import org.eclipse.swt.widgets.Shell;
import org.eclipse.swt.widgets.Text;
-/** Dialog to change the current user password */
+/** Dialog retrieve a single value. */
public class SingleValue extends TitleAreaDialog {
private Text valueT;
private String value;
<bean id="refreshUsersList" class="org.argeo.security.ui.admin.commands.RefreshUsersList"
scope="prototype">
<property name="userAdminService" ref="userAdminService" />
+ <property name="session" ref="session" />
</bean>
</beans>
package org.argeo.security.ui.admin.commands;
+import java.util.Set;
+
+import javax.jcr.Node;
+import javax.jcr.NodeIterator;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.query.Query;
+
+import org.argeo.ArgeoException;
+import org.argeo.jcr.ArgeoNames;
+import org.argeo.jcr.ArgeoTypes;
+import org.argeo.jcr.JcrUtils;
import org.argeo.security.UserAdminService;
import org.argeo.security.ui.admin.views.UsersView;
import org.eclipse.core.commands.AbstractHandler;
import org.eclipse.core.commands.ExecutionException;
import org.eclipse.ui.handlers.HandlerUtil;
-/** Refresh the main EBI list. */
+/**
+ * Refreshes the main EBI list, removing nodes which are not referenced by user
+ * admin service.
+ */
public class RefreshUsersList extends AbstractHandler {
private UserAdminService userAdminService;
+ private Session session;
public Object execute(ExecutionEvent event) throws ExecutionException {
+ Set<String> users = userAdminService.listUsers();
+ try {
+ Query query = session
+ .getWorkspace()
+ .getQueryManager()
+ .createQuery(
+ "select * from [" + ArgeoTypes.ARGEO_USER_HOME
+ + "]", Query.JCR_SQL2);
+ NodeIterator nit = query.execute().getNodes();
+ while (nit.hasNext()) {
+ Node node = nit.nextNode();
+ String username = node.getProperty(ArgeoNames.ARGEO_USER_ID)
+ .getString();
+ if (!users.contains(username))
+ node.remove();
+ }
+ session.save();
+ } catch (RepositoryException e) {
+ JcrUtils.discardQuietly(session);
+ throw new ArgeoException("Cannot list users", e);
+ }
+
userAdminService.synchronize();
UsersView view = (UsersView) HandlerUtil
.getActiveWorkbenchWindow(event).getActivePage()
this.userAdminService = userAdminService;
}
+ public void setSession(Session session) {
+ this.session = session;
+ }
+
}
\ No newline at end of file
email.getText());
userProfile.setProperty(Property.JCR_DESCRIPTION,
description.getText());
+ userProfile.getSession().save();
super.commit(onSave);
if (log.isTraceEnabled())
log.trace("General part committed");
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.eclipse.equinox.security.auth.ILoginContext;
+import org.eclipse.jface.dialogs.Dialog;
+import org.eclipse.jface.dialogs.MessageDialog;
import org.eclipse.rwt.RWT;
import org.eclipse.rwt.lifecycle.IEntryPoint;
import org.eclipse.rwt.service.SessionStoreEvent;
import org.eclipse.rwt.service.SessionStoreListener;
+import org.eclipse.swt.graphics.Image;
import org.eclipse.swt.widgets.Display;
+import org.eclipse.swt.widgets.Shell;
import org.eclipse.ui.PlatformUI;
import org.eclipse.ui.application.IWorkbenchWindowConfigurer;
import org.eclipse.ui.application.WorkbenchAdvisor;
public class SecureEntryPoint implements IEntryPoint, SessionStoreListener {
private final static Log log = LogFactory.getLog(SecureEntryPoint.class);
+ @SuppressWarnings("unchecked")
@Override
public int createUI() {
// 15 mins session timeout
subject = loginContext.getSubject();
} catch (LoginException e) {
log.error("Error when logging in.", e);
+ MessageDialog.openInformation(display.getActiveShell(),
+ "Login failed", "Login failed");
display.dispose();
RWT.getRequest().getSession().setMaxInactiveInterval(1);
try {
} catch (InterruptedException e1) {
// silent
}
+ // throw new RuntimeException("Login failed", e);
return -1;
}
// log.debug("Workbench closed");
// }
+ static class FailedLogin extends MessageDialog {
+
+ public FailedLogin(Shell parentShell, String dialogTitle,
+ Image dialogTitleImage, String dialogMessage,
+ int dialogImageType, String[] dialogButtonLabels,
+ int defaultIndex) {
+ super(parentShell, "Failed ", dialogTitleImage, dialogMessage,
+ dialogImageType, dialogButtonLabels, defaultIndex);
+ // TODO Auto-generated constructor stub
