<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
- <name>org.argeo.commons.security.demo</name>
+ <name>org.argeo.security.demo</name>
<comment></comment>
<projects>
</projects>
objectClass: top
cn: admin
uniquemember: uid=gandalf,ou=users,dc=demo,dc=argeo,dc=org
-
-dn: cn=user,ou=groups,dc=demo,dc=argeo,dc=org
-objectClass: groupOfUniqueNames
-objectClass: top
-cn: user
-uniquemember: uid=gandalf,ou=users,dc=demo,dc=argeo,dc=org
-uniquemember: uid=demo,ou=users,dc=demo,dc=argeo,dc=org
-uniquemember: uid=frodo,ou=users,dc=demo,dc=argeo,dc=org
-
#log4j.logger.org.springframework.jms=WARN
log4j.logger.org.springframework.security=WARN
-log4j.org.apache.directory=ERROR
+log4j.logger.org.apache.directory.server=INFO
+log4j.logger.org.apache.directory.server.core.partition=ERROR
+log4j.logger.org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry=ERROR
-log4j.logger.org.apache.catalina=INFO
+log4j.logger.org.apache.catalina.core.ContainerBase=INFO
log4j.logger.org.apache.coyote=INFO
-log4j.logger.org.apache.tomcat=INFO
## Appenders
# console is set to be a ConsoleAppender.
Bundle-SymbolicName: org.argeo.security.manager.ldap
Bundle-Version: 0.1.1.SNAPSHOT
-Import-Package: org.argeo.security.dao,
+Import-Package: org.argeo.security,
org.argeo.security.ldap,
org.springframework.ldap.core.support,
org.springframework.security,
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
- <bean id="userDao" class="org.argeo.security.ldap.UserDaoLdap">
+ <bean id="securityDao" class="org.argeo.security.ldap.SecurityDaoLdap">
<constructor-arg ref="contextSource" />
<property name="userDetailsManager" ref="userDetailsManager" />
- </bean>
-
- <bean id="roleDao" class="org.argeo.security.ldap.RoleDaoLdap">
- <constructor-arg ref="contextSource" />
<property name="authoritiesPopulator" ref="authoritiesPopulator" />
</bean>
-
</beans>
</property>
</bean>
- <!--
- <security:ldap-server
- url="ldap://localhost:10389/dc=demo,dc=argeo,dc=org"
- manager-dn="uid=admin,ou=system" manager-password="secret" />
-
- <security:ldap-authentication-provider
- user-details-class="inetOrgPerson" user-dn-pattern="uid={0},ou=users"
- group-search-base="ou=groups"> <security:password-compare hash="{sha}"
- /> </security:ldap-authentication-provider>
- -->
-
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://localhost:10389/dc=demo,dc=argeo,dc=org" />
<bean id="authoritiesPopulator" class="org.argeo.security.ldap.ArgeoLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource" />
<constructor-arg value="ou=groups" />
- <!-- <property name="defaultRole" value="ROLE_USER" /> -->
+ <property name="defaultRole" value="ROLE_USER" />
<property name="groupSearchFilter" value="uniqueMember={0}" />
</bean>
</bean>
<bean id="userDetailsMapper" class="org.argeo.security.ldap.ArgeoUserDetailsContextMapper">
- <property name="userNatureMappers">
- <list>
- <bean class="org.argeo.security.ldap.SimpleUserNatureMapper" />
- <bean class="org.argeo.security.ldap.CoworkerUserNatureMapper" />
- </list>
- </property>
+ <property name="userNatureMappers" ref="userNatureMappers" />
</bean>
</beans>
<service ref="_authenticationManager"\r
interface="org.springframework.security.AuthenticationManager" />\r
\r
- <service ref="userDao" interface="org.argeo.security.dao.UserDao" />\r
- <service ref="roleDao" interface="org.argeo.security.dao.RoleDao" />\r
+ <service ref="securityDao" interface="org.argeo.security.ArgeoSecurityDao" />\r
+\r
+ <list id="userNatureMappers" interface="org.argeo.security.ldap.UserNatureMapper"\r
+ cardinality="0..N" />\r
</beans:beans>
\ No newline at end of file
javax.servlet.http,
javax.servlet.resources,
org.argeo.security,
- org.argeo.security.dao,
org.argeo.security.mvc,
org.argeo.server.json,
org.argeo.server.mvc,
<reference id="_authenticationManager"\r
interface="org.springframework.security.AuthenticationManager" />\r
\r
- <reference id="userDao" interface="org.argeo.security.dao.UserDao" />\r
- <reference id="roleDao" interface="org.argeo.security.dao.RoleDao" />\r
+ <reference id="securityService" interface="org.argeo.security.ArgeoSecurityService" />\r
\r
<list id="objectFactories" interface="org.argeo.server.json.JsonObjectFactory"\r
