From: Mathieu Baudier Date: Fri, 11 Feb 2011 10:13:32 +0000 (+0000) Subject: Improve Security X-Git-Tag: argeo-commons-2.1.30~1465 X-Git-Url: https://git.argeo.org/?a=commitdiff_plain;ds=sidebyside;h=136dab5338b5f731b285d17c804861bd5e5a9b5c;p=lgpl%2Fargeo-commons.git Improve Security git-svn-id: https://svn.argeo.org/commons/trunk@4127 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc --- diff --git a/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/commands/AddRole.java b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/commands/AddRole.java index 4581e8249..1873a1391 100644 --- a/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/commands/AddRole.java +++ b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/commands/AddRole.java @@ -26,7 +26,7 @@ public class AddRole extends AbstractHandler { role = role.trim().toUpperCase(); if (!role.startsWith(rolePrefix)) role = rolePrefix + role; - if (securityService.getSecurityDao().listEditableRoles().contains(role)) + if (securityService.listEditableRoles().contains(role)) throw new ArgeoException("Role " + role + " already exists"); securityService.newRole(role); rolesView.refresh(); diff --git a/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/editors/ArgeoUserEditor.java b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/editors/ArgeoUserEditor.java index 80abbe7f4..99a4652a9 100644 --- a/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/editors/ArgeoUserEditor.java +++ b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/editors/ArgeoUserEditor.java @@ -28,7 +28,7 @@ public class ArgeoUserEditor extends FormEditor { user.getUserNatures().put(SimpleUserNature.TYPE, new SimpleUserNature()); } else - user = securityService.getSecurityDao().getUser(username); + user = securityService.getUser(username); this.setPartProperty("name", username != null ? username : ""); setPartName(username != null ? username : ""); } @@ -48,7 +48,7 @@ public class ArgeoUserEditor extends FormEditor { // TODO: make it more generic findPage(DefaultUserMainPage.ID).doSave(monitor); - if (securityService.getSecurityDao().userExists(user.getUsername())) + if (securityService.userExists(user.getUsername())) securityService.updateUser(user); else { securityService.newUser(user); diff --git a/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/editors/DefaultUserMainPage.java b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/editors/DefaultUserMainPage.java index 696d23d6d..6180de49a 100644 --- a/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/editors/DefaultUserMainPage.java +++ b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/editors/DefaultUserMainPage.java @@ -279,8 +279,7 @@ public class DefaultUserMainPage extends FormPage { private class RolesContentProvider implements IStructuredContentProvider { public Object[] getElements(Object inputElement) { - return securityService.getSecurityDao().listEditableRoles() - .toArray(); + return securityService.listEditableRoles().toArray(); } public void dispose() { diff --git a/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/RolesView.java b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/RolesView.java index 635525cbe..a58675e4b 100644 --- a/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/RolesView.java +++ b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/RolesView.java @@ -103,8 +103,7 @@ public class RolesView extends ViewPart { private class RolesContentProvider implements IStructuredContentProvider { public Object[] getElements(Object inputElement) { - return securityService.getSecurityDao().listEditableRoles() - .toArray(); + return securityService.listEditableRoles().toArray(); } public void dispose() { diff --git a/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UsersView.java b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UsersView.java index a00bbc285..d77ad0e07 100644 --- a/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UsersView.java +++ b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UsersView.java @@ -89,7 +89,7 @@ public class UsersView extends ViewPart { private class UsersContentProvider implements IStructuredContentProvider { public Object[] getElements(Object inputElement) { - return securityService.getSecurityDao().listUsers().toArray(); + return securityService.listUsers().toArray(); } public void dispose() { diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityDao.