From 8220766ace9f3bde3a9d69890cd8307c34fe8ddd Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Thu, 17 Sep 2009 18:14:43 +0000
Subject: [PATCH] User services

git-svn-id: https://svn.argeo.org/commons/trunk@2955 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---
 .../META-INF/MANIFEST.MF                      |  13 +-
 .../META-INF/spring/dao.xml                   |  14 +++
 .../META-INF/spring/ldap.xml                  |  37 ++++--
 .../META-INF/spring/osgi.xml                  |   4 +-
 .../META-INF/MANIFEST.MF                      |   5 +-
 .../WEB-INF/osgi.xml                          |   3 +
 .../WEB-INF/security-servlet.xml              |   4 +-
 .../java/org/argeo/security/UserNature.java   |  22 ++--
 .../argeo/security/core/ArgeoUserDetails.java |  32 +++--
 .../java/org/argeo/security/dao/RoleDao.java  |  14 +++
 .../java/org/argeo/security/dao/UserDao.java  |  22 ++++
 .../ldap/ArgeoUserDetailsContextMapper.java   |  20 +++-
 .../ldap/CoworkerUserNatureMapper.java        |   5 +-
 .../security/ldap/SimpleUserNatureMapper.java |   3 +
 .../org/argeo/security/ldap/UserDaoLdap.java  | 111 ++++++++++++++++++
 .../runtime/org.argeo.security.mvc/pom.xml    |   7 ++
 .../security/mvc/UsersRolesController.java    |  45 ++++++-
 .../java/org/argeo/server/BooleanAnswer.java  |  21 ++++
 18 files changed, 339 insertions(+), 43 deletions(-)
 create mode 100644 security/modules/org.argeo.security.manager.ldap/META-INF/spring/dao.xml
 create mode 100644 security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/dao/RoleDao.java
 create mode 100644 security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/dao/UserDao.java
 create mode 100644 security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/UserDaoLdap.java
 create mode 100644 server/runtime/org.argeo.server.core/src/main/java/org/argeo/server/BooleanAnswer.java