cardinality="0..N" />\r
<context:component-scan base-package="org.argeo.security.mvc" />
<bean id="controller" class="org.argeo.security.mvc.UsersRolesController">
- <property name="userDao" ref="userDao" />
- <property name="roleDao" ref="roleDao" />
- <property name="userDeserializer">
- <bean class="org.argeo.server.json.JsonServerMapper">
- <property name="targetClass" value="org.argeo.security.BasicArgeoUser" />
- <property name="deserializers">
- <map>
- <entry key="org.argeo.security.UserNature">
- <bean class="org.argeo.server.json.GenericJsonDeserializer">
- <property name="objectFactories" ref="objectFactories" />
- </bean>
- </entry>
- </map>
- </property>
- </bean>
+ <property name="securityService" ref="securityService" />
+ <property name="userDeserializer" ref="userDeserializer">
</property>
</bean>
+ <bean id="userDeserializer" class="org.argeo.server.json.JsonServerMapper">
+ <property name="targetClass" value="org.argeo.security.BasicArgeoUser" />
+ <property name="deserializers">
+ <map>
+ <entry key="org.argeo.security.UserNature">
+ <bean class="org.argeo.server.json.GenericJsonDeserializer">
+ <property name="objectFactories" ref="objectFactories" />
+ </bean>
+ </entry>
+ </map>
+ </property>
+ </bean>
+
+
<bean id="viewResolver" class="org.argeo.server.mvc.SerializingViewResolver">
<property name="serializer" ref="serverMapper" />
</bean>
--- /dev/null
+package org.argeo.security;
+
+/** Callback related to the lifecycle of a user. */
+public interface ArgeoSecurity {
+ /**
+ * Called before a user is actually created. Default user natures and roles
+ * should be added there.
+ */
+ public void beforeCreate(ArgeoUser user);
+
+ public String getSuperUsername();
+}
--- /dev/null
+package org.argeo.security;
+
+import java.util.List;
+
+public interface ArgeoSecurityDao {
+ public List<ArgeoUser> listUsers();
+
+ public List<String> listEditableRoles();
+
+ public void create(ArgeoUser user);
+
+ public void update(ArgeoUser user);
+
+ public void delete(String username);
+
+ public void deleteRole(String role);
+
+ public void updatePassword(String oldPassword, String newPassword);
+
+ public Boolean userExists(String username);
+
+ public ArgeoUser getUser(String username);
+}
--- /dev/null
+package org.argeo.security;
+
+
+public interface ArgeoSecurityService {
+ public void newUser(ArgeoUser argeoUser);
+ public void newRole(String role);
+ public ArgeoSecurityDao getSecurityDao();
+}
--- /dev/null
+package org.argeo.security.core;
+
+import org.argeo.security.ArgeoUser;
+import org.argeo.security.ArgeoSecurity;
+import org.argeo.security.nature.SimpleUserNature;
+
+public class DefaultArgeoSecurity implements ArgeoSecurity {
+ private String superUsername = "root";
+
+ public void beforeCreate(ArgeoUser user) {
+ SimpleUserNature simpleUserNature = new SimpleUserNature();
+ simpleUserNature.setLastName("");// to prevent issue with sn in LDAP
+ user.getUserNatures().add(simpleUserNature);
+ }
+
+ public String getSuperUsername() {
+ return superUsername;
+ }
+
+ public void setSuperUsername(String superUsername) {
+ this.superUsername = superUsername;
+ }
+
+}
--- /dev/null
+package org.argeo.security.core;
+
+import org.argeo.security.ArgeoSecurity;
+import org.argeo.security.ArgeoSecurityDao;
+import org.argeo.security.ArgeoSecurityService;
+import org.argeo.security.ArgeoUser;
+
+public class DefaultSecurityService implements ArgeoSecurityService {
+ private ArgeoSecurity argeoSecurity = new DefaultArgeoSecurity();
+ private ArgeoSecurityDao securityDao;
+
+ public ArgeoSecurityDao getSecurityDao() {
+ return securityDao;
+ }
+
+ public void newRole(String role) {
+ ArgeoUser superUser = securityDao.getUser(argeoSecurity.getSuperUsername());
+ superUser.getRoles().add(role);
+ securityDao.update(superUser);
+ }
+
+ public void newUser(ArgeoUser user) {
+ argeoSecurity.beforeCreate(user);
+ securityDao.create(user);
+ }
+
+ public void setArgeoSecurity(ArgeoSecurity argeoSecurity) {
+ this.argeoSecurity = argeoSecurity;
+ }
+
+ public void setSecurityDao(ArgeoSecurityDao dao) {
+ this.securityDao = dao;
+ }
+
+}
+++ /dev/null
-package org.argeo.security.dao;