+ }
+
+ }
+
@SuppressWarnings("rawtypes")
private PrivilegedAction getRunAction(final Display display) {
return new PrivilegedAction() {
import org.eclipse.core.commands.AbstractHandler;
import org.eclipse.core.commands.ExecutionEvent;
import org.eclipse.core.commands.ExecutionException;
+import org.eclipse.jface.dialogs.Dialog;
+import org.eclipse.jface.dialogs.MessageDialog;
import org.eclipse.ui.handlers.HandlerUtil;
import org.springframework.security.userdetails.UserDetailsManager;
public Object execute(ExecutionEvent event) throws ExecutionException {
ChangePasswordDialog dialog = new ChangePasswordDialog(
HandlerUtil.getActiveShell(event), userDetailsManager);
- dialog.open();
+ if (dialog.open() == Dialog.OK) {
+ MessageDialog.openInformation(HandlerUtil.getActiveShell(event),
+ "Password changed", "Password changed.");
+ }
return null;
}
/*
* USERS
*/
+ /** List all users. */
+ public Set<String> listUsers();
+
/** List users having this role (except the super user). */
public Set<String> listUsersInRole(String role);
import java.util.Set;
import java.util.TreeSet;
+import org.argeo.ArgeoException;
import org.argeo.security.UserAdminDao;
import org.argeo.security.UserAdminService;
import org.springframework.ldap.core.ContextSource;
+import org.springframework.security.Authentication;
import org.springframework.security.GrantedAuthority;
+import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.encoding.PasswordEncoder;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.ldap.LdapUserDetailsManager;
@Override
public void changePassword(String oldPassword, String newPassword) {
- super.changePassword(oldPassword, encodePassword(newPassword));
+ Authentication authentication = SecurityContextHolder.getContext()
+ .getAuthentication();
+ if (authentication == null)
+ throw new ArgeoException(
+ "Cannot change password without authentication");
+ String username = authentication.getName();
+ UserDetails userDetails = loadUserByUsername(username);
+ String currentPassword = userDetails.getPassword();
+ if (currentPassword == null)
+ throw new ArgeoException("Cannot access current password");
+ if (!passwordEncoder
+ .isPasswordValid(currentPassword, oldPassword, null))
+ throw new ArgeoException("Old password invalid");
+ // Spring Security LDAP 2.0 is buggy when used with OpenLDAP and called
+ // with oldPassword argument
+ super.changePassword(null, encodePassword(newPassword));
}
public void newRole(String role) {
userAdminDao.deleteRole(role);
}
+ public Set<String> listUsers() {
+ return userAdminDao.listUsers();
+ }
+
public Set<String> listUsersInRole(String role) {
Set<String> lst = new TreeSet<String>(
userAdminDao.listUsersInRole(role));
import java.util.HashMap;
import java.util.Map;
import java.util.Random;
+import java.util.SortedSet;
import java.util.concurrent.Executor;
import javax.jcr.Node;
public UserDetails mapUserFromContext(final DirContextOperations ctx,
final String username, GrantedAuthority[] authorities) {
+ if (ctx == null)
+ throw new ArgeoException("No LDAP information found for user "
+ + username);
+
final StringBuffer userHomePathT = new StringBuffer("");
Runnable action = new Runnable() {
public void run() {
}
// password
- byte[] arr = (byte[]) ctx
- .getAttributeSortedStringSet(passwordAttribute).first();
+ SortedSet<?> passwordAttributes = ctx
+ .getAttributeSortedStringSet(passwordAttribute);
+ String password;
+ if (passwordAttributes == null || passwordAttributes.size() == 0) {
+ throw new ArgeoException("No password found for user " + username);
+ } else {
+ byte[] arr = (byte[]) passwordAttributes.first();
+ password = new String(arr);
+ // erase password
+ Arrays.fill(arr, (byte) 0);
+ }
JcrUserDetails userDetails = new JcrUserDetails(
- userHomePathT.toString(), username, new String(arr), true,
- true, true, true, authorities);
- // erase password
- Arrays.fill(arr, (byte) 0);
+ userHomePathT.toString(), username, password, true, true, true,
+ true, authorities);
return userDetails;
}
if (ldapAttribute.equals("description")) {
String value = userProfile.getProperty(jcrProperty).getString();
- if(value.trim().equals(""))
+ if (value.trim().equals(""))
return;
}