X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.mvc%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fmvc%2FUsersRolesController.java;h=f2da2be6ae4c3c6cbbca749856a3dc8e75165dbe;hb=136dab5338b5f731b285d17c804861bd5e5a9b5c;hp=923a1864d14e9343f6dd7fa8bc385d0dfbed8f2e;hpb=2f5648fe0951f67461a319864b980777ddf24149;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java index 923a1864d..f2da2be6a 100644 --- a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java +++ b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java @@ -1,13 +1,30 @@ +/* + * Copyright (C) 2010 Mathieu Baudier + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.argeo.security.mvc; import java.io.Reader; -import java.util.List; +import java.util.Set; import org.argeo.security.ArgeoSecurityService; import org.argeo.security.ArgeoUser; +import org.argeo.security.SimpleArgeoUser; import org.argeo.server.BooleanAnswer; +import org.argeo.server.Deserializer; import org.argeo.server.ServerAnswer; -import org.argeo.server.ServerDeserializer; import org.argeo.server.mvc.MvcConstants; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.ModelAttribute; @@ -16,104 +33,101 @@ import org.springframework.web.bind.annotation.RequestParam; @Controller public class UsersRolesController implements MvcConstants { -// private final static Log log = LogFactory -// .getLog(UsersRolesController.class); + // private final static Log log = LogFactory + // .getLog(UsersRolesController.class); + + // private String digestType = "SHA"; private ArgeoSecurityService securityService; - private ServerDeserializer userDeserializer = null; + private Deserializer userDeserializer = null; /* USER */ - @RequestMapping("/getCredentials.security") - @ModelAttribute(ANSWER_MODEL_KEY) + @RequestMapping("/getCredentials.*") + @ModelAttribute("user") public ArgeoUser getCredentials() { - return securityService.getSecurityDao().getCurrentUser(); + ArgeoUser argeoUser = securityService.getCurrentUser(); + if (argeoUser == null) + return new SimpleArgeoUser(); + else + return argeoUser; } - @RequestMapping("/getUsersList.security") - @ModelAttribute(ANSWER_MODEL_KEY) - public List getUsersList() { - return securityService.getSecurityDao().listUsers(); + @RequestMapping("/getUsersList.*") + @ModelAttribute("users") + public Set getUsersList() { + return securityService.listUsers(); } - @RequestMapping("/userExists.security") - @ModelAttribute(ANSWER_MODEL_KEY) + @RequestMapping("/userExists.*") public BooleanAnswer userExists(@RequestParam("username") String username) { - return new BooleanAnswer(securityService.getSecurityDao().userExists( - username)); + return new BooleanAnswer(securityService.userExists(username)); } - @RequestMapping("/createUser.security") - @ModelAttribute(ANSWER_MODEL_KEY) + @RequestMapping("/createUser.*") + @ModelAttribute("user") public ArgeoUser createUser(Reader reader) { - ArgeoUser user = (ArgeoUser) userDeserializer.deserialize(reader); - //cleanUserBeforeCreate(user); + ArgeoUser user = userDeserializer.deserialize(reader, + SimpleArgeoUser.class); + // cleanUserBeforeCreate(user); securityService.newUser(user); - return securityService.getSecurityDao().getUser(user.getUsername()); + return securityService.getUser(user.getUsername()); } - @RequestMapping("/updateUser.security") - @ModelAttribute(ANSWER_MODEL_KEY) + @RequestMapping("/updateUser.*") + @ModelAttribute("user") public ArgeoUser updateUser(Reader reader) { - ArgeoUser user = (ArgeoUser) userDeserializer.deserialize(reader); + ArgeoUser user = userDeserializer.deserialize(reader, + SimpleArgeoUser.class); securityService.updateUser(user); - return securityService.getSecurityDao().getUser(user.getUsername()); + return securityService.getUser(user.getUsername()); } -/* - @RequestMapping("/createUser2.security") - @ModelAttribute(ANSWER_MODEL_KEY) - public ArgeoUser createUser(@RequestParam("body") String body) { - if (log.isDebugEnabled()) - log.debug("body:\n" + body); - StringReader reader = new StringReader(body); - ArgeoUser user = null; - try { - user = (ArgeoUser) userDeserializer.deserialize(reader); - } finally { - IOUtils.closeQuietly(reader); - } - cleanUserBeforeCreate(user); - securityService.newUser(user); - return securityService.getSecurityDao().getUser(user.getUsername()); - }*/ - @RequestMapping("/deleteUser.security") - @ModelAttribute(ANSWER_MODEL_KEY) + @RequestMapping("/updateUserSelf.