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityDao.java index 67025dc5d..67c4cb2ec 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityDao.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityDao.java @@ -16,7 +16,7 @@ package org.argeo.security; -import java.util.List; +import java.util.Set; /** * Access to the users and roles referential (dependent from the underlying @@ -26,20 +26,20 @@ public interface ArgeoSecurityDao { // public ArgeoUser getCurrentUser(); /** List all users */ - public List listUsers(); + public Set listUsers(); /** List roles that can be modified */ - public List listEditableRoles(); + public Set listEditableRoles(); /** * Creates a new user in the underlying storage. DO NOT CALL DIRECTLY * use {@link ArgeoSecurityService#newUser(ArgeoUser)} instead. */ - public void create(ArgeoUser user); + public void createUser(ArgeoUser user); - public void update(ArgeoUser user); + public void updateUser(ArgeoUser user); - public void delete(String username); + public void deleteUser(String username); /** * Creates a new role in the underlying storage. DO NOT CALL DIRECTLY @@ -50,7 +50,7 @@ public interface ArgeoSecurityDao { public void deleteRole(String role); /** List all users having this role. */ - public List listUsersInRole(String role); + public Set listUsersInRole(String role); public Boolean userExists(String username); diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityService.java index 732ec72c2..76933e0e5 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityService.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityService.java @@ -16,30 +16,11 @@ package org.argeo.security; -import java.util.List; /** * High level access to the user referential (independent from the underlying * storage). */ -public interface ArgeoSecurityService { - public ArgeoUser getCurrentUser(); - - public void newUser(ArgeoUser argeoUser); - - public void updateUser(ArgeoUser user); - - public void updateUserPassword(String username, String password); - - public void updateCurrentUserPassword(String oldPassword, String newPassword); - - public void newRole(String role); - - public ArgeoSecurityDao getSecurityDao(); - - public Runnable wrapWithSystemAuthentication(final Runnable runnable); - - /** List users having this role (except the super user). */ - public List listUsersInRole(String role); - +public interface ArgeoSecurityService extends CurrentUserService, + UserAdminService { } diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/CurrentUserService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/CurrentUserService.java new file mode 100644 index 000000000..0cdae48fc --- /dev/null +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/CurrentUserService.java @@ -0,0 +1,12 @@ +package org.argeo.security; + +import java.util.Map; + +public interface CurrentUserService { + public ArgeoUser getCurrentUser(); + + public void updateCurrentUserPassword(String oldPassword, String newPassword); + + public void updateCurrentUserNatures(Map userNatures); + +} diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/SimpleArgeoUser.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/SimpleArgeoUser.java index ca7229c2b..c021f8e44 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/SimpleArgeoUser.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/SimpleArgeoUser.java @@ -28,7 +28,8 @@ import org.argeo.ArgeoException; * Read-write implementation of an Argeo user. Typically initialized with a * generic instance (read-only9 in order to modify a user. */ -public class SimpleArgeoUser implements ArgeoUser, Serializable { +public class SimpleArgeoUser implements ArgeoUser, Serializable, + Comparable { private static final long serialVersionUID = 1L; private String username; @@ -70,24 +71,27 @@ public class SimpleArgeoUser implements ArgeoUser, Serializable { "Could not find a user nature of type " + type); } - // for (int i = 0; i < userNatures.size(); i++) { - // String type = userNatures.get(i).getType(); - // boolean found = false; - // for (int j = 0; j < userNatures.size(); j++) { - // String newType = userNaturesData.get(j).getType(); - // if (type.equals(newType)) - // found = true; - // } - // if (!found) - // throw new ArgeoException( - // "Could not find a user nature of type " + type); - // } - for (String key : userNatures.keySet()) { userNatures.put(key, userNaturesData.get(key)); } } + @Override + public boolean equals(Object obj) { + if (!