-
-import java.util.List;
-
-public interface RoleDao {
- public List<String> listEditableRoles();
-
- public void create(String role);
-
- public void delete(String role);
-
-
-}
+++ /dev/null
-package org.argeo.security.dao;
-
-import java.util.List;
-
-import org.argeo.security.ArgeoUser;
-
-public interface UserDao {
- public List<ArgeoUser> listUsers();
-
- public void create(ArgeoUser user);
-
- public void update(ArgeoUser user);
-
- public void delete(String username);
-
- public void updatePassword(String oldPassword, String newPassword);
-
- public Boolean userExists(String username);
-
- public ArgeoUser getUser(String username);
-
- public void addRoles(String username, List<String> roles);
-
- public void removeRoles(String username, List<String> roles);
-
-}
List<UserNature> userInfos = new ArrayList<UserNature>();
for (UserNatureMapper userInfoMapper : userNatureMappers) {
UserNature userNature = userInfoMapper.mapUserInfoFromContext(ctx);
- if (log.isDebugEnabled())
+ if (log.isTraceEnabled())
log.debug("Add user nature " + userNature);
userInfos.add(userNature);
}
for (UserNatureMapper userInfoMapper : userNatureMappers) {
if (userInfoMapper.supports(userInfo)) {
userInfoMapper.mapUserInfoToContext(userInfo, ctx);
- break;// use the first mapper found an no others
+ break;// use the first mapper found and no others
}
}
}
+++ /dev/null
-package org.argeo.security.ldap;
-
-import org.argeo.security.UserNature;
-import org.argeo.security.nature.CoworkerNature;
-import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DirContextOperations;
-
-public class CoworkerUserNatureMapper implements UserNatureMapper {
-
- public UserNature mapUserInfoFromContext(DirContextOperations ctx) {
- CoworkerNature basicUserInfo = new CoworkerNature();
- basicUserInfo.setDescription(ctx.getStringAttribute("description"));
- basicUserInfo.setMobile(ctx.getStringAttribute("mobile"));
- basicUserInfo.setTelephoneNumber(ctx
- .getStringAttribute("telephoneNumber"));
- basicUserInfo.setUuid(ctx.getStringAttribute("employeeNumber"));
- return basicUserInfo;
- }
-
- public void mapUserInfoToContext(UserNature userInfoArg,
- DirContextAdapter ctx) {
- CoworkerNature userInfo = (CoworkerNature) userInfoArg;
- ctx.setAttributeValue("employeeNumber", userInfo.getUuid());
- if (userInfo.getDescription() != null) {
- ctx.setAttributeValue("description", userInfo.getDescription());
- }
- if (userInfo.getMobile() == null || !userInfo.getMobile().equals("")) {
- ctx.setAttributeValue("mobile", userInfo.getMobile());
- }
- if (userInfo.getTelephoneNumber() == null
- || !userInfo.getTelephoneNumber().equals("")) {
- ctx.setAttributeValue("telephoneNumber", userInfo
- .getTelephoneNumber());
- }
- }
-
- public Boolean supports(UserNature userInfo) {
- return userInfo instanceof CoworkerNature;
- }
-
-}
+++ /dev/null
-package org.argeo.security.ldap;
-
-import java.util.List;
-
-import javax.naming.Name;
-
-import org.argeo.security.dao.RoleDao;
-import org.springframework.ldap.core.ContextMapper;
-import org.springframework.ldap.core.ContextSource;
-import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DistinguishedName;
-import org.springframework.ldap.core.LdapTemplate;
-
-public class RoleDaoLdap implements RoleDao {
-
- private ArgeoLdapAuthoritiesPopulator authoritiesPopulator;
- private final LdapTemplate ldapTemplate;
-
- public RoleDaoLdap(ContextSource contextSource) {
- ldapTemplate = new LdapTemplate(contextSource);
- }
-
- public void create(String role) {
- Name dn = buildDn(role);
- DirContextAdapter context = new DirContextAdapter();
- context.setAttributeValues("objectClass", new String[] { "top",
- "groupOfUniqueNames" });
- context.setAttributeValue("cn", role);
- ldapTemplate.bind(dn, context, null);
- }
-
- @SuppressWarnings("unchecked")
- public List<String> listEditableRoles() {
- return (List<String>) ldapTemplate.listBindings(authoritiesPopulator
- .getGroupSearchBase(), new ContextMapper() {
- public Object mapFromContext(Object ctxArg) {
- String groupName = ((DirContextAdapter) ctxArg)
- .getStringAttribute(authoritiesPopulator
- .getGroupRoleAttribute());