*") + @ModelAttribute("user") + /** Will only update the user natures.*/ + public ArgeoUser updateUserSelf(Reader reader) { + ArgeoUser user = securityService.getCurrentUser(); + ArgeoUser userForNatures = userDeserializer.deserialize(reader, + SimpleArgeoUser.class); + user.updateUserNatures(userForNatures.getUserNatures()); + securityService.updateUser(user); + return securityService.getUser(user.getUsername()); + } + + @RequestMapping("/deleteUser.*") public ServerAnswer deleteUser(@RequestParam("username") String username) { - securityService.getSecurityDao().delete(username); + securityService.deleteUser(username); return ServerAnswer.ok("User " + username + " deleted"); } - @RequestMapping("/getUserDetails.security") - @ModelAttribute(ANSWER_MODEL_KEY) + @RequestMapping("/getUserDetails.*") + @ModelAttribute("user") public ArgeoUser getUserDetails(@RequestParam("username") String username) { - return securityService.getSecurityDao().getUser(username); + return securityService.getUser(username); } /* ROLE */ - @RequestMapping("/getRolesList.security") - @ModelAttribute(ANSWER_MODEL_KEY) - public List getEditableRolesList() { - return securityService.getSecurityDao().listEditableRoles(); + @RequestMapping("/getRolesList.*") + @ModelAttribute("roles") + public Set getEditableRolesList() { + return securityService.listEditableRoles(); } - @RequestMapping("/createRole.security") - @ModelAttribute(ANSWER_MODEL_KEY) + @RequestMapping("/createRole.*") public ServerAnswer createRole(@RequestParam("role") String role) { securityService.newRole(role); return ServerAnswer.ok("Role " + role + " created"); } - @RequestMapping("/deleteRole.security") - @ModelAttribute(ANSWER_MODEL_KEY) + @RequestMapping("/deleteRole.*") public ServerAnswer deleteRole(@RequestParam("role") String role) { - securityService.getSecurityDao().deleteRole(role); + securityService.deleteRole(role); return ServerAnswer.ok("Role " + role + " deleted"); } - @RequestMapping("/updateUserPassword.security") - @ModelAttribute(ANSWER_MODEL_KEY) + @RequestMapping("/updateUserPassword.*") public ServerAnswer updateUserPassword( @RequestParam("username") String username, @RequestParam("password") String password) { @@ -121,20 +135,35 @@ public class UsersRolesController implements MvcConstants { return ServerAnswer.ok("Password updated for user " + username); } - @RequestMapping("/updatePassword.security") - @ModelAttribute(ANSWER_MODEL_KEY) + @RequestMapping("/updatePassword.*") public ServerAnswer updatePassword( - @RequestParam("password") String password, - @RequestParam("oldPassword") String oldPassword) { - securityService.getSecurityDao().updatePassword(oldPassword, password); + @RequestParam("oldPassword") String oldPassword, + @RequestParam("password") String password) { + securityService.updateCurrentUserPassword(oldPassword, password); return ServerAnswer.ok("Password updated"); } -// protected void cleanUserBeforeCreate(ArgeoUser user) { -// user.getUserNatures().clear(); -// } - - public void setUserDeserializer(ServerDeserializer userDeserializer) { + // protected String digestIfNecessary(String str) { + // + // if (!str.startsWith("{" + digestType + "}")) + // return digest(str); + // else + // return str; + // } + + // protected String digest(String nonEncrypted) { + // try { + // MessageDigest md = MessageDigest.getInstance(digestType); + // byte[] dig = md.digest(nonEncrypted.getBytes()); + // return "{" + digestType + "}" + // + new String(Base64.encodeBase64(dig)); + // } catch (NoSuchAlgorithmException e) { + // throw new RuntimeException( + // "Unexpected exception while digesting password"); + // } + // } + + public void setUserDeserializer(Deserializer userDeserializer) { this.userDeserializer = userDeserializer; }