(obj instanceof ArgeoUser)) + return false; + return ((ArgeoUser) obj).getUsername().equals(username); + } + + public int compareTo(ArgeoUser o) { + return username.compareTo(o.getUsername()); + } + + @Override + public int hashCode() { + return username.hashCode(); + } + @Override public String toString() { return username; diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/UserAdminService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/UserAdminService.java new file mode 100644 index 000000000..47ea65ecc --- /dev/null +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/UserAdminService.java @@ -0,0 +1,39 @@ +package org.argeo.security; + +import java.util.Set; + +public interface UserAdminService { + /* + * USERS + */ + public void newUser(ArgeoUser argeoUser); + + public ArgeoUser getUser(String username); + + public Set listUsers(); + + public Boolean userExists(String username); + + public void updateUser(ArgeoUser user); + + public void updateUserPassword(String username, String password); + + /** List users having this role (except the super user). */ + public Set listUsersInRole(String role); + + public void deleteUser(String username); + + /* + * ROLES + */ + public void newRole(String role); + + public Set listEditableRoles(); + + public void deleteRole(String role); + + /* + * SYSTEM + */ + public Runnable wrapWithSystemAuthentication(final Runnable runnable); +} diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java index b9b85087b..e005e1ad4 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java @@ -17,7 +17,8 @@ package org.argeo.security.core; import java.util.Iterator; -import java.util.List; +import java.util.Map; +import java.util.Set; import org.argeo.ArgeoException; import org.argeo.security.ArgeoSecurity; @@ -25,6 +26,7 @@ import org.argeo.security.ArgeoSecurityDao; import org.argeo.security.ArgeoSecurityService; import org.argeo.security.ArgeoUser; import org.argeo.security.SimpleArgeoUser; +import org.argeo.security.UserNature; import org.springframework.core.task.SimpleAsyncTaskExecutor; import org.springframework.core.task.TaskExecutor; import org.springframework.security.Authentication; @@ -60,7 +62,7 @@ public class DefaultSecurityService implements ArgeoSecurityService { SimpleArgeoUser user = new SimpleArgeoUser( securityDao.getUser(username)); user.setPassword(securityDao.encodePassword(password)); - securityDao.update(user); + securityDao.updateUser(user); } public void updateCurrentUserPassword(String oldPassword, String newPassword) { @@ -68,7 +70,7 @@ public class DefaultSecurityService implements ArgeoSecurityService { if (!securityDao.isPasswordValid(user.getPassword(), oldPassword)) throw new ArgeoException("Old password is not correct."); user.setPassword(securityDao.encodePassword(newPassword)); - securityDao.update(user); + securityDao.updateUser(user); } public void newUser(ArgeoUser user) { @@ -82,7 +84,15 @@ public class DefaultSecurityService implements ArgeoSecurityService { ((SimpleArgeoUser) user).setPassword(securityDao .encodePassword(user.getPassword())); } - securityDao.create(user); + securityDao.createUser(user); + } + + public ArgeoUser getUser(String username) { + return securityDao.getUser(username); + } + + public Boolean userExists(String username) { + return securityDao.userExists(username); } public void updateUser(ArgeoUser user) { @@ -94,7 +104,16 @@ public class DefaultSecurityService implements ArgeoSecurityService { password = securityDao.encodePassword(user.getPassword()); SimpleArgeoUser simpleArgeoUser = new SimpleArgeoUser(user); simpleArgeoUser.setPassword(password); - securityDao.update(simpleArgeoUser); + securityDao.updateUser(simpleArgeoUser); + } + + public void deleteUser(String username) { + securityDao.deleteUser(username); + + } + + public void deleteRole(String role) { + securityDao.deleteRole(role); } public TaskExecutor