- String roleName = authoritiesPopulator
- .convertGroupToRole(groupName);
- return roleName;
- }
- });
- }
-
- public void delete(String role) {
- // TODO Auto-generated method stub
-
- }
-
- public void setAuthoritiesPopulator(
- ArgeoLdapAuthoritiesPopulator ldapAuthoritiesPopulator) {
- this.authoritiesPopulator = ldapAuthoritiesPopulator;
- }
-
- protected Name buildDn(String name) {
- return new DistinguishedName("cn=" + name + ","
- + authoritiesPopulator.getGroupSearchBase());
- }
-
-}
--- /dev/null
+package org.argeo.security.ldap;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.naming.Name;
+
+import org.argeo.security.ArgeoSecurityDao;
+import org.argeo.security.ArgeoUser;
+import org.argeo.security.core.ArgeoUserDetails;
+import org.springframework.ldap.core.ContextMapper;
+import org.springframework.ldap.core.ContextSource;
+import org.springframework.ldap.core.DirContextAdapter;
+import org.springframework.ldap.core.DistinguishedName;
+import org.springframework.ldap.core.LdapTemplate;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.UserDetailsManager;
+
+public class SecurityDaoLdap implements ArgeoSecurityDao {
+ // private final static Log log = LogFactory.getLog(UserDaoLdap.class);
+
+ private UserDetailsManager userDetailsManager;
+ private ArgeoLdapAuthoritiesPopulator authoritiesPopulator;
+ private String userBase = "ou=users";
+ private String usernameAttribute = "uid";
+
+ private final LdapTemplate ldapTemplate;
+
+ public SecurityDaoLdap(ContextSource contextSource) {
+ ldapTemplate = new LdapTemplate(contextSource);
+ }
+
+ public void create(ArgeoUser user) {
+ userDetailsManager.createUser(new ArgeoUserDetails(user));
+ }
+
+ public ArgeoUser getUser(String uname) {
+ return (ArgeoUser) userDetailsManager.loadUserByUsername(uname);
+ }
+
+ @SuppressWarnings("unchecked")
+ public List<ArgeoUser> listUsers() {
+ List<String> usernames = (List<String>) ldapTemplate.listBindings(
+ new DistinguishedName(userBase), new ContextMapper() {
+ public Object mapFromContext(Object ctxArg) {
+ DirContextAdapter ctx = (DirContextAdapter) ctxArg;
+ return ctx.getStringAttribute(usernameAttribute);
+ }
+ });
+
+ List<ArgeoUser> lst = new ArrayList<ArgeoUser>();
+ for (String username : usernames) {
+ UserDetails userDetails = userDetailsManager
+ .loadUserByUsername(username);
+ lst.add((ArgeoUser) userDetails);
+ }
+ return lst;
+ }
+
+ @SuppressWarnings("unchecked")
+ public List<String> listEditableRoles() {
+ return (List<String>) ldapTemplate.listBindings(authoritiesPopulator
+ .getGroupSearchBase(), new ContextMapper() {
+ public Object mapFromContext(Object ctxArg) {
+ String groupName = ((DirContextAdapter) ctxArg)
+ .getStringAttribute(authoritiesPopulator
+ .getGroupRoleAttribute());
+ String roleName = authoritiesPopulator
+ .convertGroupToRole(groupName);
+ return roleName;
+ }
+ });
+ }
+
+ public void update(ArgeoUser user) {
+ userDetailsManager.updateUser(new ArgeoUserDetails(user));
+ }
+
+ public void delete(String username) {
+ userDetailsManager.deleteUser(username);
+ }
+
+ public void updatePassword(String oldPassword, String newPassword) {
+ userDetailsManager.changePassword(oldPassword, newPassword);
+ }
+
+ public Boolean userExists(String username) {
+ return userDetailsManager.userExists(username);
+ }
+
+ public void deleteRole(String role) {
+ if(true)
+ throw new UnsupportedOperationException();
+
+ Name dn = buildRoleDn(role);
+ DirContextAdapter context = new DirContextAdapter();
+ context.setAttributeValues("objectClass", new String[] { "top",
+ "groupOfUniqueNames" });
+ context.setAttributeValue("cn", role);
+ ldapTemplate.bind(dn, context, null);
+ }
+
+ protected Name buildRoleDn(String name) {
+ return new DistinguishedName("cn=" + name + ","
+ + authoritiesPopulator.getGroupSearchBase());
+ }
+
+
+ public void setUserDetailsManager(UserDetailsManager userDetailsManager) {
+ this.userDetailsManager = userDetailsManager;
+ }
+
+ public void setUserBase(String userBase) {
+ this.userBase = userBase;
+ }
+
+ public void setUsernameAttribute(String usernameAttribute) {
+ this.usernameAttribute = usernameAttribute;
+ }
+
+ public void setAuthoritiesPopulator(
