X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fldap%2FArgeoSecurityDaoLdap.java;h=3d6d8ff9949dd9c22664abb6788ae508e5a55a73;hb=5fdef8bfcf058d698a9be5bcc1ae8cdcbe4ce0f0;hp=c9ba367c6ec58d450d5328bf719d81bf20cc9b88;hpb=9f2aa390f921ccb05e0b6fbf1f2f25f0902d9705;p=lgpl%2Fargeo-commons.git

diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
index c9ba367c6..3d6d8ff99 100644
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
@@ -1,3 +1,19 @@
+/*
+ * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package org.argeo.security.ldap;
 
 import static org.argeo.security.core.ArgeoUserDetails.createSimpleArgeoUser;
@@ -16,20 +32,23 @@ import org.argeo.security.core.ArgeoUserDetails;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.ldap.core.ContextExecutor;
 import org.springframework.ldap.core.ContextMapper;
-import org.springframework.ldap.core.ContextSource;
 import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.ldap.core.DistinguishedName;
 import org.springframework.ldap.core.LdapTemplate;
-import org.springframework.security.Authentication;
+import org.springframework.ldap.core.support.BaseLdapPathContextSource;
 import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.security.ldap.DefaultLdapUsernameToDnMapper;
 import org.springframework.security.ldap.LdapAuthoritiesPopulator;
 import org.springframework.security.ldap.LdapUsernameToDnMapper;
 import org.springframework.security.ldap.LdapUtils;
 import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator;
+import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.UserDetailsManager;
+import org.springframework.security.userdetails.UserDetailsService;
 import org.springframework.security.userdetails.ldap.LdapUserDetailsManager;
+import org.springframework.security.userdetails.ldap.LdapUserDetailsService;
 import org.springframework.security.userdetails.ldap.UserDetailsContextMapper;
 
 public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean {
@@ -46,11 +65,13 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
 	private String defaultRole = "ROLE_USER";
 	private String rolePrefix = "ROLE_";
 
+	private final BaseLdapPathContextSource contextSource;
 	private final LdapTemplate ldapTemplate;
 
 	private LdapUsernameToDnMapper usernameMapper = null;
 
 	private UserDetailsContextMapper userDetailsMapper;
+	private LdapUserDetailsService ldapUserDetailsService;
 	private List<UserNatureMapper> userNatureMappers;
 
 	public void afterPropertiesSet() throws Exception {
@@ -82,39 +103,46 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
 			userDetailsManager = ludm;
 		}
 
+		if (ldapUserDetailsService == null) {
+			FilterBasedLdapUserSearch ldapUserSearch = new FilterBasedLdapUserSearch(
+					userBase, "(" + usernameAttributeName + "={0})",
+					contextSource);
+			ldapUserDetailsService = new LdapUserDetailsService(ldapUserSearch,
+					authoritiesPopulator);
+			ldapUserDetailsService.setUserDetailsMapper(userDetailsMapper);
+		}
 	}
 
-	public ArgeoSecurityDaoLdap(ContextSource contextSource) {
-		ldapTemplate = new LdapTemplate(contextSource);
+	public ArgeoSecurityDaoLdap(BaseLdapPathContextSource contextSource) {
+		this.contextSource = contextSource;
+		ldapTemplate = new LdapTemplate(this.contextSource);
 	}
 
-	public void create(ArgeoUser user) {
+	public synchronized void create(ArgeoUser user) {
 		userDetailsManager.createUser(new ArgeoUserDetails(user));
 	}
 
-	public ArgeoUser getUser(String uname) {
+	public synchronized ArgeoUser getUser(String uname) {
 		SimpleArgeoUser user = createSimpleArgeoUser(getDetails(uname));
 		user.setPassword(null);
 		return user;
 	}
 
-	public ArgeoUser getUserWithPassword(String uname) {
+	public synchronized ArgeoUser getUserWithPassword(String uname) {
 		return createSimpleArgeoUser(getDetails(uname));
 	}
 
-	public ArgeoUser getCurrentUser() {
-		Authentication authentication = SecurityContextHolder.getContext()
-				.getAuthentication();
-		ArgeoUser argeoUser = ArgeoUserDetails.asArgeoUser(authentication);
-		if (argeoUser == null)
-			return null;
-		if (argeoUser.getRoles().contains(defaultRole))
-			argeoUser.getRoles().remove(defaultRole);
-		return argeoUser;
-	}
+//	public ArgeoUser getCurrentUser() {
+//		ArgeoUser argeoUser = ArgeoUserDetails.securityContextUser();
+//		if (argeoUser == null)
+//			return null;
+//		if (argeoUser.getRoles().contains(defaultRole))
+//			argeoUser.getRoles().remove(defaultRole);
+//		return argeoUser;
+//	}
 
 	@SuppressWarnings("unchecked")
-	public List<ArgeoUser> listUsers() {
+	public synchronized List<ArgeoUser> listUsers() {
 		List<String> usernames = (List<String>) ldapTemplate.listBindings(
 				new DistinguishedName(userBase), new ContextMapper() {
 					public Object mapFromContext(Object ctxArg) {
@@ -143,15 +171,23 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
 				});
 	}
 
-	public void update(ArgeoUser user) {
+	public synchronized void update(ArgeoUser user) {
+		ArgeoUserDetails argeoUserDetails = new ArgeoUserDetails(user);
 		userDetailsManager.updateUser(new ArgeoUserDetails(user));
+		// refresh logged in user
+		if (ArgeoUserDetails.securityContextUser().getUsername()
+				.equals(argeoUserDetails.getUsername())) {
+			SecurityContextHolder.getContext().setAuthentication(
+					new UsernamePasswordAuthenticationToken(argeoUserDetails,
+							null, argeoUserDetails.getAuthorities()));
+		}
 	}
 
-	public void delete(String username) {
+	public synchronized void delete(String username) {
 		userDetailsManager.deleteUser(username);
 	}
 
-	public Boolean userExists(String username) {
+	public synchronized Boolean userExists(String username) {
 		return userDetailsManager.userExists(username);
 	}
 
@@ -161,8 +197,8 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
 				.executeReadWrite(new ContextExecutor() {
 					public Object executeWithContext(DirContext ctx)
 							throws NamingException {
-						return LdapUtils.getFullDn(usernameMapper
-								.buildDn(superuserName), ctx);
+						return LdapUtils.getFullDn(
+								usernameMapper.buildDn(superuserName), ctx);
 					}
 				});
 
@@ -172,8 +208,8 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
 		context.setAttributeValue("cn", group);
 
 		// Add superuser because cannot create empty group
-		context.setAttributeValue(groupMemberAttributeName, superuserDn
-				.toString());
+		context.setAttributeValue(groupMemberAttributeName,
+				superuserDn.toString());
 
 		ldapTemplate.bind(groupDn, context, null);
 	}
@@ -272,4 +308,9 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
 	public void setGroupClasses(String[] groupClasses) {
 		this.groupClasses = groupClasses;
 	}
+
+	public UserDetailsService getUserDetailsService() {
+		return ldapUserDetailsService;
+	}
+
 }