createSystemAuthenticatedTaskExecutor() { @@ -130,8 +149,8 @@ public class DefaultSecurityService implements ArgeoSecurityService { }; } - public List listUsersInRole(String role) { - List lst = securityDao.listUsersInRole(role); + public Set listUsersInRole(String role) { + Set lst = securityDao.listUsersInRole(role); Iterator it = lst.iterator(); while (it.hasNext()) { if (it.next().getUsername() @@ -143,6 +162,20 @@ public class DefaultSecurityService implements ArgeoSecurityService { return lst; } + public void updateCurrentUserNatures(Map userNatures) { + // TODO Auto-generated method stub + + } + + public Set listUsers() { + return securityDao.listUsers(); + } + + public Set listEditableRoles() { + // TODO Auto-generated method stub + return securityDao.listEditableRoles(); + } + public void setArgeoSecurity(ArgeoSecurity argeoSecurity) { this.argeoSecurity = argeoSecurity; } diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java index 6aa31bbdc..bf4beb0e8 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java @@ -20,9 +20,11 @@ import static org.argeo.security.core.ArgeoUserDetails.createSimpleArgeoUser; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; -import java.util.ArrayList; +import java.util.Collections; import java.util.List; import java.util.Random; +import java.util.Set; +import java.util.TreeSet; import javax.naming.Name; import javax.naming.NamingException; @@ -130,7 +132,7 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean } } - public synchronized void create(ArgeoUser user) { + public synchronized void createUser(ArgeoUser user) { userDetailsManager.createUser(new ArgeoUserDetails(user)); } @@ -154,7 +156,7 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean // } @SuppressWarnings("unchecked") - public synchronized List listUsers() { + public synchronized Set listUsers() { List usernames = (List) ldapTemplate.listBindings( new DistinguishedName(userBase), new ContextMapper() { public Object mapFromContext(Object ctxArg) { @@ -163,47 +165,47 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean } }); - List lst = new ArrayList(); + TreeSet lst = new TreeSet(); for (String username : usernames) { lst.add(createSimpleArgeoUser(getDetails(username))); } - return lst; + return Collections.unmodifiableSortedSet(lst); } @SuppressWarnings("unchecked") - public List listEditableRoles() { - return (List) ldapTemplate.listBindings(groupBase, - new ContextMapper() { + public Set listEditableRoles() { + return Collections.unmodifiableSortedSet(new TreeSet( + ldapTemplate.listBindings(groupBase, new ContextMapper() { public Object mapFromContext(Object ctxArg) { String groupName = ((DirContextAdapter) ctxArg) .getStringAttribute(groupRoleAttributeName); String roleName = convertGroupToRole(groupName); return roleName; } - }); + }))); } @SuppressWarnings("unchecked") - public List listUsersInRole(String role) { - return (List) ldapTemplate.lookup( + public Set listUsersInRole(String role) { + return (Set) ldapTemplate.lookup( buildGroupDn(convertRoleToGroup(role)), new ContextMapper() { public Object mapFromContext(Object ctxArg) { DirContextAdapter ctx = (DirContextAdapter) ctxArg; String[] userDns = ctx .getStringAttributes(groupMemberAttributeName); - List lst = new ArrayList(); + TreeSet set = new TreeSet(); for (String userDn : userDns) { DistinguishedName dn = new DistinguishedName(userDn); String username = dn .getValue(usernameAttributeName); - lst.add(createSimpleArgeoUser(getDetails(username))); + set.add(createSimpleArgeoUser(getDetails(username))); } - return lst; + return Collections.unmodifiableSortedSet(set); } }); } - public synchronized void update(ArgeoUser user) { + public synchronized void updateUser(ArgeoUser user) { ArgeoUserDetails argeoUserDetails = new ArgeoUserDetails(user); userDetailsManager.updateUser(new ArgeoUserDetails(user)); // refresh logged in user @@ -215,7 +217,7 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean } } - public synchronized void delete(String username) { + public synchronized void deleteUser(String username) { userDetailsManager.deleteUser(username); } diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/nature/InfrastructureUserNature.