+ ArgeoLdapAuthoritiesPopulator authoritiesPopulator) {
+ this.authoritiesPopulator = authoritiesPopulator;
+ }
+}
+++ /dev/null
-package org.argeo.security.ldap;
-
-import org.argeo.security.UserNature;
-import org.argeo.security.nature.SimpleUserNature;
-import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DirContextOperations;
-
-public class SimpleUserNatureMapper implements UserNatureMapper {
-
- public UserNature mapUserInfoFromContext(DirContextOperations ctx) {
- SimpleUserNature basicUserInfo = new SimpleUserNature();
- basicUserInfo.setLastName(ctx.getStringAttribute("sn"));
- basicUserInfo.setFirstName(ctx.getStringAttribute("givenName"));
- basicUserInfo.setEmail(ctx.getStringAttribute("mail"));
- basicUserInfo.setUuid(ctx.getStringAttribute("seeAlso"));
- return basicUserInfo;
- }
-
- public void mapUserInfoToContext(UserNature userInfoArg,
- DirContextAdapter ctx) {
- SimpleUserNature userInfo = (SimpleUserNature) userInfoArg;
- ctx.setAttributeValue("cn", userInfo.getFirstName() + " "
- + userInfo.getLastName());
- ctx.setAttributeValue("sn", userInfo.getLastName());
- ctx.setAttributeValue("givenName", userInfo.getFirstName());
- ctx.setAttributeValue("mail", userInfo.getEmail());
- // TODO: find a cleaner way?
- ctx.setAttributeValue("seeAlso", userInfo.getUuid());
- }
-
- public Boolean supports(UserNature userInfo) {
- return userInfo instanceof SimpleUserNature;
- }
-
-}
+++ /dev/null
-package org.argeo.security.ldap;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.argeo.security.ArgeoUser;
-import org.argeo.security.core.ArgeoUserDetails;
-import org.argeo.security.dao.UserDao;
-import org.springframework.ldap.core.ContextMapper;
-import org.springframework.ldap.core.ContextSource;
-import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DistinguishedName;
-import org.springframework.ldap.core.LdapTemplate;
-import org.springframework.security.GrantedAuthority;
-import org.springframework.security.GrantedAuthorityImpl;
-import org.springframework.security.userdetails.UserDetails;
-import org.springframework.security.userdetails.UserDetailsManager;
-
-public class UserDaoLdap implements UserDao {
- // private final static Log log = LogFactory.getLog(UserDaoLdap.class);
-
- private UserDetailsManager userDetailsManager;
- private String userBase = "ou=users";
- private String usernameAttribute = "uid";
-
- private final LdapTemplate ldapTemplate;
-
- public UserDaoLdap(ContextSource contextSource) {
- ldapTemplate = new LdapTemplate(contextSource);
- }
-
- public void create(ArgeoUser user) {
- userDetailsManager.createUser(new ArgeoUserDetails(user));
- }
-
- public ArgeoUser getUser(String uname) {
- return (ArgeoUser) userDetailsManager.loadUserByUsername(uname);
- }
-
- @SuppressWarnings("unchecked")
- public List<ArgeoUser> listUsers() {
- List<String> usernames = (List<String>) ldapTemplate.listBindings(
- new DistinguishedName(userBase), new ContextMapper() {
- public Object mapFromContext(Object ctxArg) {
- DirContextAdapter ctx = (DirContextAdapter) ctxArg;
- return ctx.getStringAttribute(usernameAttribute);
- }
- });
-
- List<ArgeoUser> lst = new ArrayList<ArgeoUser>();
- for (String username : usernames) {
- UserDetails userDetails = userDetailsManager
- .loadUserByUsername(username);
- lst.add((ArgeoUser) userDetails);
- }
- return lst;
- }
-
- public void update(ArgeoUser user) {
- userDetailsManager.updateUser(new ArgeoUserDetails(user));
- }
-
- public void delete(String username) {
- userDetailsManager.deleteUser(username);
- }
-
- public void updatePassword(String oldPassword, String newPassword) {
- userDetailsManager.changePassword(oldPassword, newPassword);
- }
-
- public Boolean userExists(String username) {
- return userDetailsManager.userExists(username);
- }
-
- public void addRoles(String username, List<String> roles) {
- GrantedAuthority[] auths = new GrantedAuthority[roles.size()];
- for (int i = 0; i < roles.size(); i++)
- auths[i] = new GrantedAuthorityImpl(roles.get(i));
- ArgeoUserDetails user = (ArgeoUserDetails) userDetailsManager
- .loadUserByUsername(username);
- throw new UnsupportedOperationException();
- //userDetailsManager.
