X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.ldap%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fldap%2FArgeoLdapUserDetailsManager.java;h=5de5f7bb73174ba59c7fa924d41169e7811ffbc1;hb=f522286115b9f19befd40d62949630aa7f49f6a9;hp=040d650d7bba1c085aef3c379ffd1ba85fd601f1;hpb=fb4f7c451ea7d9025f7cf7fe032020f229df794a;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/ArgeoLdapUserDetailsManager.java b/security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/ArgeoLdapUserDetailsManager.java index 040d650d7..5de5f7bb7 100644 --- a/security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/ArgeoLdapUserDetailsManager.java +++ b/security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/ArgeoLdapUserDetailsManager.java @@ -10,10 +10,12 @@ import java.util.Random; import java.util.Set; import java.util.TreeSet; -import org.argeo.security.UserAdminDao; +import org.argeo.ArgeoException; import org.argeo.security.UserAdminService; import org.springframework.ldap.core.ContextSource; +import org.springframework.security.Authentication; import org.springframework.security.GrantedAuthority; +import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.providers.encoding.PasswordEncoder; import org.springframework.security.userdetails.UserDetails; import org.springframework.security.userdetails.ldap.LdapUserDetailsManager; @@ -22,7 +24,7 @@ import org.springframework.security.userdetails.ldap.LdapUserDetailsManager; public class ArgeoLdapUserDetailsManager extends LdapUserDetailsManager implements UserAdminService { private String superUsername = "root"; - private UserAdminDao userAdminDao; + private ArgeoUserAdminDaoLdap userAdminDao; private PasswordEncoder passwordEncoder; private final Random random; @@ -41,7 +43,22 @@ public class ArgeoLdapUserDetailsManager extends LdapUserDetailsManager @Override public void changePassword(String oldPassword, String newPassword) { - super.changePassword(oldPassword, encodePassword(newPassword)); + Authentication authentication = SecurityContextHolder.getContext() + .getAuthentication(); + if (authentication == null) + throw new ArgeoException( + "Cannot change password without authentication"); + String username = authentication.getName(); + UserDetails userDetails = loadUserByUsername(username); + String currentPassword = userDetails.getPassword(); + if (currentPassword == null) + throw new ArgeoException("Cannot access current password"); + if (!passwordEncoder + .isPasswordValid(currentPassword, oldPassword, null)) + throw new ArgeoException("Old password invalid"); + // Spring Security LDAP 2.0 is buggy when used with OpenLDAP and called + // with oldPassword argument + super.changePassword(null, encodePassword(newPassword)); } public void newRole(String role) { @@ -58,6 +75,10 @@ public class ArgeoLdapUserDetailsManager extends LdapUserDetailsManager userAdminDao.deleteRole(role); } + public Set listUsers() { + return userAdminDao.listUsers(); + } + public Set listUsersInRole(String role) { Set lst = new TreeSet( userAdminDao.listUsersInRole(role)); @@ -102,7 +123,7 @@ public class ArgeoLdapUserDetailsManager extends LdapUserDetailsManager this.superUsername = superUsername; } - public void setUserAdminDao(UserAdminDao userAdminDao) { + public void setUserAdminDao(ArgeoUserAdminDaoLdap userAdminDao) { this.userAdminDao = userAdminDao; }