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/nature/InfrastructureUserNature.java new file mode 100644 index 000000000..08ac376a8 --- /dev/null +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/nature/InfrastructureUserNature.java @@ -0,0 +1,67 @@ +package org.argeo.security.nature; + +import org.argeo.security.AbstractUserNature; + +/** + * Argeo infrastructure user nature. People with access to the infrastructure + * must be properly identified. + */ +public class InfrastructureUserNature extends AbstractUserNature { + private static final long serialVersionUID = 1L; + + private String mobile; + private String telephoneNumber; + private String postalAddress; + private String postalCode; + private String city; + private String countryCode; + + public String getMobile() { + return mobile; + } + + public void setMobile(String mobile) { + this.mobile = mobile; + } + + public String getTelephoneNumber() { + return telephoneNumber; + } + + public void setTelephoneNumber(String telephoneNumber) { + this.telephoneNumber = telephoneNumber; + } + + public String getPostalAddress() { + return postalAddress; + } + + public void setPostalAddress(String postalAddress) { + this.postalAddress = postalAddress; + } + + public String getPostalCode() { + return postalCode; + } + + public void setPostalCode(String postalCode) { + this.postalCode = postalCode; + } + + public String getCity() { + return city; + } + + public void setCity(String city) { + this.city = city; + } + + public String getCountryCode() { + return countryCode; + } + + public void setCountryCode(String countryCode) { + this.countryCode = countryCode; + } + +} diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/nature/PosixAccountNature.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/nature/PosixAccountNature.java new file mode 100644 index 000000000..3984ffe3d --- /dev/null +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/nature/PosixAccountNature.java @@ -0,0 +1,45 @@ +package org.argeo.security.nature; + +import org.argeo.security.AbstractUserNature; + +/** User with access to POSIX operating systems*/ +public class PosixAccountNature extends AbstractUserNature { + private static final long serialVersionUID = 1L; + + private Integer uidNumber; + private Integer gidNumber; + private String homeDirectory; + private String authorizedKeys; + + public Integer getUidNumber() { + return uidNumber; + } + + public void setUidNumber(Integer uidNumber) { + this.uidNumber = uidNumber; + } + + public Integer getGidNumber() { + return gidNumber; + } + + public void setGidNumber(Integer gidNumber) { + this.gidNumber = gidNumber; + } + + public String getHomeDirectory() { + return homeDirectory; + } + + public void setHomeDirectory(String homeDirectory) { + this.homeDirectory = homeDirectory; + } + + public String getAuthorizedKeys() { + return authorizedKeys; + } + + public void setAuthorizedKeys(String authorizedKeys) { + this.authorizedKeys = authorizedKeys; + } +} diff --git a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java index cd954644a..f2da2be6a 100644 --- a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java +++ b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java @@ -17,11 +17,8 @@ package org.argeo.security.mvc; import java.io.Reader; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.util.List; +import java.util.Set; -import org.apache.commons.codec.binary.Base64; import org.argeo.security.ArgeoSecurityService; import org.argeo.security.ArgeoUser; import org.argeo.security.SimpleArgeoUser; @@ -39,7 +36,7 @@ public class UsersRolesController implements MvcConstants { // private final static Log log = LogFactory // .getLog(UsersRolesController.class); - private String digestType = "SHA"; + // private String digestType = "SHA"; private ArgeoSecurityService securityService; @@ -59,14 +56,13 @@ public class UsersRolesController implements MvcConstants { @RequestMapping("/getUsersList.*") @ModelAttribute("users") - public List getUsersList() { - return securityService.getSecurityDao().listUsers(); + public Set getUsersList() { + return securityService.listUsers(); } @RequestMapping("/userExists.*") public BooleanAnswer userExists(@RequestParam("username") String username) { - return new BooleanAnswer(securityService.getSecurityDao().userExists( - username)); + return new BooleanAnswer(securityService.userExists(username)); } @RequestMapping("/createUser.