- }
-
- public void removeRoles(String username, List<String> roles) {
- throw new UnsupportedOperationException();
- }
-
- public void setUserDetailsManager(UserDetailsManager userDetailsManager) {
- this.userDetailsManager = userDetailsManager;
- }
-
- public void setUserBase(String userBase) {
- this.userBase = userBase;
- }
-
- public void setUsernameAttribute(String usernameAttribute) {
- this.usernameAttribute = usernameAttribute;
- }
-}
--- /dev/null
+package org.argeo.security.ldap.nature;
+
+import org.argeo.security.UserNature;
+import org.argeo.security.ldap.UserNatureMapper;
+import org.argeo.security.nature.CoworkerNature;
+import org.springframework.ldap.core.DirContextAdapter;
+import org.springframework.ldap.core.DirContextOperations;
+
+public class CoworkerUserNatureMapper implements UserNatureMapper {
+
+ public UserNature mapUserInfoFromContext(DirContextOperations ctx) {
+ CoworkerNature basicUserInfo = new CoworkerNature();
+ basicUserInfo.setDescription(ctx.getStringAttribute("description"));
+ basicUserInfo.setMobile(ctx.getStringAttribute("mobile"));
+ basicUserInfo.setTelephoneNumber(ctx
+ .getStringAttribute("telephoneNumber"));
+ basicUserInfo.setUuid(ctx.getStringAttribute("employeeNumber"));
+ return basicUserInfo;
+ }
+
+ public void mapUserInfoToContext(UserNature userInfoArg,
+ DirContextAdapter ctx) {
+ CoworkerNature userInfo = (CoworkerNature) userInfoArg;
+ ctx.setAttributeValue("employeeNumber", userInfo.getUuid());
+ if (userInfo.getDescription() != null) {
+ ctx.setAttributeValue("description", userInfo.getDescription());
+ }
+ if (userInfo.getMobile() == null || !userInfo.getMobile().equals("")) {
+ ctx.setAttributeValue("mobile", userInfo.getMobile());
+ }
+ if (userInfo.getTelephoneNumber() == null
+ || !userInfo.getTelephoneNumber().equals("")) {
+ ctx.setAttributeValue("telephoneNumber", userInfo
+ .getTelephoneNumber());
+ }
+ }
+
+ public Boolean supports(UserNature userInfo) {
+ return userInfo instanceof CoworkerNature;
+ }
+
+}
--- /dev/null
+package org.argeo.security.ldap.nature;
+
+import org.argeo.security.UserNature;
+import org.argeo.security.ldap.UserNatureMapper;
+import org.argeo.security.nature.SimpleUserNature;
+import org.springframework.ldap.core.DirContextAdapter;
+import org.springframework.ldap.core.DirContextOperations;
+
+public class SimpleUserNatureMapper implements UserNatureMapper {
+
+ public UserNature mapUserInfoFromContext(DirContextOperations ctx) {
+ SimpleUserNature basicUserInfo = new SimpleUserNature();
+ basicUserInfo.setLastName(ctx.getStringAttribute("sn"));
+ basicUserInfo.setFirstName(ctx.getStringAttribute("givenName"));
+ basicUserInfo.setEmail(ctx.getStringAttribute("mail"));
+ basicUserInfo.setUuid(ctx.getStringAttribute("seeAlso"));
+ return basicUserInfo;
+ }
+
+ public void mapUserInfoToContext(UserNature userInfoArg,
+ DirContextAdapter ctx) {
+ SimpleUserNature userInfo = (SimpleUserNature) userInfoArg;
+ ctx.setAttributeValue("cn", userInfo.getFirstName() + " "
+ + userInfo.getLastName());
+ ctx.setAttributeValue("sn", userInfo.getLastName());
+ ctx.setAttributeValue("givenName", userInfo.getFirstName());
+ ctx.setAttributeValue("mail", userInfo.getEmail());
+ // TODO: find a cleaner way?