diff --git a/security/modules/org.argeo.security.manager.ldap/META-INF/MANIFEST.MF b/security/modules/org.argeo.security.manager.ldap/META-INF/MANIFEST.MF
index bfcd8154b..34ad7d391 100644
--- a/security/modules/org.argeo.security.manager.ldap/META-INF/MANIFEST.MF
+++ b/security/modules/org.argeo.security.manager.ldap/META-INF/MANIFEST.MF
@@ -1,10 +1,13 @@
 Bundle-SymbolicName: org.argeo.security.manager.ldap
 Bundle-Version: 0.1.1.SNAPSHOT
-Import-Package: org.springframework.security.ldap,
+Import-Package: org.argeo.security.dao,
+ org.argeo.security.ldap,
+ org.springframework.ldap.core.support,
+ org.springframework.security,
+ org.springframework.security.ldap,
+ org.springframework.security.ldap.populator,
  org.springframework.security.providers,
  org.springframework.security.providers.ldap,
  org.springframework.security.providers.ldap.authenticator,
- org.springframework.security.ldap.populator,
- org.springframework.security.userdetails.ldap,
- org.springframework.security,
- org.springframework.ldap.core.support
+ org.springframework.security.userdetails,
+ org.springframework.security.userdetails.ldap
diff --git a/security/modules/org.argeo.security.manager.ldap/META-INF/spring/dao.xml b/security/modules/org.argeo.security.manager.ldap/META-INF/spring/dao.xml
new file mode 100644
index 000000000..a1c99f6fd
--- /dev/null
+++ b/security/modules/org.argeo.security.manager.ldap/META-INF/spring/dao.xml
@@ -0,0 +1,14 @@
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+              http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
+
+
+	<bean id="userDao" class="org.argeo.security.ldap.UserDaoLdap">
+		<constructor-arg ref="contextSource" />
+		<property name="userDetailsManager" ref="userDetailsManager" />
+		<property name="authoritiesPopulator" ref="authoritiesPopulator" />
+	</bean>
+
+</beans>
diff --git a/security/modules/org.argeo.security.manager.ldap/META-INF/spring/ldap.xml b/security/modules/org.argeo.security.manager.ldap/META-INF/spring/ldap.xml
index 49a2c93d1..22fd5baff 100644
--- a/security/modules/org.argeo.security.manager.ldap/META-INF/spring/ldap.xml
+++ b/security/modules/org.argeo.security.manager.ldap/META-INF/spring/ldap.xml
@@ -48,15 +48,38 @@
 				</property>
 			</bean>
 		</constructor-arg>
-		<constructor-arg>
+		<constructor-arg ref="authoritiesPopulator" />
+		<property name="userDetailsContextMapper" ref="userDetailsMapper" />
+	</bean>
+
+	<bean id="authoritiesPopulator"
+		class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
+		<constructor-arg ref="contextSource" />
+		<constructor-arg value="ou=groups" />
+		<!-- <property name="defaultRole" value="ROLE_USER" /> -->
+		<property name="groupSearchFilter" value="uniqueMember={0}" />
+	</bean>
+
+	<bean id="userDetailsManager"
+		class="org.springframework.security.userdetails.ldap.LdapUserDetailsManager">
+		<constructor-arg ref="contextSource" />
+		<property name="userDetailsMapper" ref="userDetailsMapper" />
+		<property name="groupSearchBase" value="ou=groups" />
+		<property name="usernameMapper">
 			<bean
-				class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
-				<constructor-arg ref="contextSource" />
-				<constructor-arg value="ou=groups" />
-				<!-- <property name="defaultRole" value="ROLE_USER" /> -->
-				<property name="groupSearchFilter" value="uniqueMember={0}" />
+				class="org.springframework.security.ldap.DefaultLdapUsernameToDnMapper">
+				<constructor-arg value="ou=users" />
+				<constructor-arg value="uid" />
 			</bean>
-		</constructor-arg>
+		</property>
 	</bean>
 
+	<bean id="userDetailsMapper" class="org.argeo.security.ldap.ArgeoUserDetailsContextMapper">
+		<property name="userNatureMappers">
+			<list>
+				<bean class="org.argeo.security.ldap.SimpleUserNatureMapper" />
+				<bean class="org.argeo.security.ldap.CoworkerUserNatureMapper" />
+			</list>
+		</property>
+	</bean>
 </beans>
diff --git a/security/modules/org.argeo.security.manager.ldap/META-INF/spring/osgi.xml b/security/modules/org.argeo.security.manager.ldap/META-INF/spring/osgi.xml
index c99e04dcf..9b7f38bef 100644
--- a/security/modules/org.argeo.security.manager.ldap/META-INF/spring/osgi.xml
+++ b/security/modules/org.argeo.security.manager.ldap/META-INF/spring/osgi.xml
@@ -8,6 +8,6 @@
 
 	<service ref="_authenticationManager"
 		interface="org.springframework.security.AuthenticationManager" />
-	<!-- <service ref="authenticationProvider"
-		interface="org.springframework.security.providers.AuthenticationProvider" /> -->
+
+	<service ref="userDao" interface="org.argeo.security.dao.UserDao" />
 </beans:beans>
\ No newline at end of file
diff --git a/security/modules/org.argeo.security.webapp/META-INF/MANIFEST.MF b/security/modules/org.argeo.security.webapp/META-INF/MANIFEST.MF
index f52b69aa2..c7d3bc804 100644
--- a/security/modules/org.argeo.security.webapp/META-INF/MANIFEST.MF
+++ b/security/modules/org.argeo.security.webapp/META-INF/MANIFEST.MF
@@ -1,4 +1,3 @@
-Web-ContextPath: org.argeo.security.webapp
 Bundle-SymbolicName: org.argeo.security.webapp
 Bundle-Version: 0.1.1.SNAPSHOT
 Import-Package: javax.servlet,
@@ -12,4 +11,6 @@ Import-Package: javax.servlet,
  org.springframework.web.context,
  org.springframework.web.context.support,
  org.springframework.web.filter,
- org.springframework.web.servlet
+ org.springframework.web.servlet,
+ org.argeo.security.dao
+Web-ContextPath: org.argeo.security.webapp
diff --git a/security/modules/org.argeo.security.webapp/WEB-INF/osgi.xml b/security/modules/org.argeo.security.webapp/WEB-INF/osgi.xml
index bb5722691..d7152f8cc 100644
--- a/security/modules/org.argeo.security.webapp/WEB-INF/osgi.xml
+++ b/security/modules/org.argeo.security.webapp/WEB-INF/osgi.xml
@@ -8,4 +8,7 @@
 