*") @@ -76,7 +72,7 @@ public class UsersRolesController implements MvcConstants { SimpleArgeoUser.class); // cleanUserBeforeCreate(user); securityService.newUser(user); - return securityService.getSecurityDao().getUser(user.getUsername()); + return securityService.getUser(user.getUsername()); } @RequestMapping("/updateUser.*") @@ -85,7 +81,7 @@ public class UsersRolesController implements MvcConstants { ArgeoUser user = userDeserializer.deserialize(reader, SimpleArgeoUser.class); securityService.updateUser(user); - return securityService.getSecurityDao().getUser(user.getUsername()); + return securityService.getUser(user.getUsername()); } @RequestMapping("/updateUserSelf.*") @@ -97,26 +93,26 @@ public class UsersRolesController implements MvcConstants { SimpleArgeoUser.class); user.updateUserNatures(userForNatures.getUserNatures()); securityService.updateUser(user); - return securityService.getSecurityDao().getUser(user.getUsername()); + return securityService.getUser(user.getUsername()); } @RequestMapping("/deleteUser.*") public ServerAnswer deleteUser(@RequestParam("username") String username) { - securityService.getSecurityDao().delete(username); + securityService.deleteUser(username); return ServerAnswer.ok("User " + username + " deleted"); } @RequestMapping("/getUserDetails.*") @ModelAttribute("user") public ArgeoUser getUserDetails(@RequestParam("username") String username) { - return securityService.getSecurityDao().getUser(username); + return securityService.getUser(username); } /* ROLE */ @RequestMapping("/getRolesList.*") @ModelAttribute("roles") - public List getEditableRolesList() { - return securityService.getSecurityDao().listEditableRoles(); + public Set getEditableRolesList() { + return securityService.listEditableRoles(); } @RequestMapping("/createRole.*") @@ -127,7 +123,7 @@ public class UsersRolesController implements MvcConstants { @RequestMapping("/deleteRole.*") public ServerAnswer deleteRole(@RequestParam("role") String role) { - securityService.getSecurityDao().deleteRole(role); + securityService.deleteRole(role); return ServerAnswer.ok("Role " + role + " deleted"); } @@ -135,8 +131,7 @@ public class UsersRolesController implements MvcConstants { public ServerAnswer updateUserPassword( @RequestParam("username") String username, @RequestParam("password") String password) { - securityService.updateUserPassword(username, - digestIfNecessary(password)); + securityService.updateUserPassword(username, password); return ServerAnswer.ok("Password updated for user " + username); } @@ -144,29 +139,29 @@ public class UsersRolesController implements MvcConstants { public ServerAnswer updatePassword( @RequestParam("oldPassword") String oldPassword, @RequestParam("password") String password) { - securityService.updateCurrentUserPassword( - digestIfNecessary(oldPassword), digestIfNecessary(password)); + securityService.updateCurrentUserPassword(oldPassword, password); return ServerAnswer.ok("Password updated"); } - protected String digestIfNecessary(String str) { - if (!str.startsWith("{" + digestType + "}")) - return digest(str); - else - return str; - } - - protected String digest(String nonEncrypted) { - try { - MessageDigest md = MessageDigest.getInstance(digestType); - byte[] dig = md.digest(nonEncrypted.getBytes()); - return "{" + digestType + "}" - + new String(Base64.encodeBase64(dig)); - } catch (NoSuchAlgorithmException e) { - throw new RuntimeException( - "Unexpected exception while digesting password"); - } - } + // protected String digestIfNecessary(String str) { + // + // if (!str.startsWith("{" + digestType + "}")) + // return digest(str); + // else + // return str; + // } + + // protected String digest(String nonEncrypted) { + // try { + // MessageDigest md = MessageDigest.getInstance(digestType); + // byte[] dig = md.digest(nonEncrypted.getBytes()); + // return "{" + digestType + "}" + // + new String(Base64.encodeBase64(dig)); + // } catch (NoSuchAlgorithmException e) { + // throw new RuntimeException( + // "Unexpected exception while digesting password"); + // } + // } public void setUserDeserializer(Deserializer userDeserializer) { this.userDeserializer = userDeserializer;