+ ctx.setAttributeValue("seeAlso", userInfo.getUuid());
+ }
+
+ public Boolean supports(UserNature userInfo) {
+ return userInfo instanceof SimpleUserNature;
+ }
+
+}
import org.argeo.security.UserNature;
public class CoworkerNature extends UserNature {
+ private static final long serialVersionUID = 1L;
private String description;
private String mobile;
private String telephoneNumber;
import org.argeo.security.UserNature;
public class SimpleUserNature extends UserNature {
+ private static final long serialVersionUID = 1L;
private String email;
private String firstName;
private String lastName;
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">\r
\r
<service ref="jsonObjectFactory" interface="org.argeo.server.json.JsonObjectFactory" />\r
+ <service ref="securityService" interface="org.argeo.security.ArgeoSecurityService" />\r
+\r
+ <reference id="securityDao" interface="org.argeo.security.ArgeoSecurityDao" />\r
+\r
+ <service interface="org.argeo.security.ldap.UserNatureMapper">\r
+ <beans:bean class="org.argeo.security.ldap.nature.SimpleUserNatureMapper" />\r
+ </service>\r
+\r
+ <service interface="org.argeo.security.ldap.UserNatureMapper">\r
+ <beans:bean class="org.argeo.security.ldap.nature.CoworkerUserNatureMapper" />\r
+ </service>\r
\r
</beans:beans>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
+
+ <bean id="securityService" class="org.argeo.security.core.DefaultSecurityService">
+ <property name="securityDao" ref="securityDao" />
+ </bean>
+</beans>
\ No newline at end of file
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.argeo.security.ArgeoSecurityService;
import org.argeo.security.ArgeoUser;
import org.argeo.security.BasicArgeoUser;
import org.argeo.security.core.ArgeoUserDetails;
-import org.argeo.security.dao.RoleDao;
-import org.argeo.security.dao.UserDao;
import org.argeo.server.BooleanAnswer;
import org.argeo.server.DeserializingEditor;
import org.argeo.server.ServerAnswer;
private final static Log log = LogFactory
.getLog(UsersRolesController.class);
- private UserDao userDao;
- private RoleDao roleDao;
+ private ArgeoSecurityService securityService;
private ServerDeserializer userDeserializer = null;
@RequestMapping("/getUsersList.security")
@ModelAttribute(ANSWER_MODEL_KEY)
public List<ArgeoUser> getUsersList() {
- return userDao.listUsers();
+ return securityService.getSecurityDao().listUsers();
}
@RequestMapping("/userExists.security")
@ModelAttribute(ANSWER_MODEL_KEY)
public BooleanAnswer userExists(@RequestParam("username") String username) {
- return new BooleanAnswer(userDao.userExists(username));
+ return new BooleanAnswer(securityService.getSecurityDao().userExists(
+ username));
}
@RequestMapping("/createUser.security")
@ModelAttribute(ANSWER_MODEL_KEY)
public ArgeoUser createUser(Reader reader) {
ArgeoUser user = (ArgeoUser) userDeserializer.deserialize(reader);
- userDao.create(user);
- return userDao.getUser(user.getUsername());
+ cleanUserBeforeCreate(user);
+ securityService.newUser(user);
+ return securityService.getSecurityDao().getUser(user.getUsername());
}
@RequestMapping("/updateUser.security")
@ModelAttribute(ANSWER_MODEL_KEY)
public ArgeoUser updateUser(Reader reader) {
ArgeoUser user = (ArgeoUser) userDeserializer.deserialize(reader);
- userDao.update(user);
- return userDao.getUser(user.getUsername());
+ securityService.getSecurityDao().update(user);
+ return securityService.getSecurityDao().getUser(user.getUsername());
}
@RequestMapping("/createUser2.security")
} finally {
IOUtils.closeQuietly(reader);
}
- userDao.create(user);
- return userDao.getUser(user.getUsername());
+ cleanUserBeforeCreate(user);
+ securityService.newUser(user);
+ return securityService.getSecurityDao().getUser(user.getUsername());
}
@RequestMapping("/deleteUser.security")
@ModelAttribute(ANSWER_MODEL_KEY)
public ServerAnswer deleteUser(@RequestParam("username") String username) {