 	<reference id="_authenticationManager"
 		interface="org.springframework.security.AuthenticationManager" />
+
+	<reference id="userDao" interface="org.argeo.security.dao.UserDao" />
+
 </beans:beans>
\ No newline at end of file
diff --git a/security/modules/org.argeo.security.webapp/WEB-INF/security-servlet.xml b/security/modules/org.argeo.security.webapp/WEB-INF/security-servlet.xml
index 21f95619c..875113d74 100644
--- a/security/modules/org.argeo.security.webapp/WEB-INF/security-servlet.xml
+++ b/security/modules/org.argeo.security.webapp/WEB-INF/security-servlet.xml
@@ -9,7 +9,9 @@
 
 	<context:component-scan base-package="org.argeo.security.mvc" />
 
-	<bean id="controller" class="org.argeo.security.mvc.UsersRolesController"></bean>
+	<bean id="controller" class="org.argeo.security.mvc.UsersRolesController">
+		<property name="userDao" ref="userDao" />
+	</bean>
 
 	<bean id="viewResolver" class="org.argeo.server.json.mvc.JsonViewResolver">
 	</bean>
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/UserNature.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/UserNature.java
index f0bff97e8..a0cda3c83 100644
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/UserNature.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/UserNature.java
@@ -1,13 +1,13 @@
 package org.argeo.security;
 
+import java.io.Serializable;
 import java.util.UUID;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 //@JsonAutoDetect(value = { JsonMethod.GETTER, JsonMethod.SETTER })
-public class UserNature {
-	private final static Log log = LogFactory.getLog(UserNature.class);
+public class UserNature implements Serializable {
+	private static final long serialVersionUID = 1L;
+
+	// private final static Log log = LogFactory.getLog(UserNature.class);
 
 	private String uuid = UUID.randomUUID().toString();
 	private String type;
@@ -31,10 +31,10 @@ public class UserNature {
 		this.type = type;
 	}
 
-//	@JsonAnySetter
-//	public void anySetter(String key, Object obj) {
-//		if (obj != null)
-//			log.info("anySetter: " + key + "=" + obj + " (" + obj.getClass()
-//					+ "), natureType=" + type);
-//	}
+	// @JsonAnySetter
+	// public void anySetter(String key, Object obj) {
+	// if (obj != null)
+	// log.info("anySetter: " + key + "=" + obj + " (" + obj.getClass()
+	// + "), natureType=" + type);
+	// }
 }
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/ArgeoUserDetails.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/ArgeoUserDetails.java
index b20bac447..1080eb82c 100644
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/ArgeoUserDetails.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/ArgeoUserDetails.java
@@ -9,6 +9,7 @@ import org.argeo.security.BasicArgeoUser;
 import org.argeo.security.UserNature;
 import org.springframework.security.Authentication;
 import org.springframework.security.GrantedAuthority;
+import org.springframework.security.GrantedAuthorityImpl;
 import org.springframework.security.userdetails.User;
 import org.springframework.security.userdetails.UserDetails;
 
@@ -29,6 +30,12 @@ public class ArgeoUserDetails extends User implements ArgeoUser {
 				getAuthorities(), new ArrayList<String>()));
 	}
 
