7775db;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java index 171252848..3d6d8ff99 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java @@ -1,3 +1,19 @@ +/* + * Copyright (C) 2010 Mathieu Baudier + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.argeo.security.ldap; import static org.argeo.security.core.ArgeoUserDetails.createSimpleArgeoUser; @@ -20,7 +36,6 @@ import org.springframework.ldap.core.DirContextAdapter; import org.springframework.ldap.core.DistinguishedName; import org.springframework.ldap.core.LdapTemplate; import org.springframework.ldap.core.support.BaseLdapPathContextSource; -import org.springframework.security.Authentication; import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.ldap.DefaultLdapUsernameToDnMapper; import org.springframework.security.ldap.LdapAuthoritiesPopulator; @@ -28,6 +43,7 @@ import org.springframework.security.ldap.LdapUsernameToDnMapper; import org.springframework.security.ldap.LdapUtils; import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator; import org.springframework.security.ldap.search.FilterBasedLdapUserSearch; +import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.userdetails.UserDetails; import org.springframework.security.userdetails.UserDetailsManager; import org.springframework.security.userdetails.UserDetailsService; @@ -102,33 +118,31 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean ldapTemplate = new LdapTemplate(this.contextSource); } - public void create(ArgeoUser user) { + public synchronized void create(ArgeoUser user) { userDetailsManager.createUser(new ArgeoUserDetails(user)); } - public ArgeoUser getUser(String uname) { + public synchronized ArgeoUser getUser(String uname) { SimpleArgeoUser user = createSimpleArgeoUser(getDetails(uname)); user.setPassword(null); return user; } - public ArgeoUser getUserWithPassword(String uname) { + public synchronized ArgeoUser getUserWithPassword(String uname) { return createSimpleArgeoUser(getDetails(uname)); } - public ArgeoUser getCurrentUser() { - Authentication authentication = SecurityContextHolder.getContext() - .getAuthentication(); - ArgeoUser argeoUser = ArgeoUserDetails.asArgeoUser(authentication); - if (argeoUser == null) - return null; - if (argeoUser.getRoles().contains(defaultRole)) - argeoUser.getRoles().remove(defaultRole); - return argeoUser; - } +// public ArgeoUser getCurrentUser() { +// ArgeoUser argeoUser = ArgeoUserDetails.securityContextUser(); +// if (argeoUser == null) +// return null; +// if (argeoUser.getRoles().contains(defaultRole)) +// argeoUser.getRoles().remove(defaultRole); +// return argeoUser; +// } @SuppressWarnings("unchecked") - public List listUsers() { + public synchronized List listUsers() { List usernames = (List) ldapTemplate.listBindings( new DistinguishedName(userBase), new ContextMapper() { public Object mapFromContext(Object ctxArg) { @@ -157,15 +171,23 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean }); } - public void update(ArgeoUser user) { + public synchronized void update(ArgeoUser user) { + ArgeoUserDetails argeoUserDetails = new ArgeoUserDetails(user); userDetailsManager.updateUser(new ArgeoUserDetails(user)); + // refresh logged in user + if (ArgeoUserDetails.securityContextUser().getUsername() + .equals(argeoUserDetails.getUsername())) { + SecurityContextHolder.getContext().setAuthentication( + new UsernamePasswordAuthenticationToken(argeoUserDetails, + null, argeoUserDetails.getAuthorities())); + } } - public void delete(String username) { + public synchronized void delete(String username) { userDetailsManager.deleteUser(username); } - public Boolean userExists(String username) { + public synchronized Boolean userExists(String username) { return userDetailsManager.userExists(username); } @@ -175,8 +197,8 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean .executeReadWrite(new ContextExecutor() { public Object executeWithContext(DirContext ctx) throws NamingException { - return LdapUtils.getFullDn(usernameMapper - .buildDn(superuserName), ctx); + return LdapUtils.getFullDn( + usernameMapper.buildDn(superuserName), ctx); } }); @@ -186,8 +208,8 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean context.setAttributeValue("cn", group); // Add superuser because cannot create empty group - context.setAttributeValue(groupMemberAttributeName, superuserDn - .toString()); + context.setAttributeValue(groupMemberAttributeName, + superuserDn.toString()); ldapTemplate.bind(groupDn, context, null); }