- userDao.delete(username);
+ securityService.getSecurityDao().delete(username);
return ServerAnswer.ok("User " + username + " deleted");
}
@RequestMapping("/getUserDetails.security")
@ModelAttribute(ANSWER_MODEL_KEY)
public ArgeoUser getUserDetails(@RequestParam("username") String username) {
- return userDao.getUser(username);
+ return securityService.getSecurityDao().getUser(username);
}
/* ROLE */
@RequestMapping("/getRolesList.security")
@ModelAttribute(ANSWER_MODEL_KEY)
public List<String> getEditableRolesList() {
- return roleDao.listEditableRoles();
+ return securityService.getSecurityDao().listEditableRoles();
}
@RequestMapping("/createRole.security")
@ModelAttribute(ANSWER_MODEL_KEY)
public ServerAnswer createRole(@RequestParam("role") String role) {
- roleDao.create(role);
+ securityService.newRole(role);
return ServerAnswer.ok("Role " + role + " created");
}
@RequestMapping("/deleteRole.security")
@ModelAttribute(ANSWER_MODEL_KEY)
public ServerAnswer deleteRole(@RequestParam("role") String role) {
- roleDao.delete(role);
+ securityService.getSecurityDao().deleteRole(role);
return ServerAnswer.ok("Role " + role + " created");
}
- public void setUserDao(UserDao userDao) {
- this.userDao = userDao;
- }
-
- public void setRoleDao(RoleDao roleDao) {
- this.roleDao = roleDao;
+ protected void cleanUserBeforeCreate(ArgeoUser user) {
+ user.getUserNatures().clear();
+ user.getRoles().clear();
}
public void setUserDeserializer(ServerDeserializer userDeserializer) {
this.userDeserializer = userDeserializer;
}
+ public void setSecurityService(ArgeoSecurityService securityService) {
+ this.securityService = securityService;
+ }
+
}
private List<JsonObjectFactory> objectFactories = new ArrayList<JsonObjectFactory>();
+ @SuppressWarnings("unchecked")
@Override
public T deserialize(JsonParser parser, DeserializationContext ctxt)
throws IOException, JsonProcessingException {
generator.writeTree(root);
String str = writer.toString();
- if (log.isDebugEnabled())
+ if (log.isTraceEnabled())
log.debug("Deserialize object of type=" + type + ", str=" + str);
JsonObjectFactory objectFactory = null;
throw new ArgeoServerException(
"Cannot find JSON object factory for type " + type);
- return (T) objectFactory.readValue(type, str);
+ return (T)objectFactory.readValue(type, str);
}
public void setTypeField(String typeField) {
private ClassLoader classLoader = getClass().getClassLoader();
private ObjectMapper objectMapper = new ObjectMapper();
- private Map<String, Class> supportedTypes = new HashMap<String, Class>();
+ private Map<String, Class<?>> supportedTypes = new HashMap<String, Class<?>>();
public Boolean supports(String type) {
if (supportedTypes.containsKey(type))
return true;
return loadClass(type) != null ? true : false;
- // try {
- // // Class.forName(type);
- // Thread.currentThread().getContextClassLoader().loadClass(type);
- // return true;
- // } catch (ClassNotFoundException e) {
- // return false;
- // }
}
+ @SuppressWarnings("unchecked")
public <T> T readValue(String type, String str) {
- final Class clss;
+ final Class<?> clss;
if (supportedTypes.containsKey(type))
clss = supportedTypes.get(type);
else {
clss = loadClass(type);
if (clss == null)
throw new ArgeoServerException("Cannot find type " + type);
- // try {
- // // clss = Class.forName(type);
- // clss = Thread.currentThread().getContextClassLoader()
- // .loadClass(type);
- // } catch (ClassNotFoundException e) {
- // throw new ArgeoServerException("Cannot find type " + type, e);
- // }
}
try {
}
}
- public void setSupportedTypes(Map<String, Class> supportedTypes) {
+ public void setSupportedTypes(Map<String, Class<?>> supportedTypes) {
this.supportedTypes = supportedTypes;
}
- protected Class loadClass(String type) {
- Class clss;
+ protected Class<?> loadClass(String type) {
// try {
// return Class.forName(type);
// } catch (ClassNotFoundException e) {