+	public ArgeoUserDetails(ArgeoUser argeoUser) {
+		// TODO: password
+		this(argeoUser.getUsername(), argeoUser.getUserNatures(), null,
+				rolesToAuthorities(argeoUser.getRoles()));
+	}
+
 	public List<UserNature> getUserNatures() {
 		return userNatures;
 	}
@@ -46,6 +53,14 @@ public class ArgeoUserDetails extends User implements ArgeoUser {
 		return roles;
 	}
 
+	protected static GrantedAuthority[] rolesToAuthorities(List<String> roles) {
+		GrantedAuthority[] arr = new GrantedAuthority[roles.size()];
+		for (int i = 0; i < roles.size(); i++) {
+			arr[i] = new GrantedAuthorityImpl(roles.get(i));
+		}
+		return arr;
+	}
+
 	public static BasicArgeoUser createBasicArgeoUser(UserDetails userDetails) {
 		BasicArgeoUser argeoUser = new BasicArgeoUser();
 		argeoUser.setUsername(userDetails.getUsername());
@@ -54,12 +69,15 @@ public class ArgeoUserDetails extends User implements ArgeoUser {
 		return argeoUser;
 	}
 
-	public static BasicArgeoUser createBasicArgeoUser(
-			Authentication authentication) {
-		BasicArgeoUser argeoUser = new BasicArgeoUser();
-		argeoUser.setUsername(authentication.getName());
-		addAuthoritiesToRoles(authentication.getAuthorities(), argeoUser
-				.getRoles());
-		return argeoUser;
+	public static ArgeoUser asArgeoUser(Authentication authentication) {
+		if (authentication.getPrincipal() instanceof ArgeoUser) {
+			return (ArgeoUser) authentication.getPrincipal();
+		} else {
+			BasicArgeoUser argeoUser = new BasicArgeoUser();
+			argeoUser.setUsername(authentication.getName());
+			addAuthoritiesToRoles(authentication.getAuthorities(), argeoUser
+					.getRoles());
+			return argeoUser;
+		}
 	}
 }
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/dao/RoleDao.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/dao/RoleDao.java
new file mode 100644
index 000000000..3b0b7ef7e
--- /dev/null
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/dao/RoleDao.java
@@ -0,0 +1,14 @@
+package org.argeo.security.dao;
+
+import java.util.List;
+
+import org.argeo.security.ArgeoUser;
+
+public interface RoleDao {
+	public List<String> listRoles();
+
+	public void create(String role);
+
+	public List<String> listUserRoles(ArgeoUser user);
+
+}
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/dao/UserDao.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/dao/UserDao.java
new file mode 100644
index 000000000..7227bd860
--- /dev/null
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/dao/UserDao.java
@@ -0,0 +1,22 @@
+package org.argeo.security.dao;
+
+import java.util.List;
+
+import org.argeo.security.ArgeoUser;
+
+public interface UserDao {
+	public List<ArgeoUser> listUsers();
+
+	public void create(ArgeoUser user);
+
+	public void update(ArgeoUser user);
+
+	public void delete(String username);
+	
+	public void updatePassword(String oldPassword, String newPassword);
+	
+	public Boolean userExists(String username);
+
+	public ArgeoUser getUser(String uname);
+
+}
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoUserDetailsContextMapper.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoUserDetailsContextMapper.java
index 25b5c6eba..d9b76a6c6 100644
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoUserDetailsContextMapper.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoUserDetailsContextMapper.java
@@ -4,6 +4,8 @@ import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.argeo.security.ArgeoUser;
 import org.argeo.security.UserNature;
 import org.argeo.security.core.ArgeoUserDetails;
@@ -14,7 +16,10 @@ import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.ldap.UserDetailsContextMapper;
 
 public class ArgeoUserDetailsContextMapper implements UserDetailsContextMapper {
-	private List<UserNatureMapper> userInfoMappers = new ArrayList<UserNatureMapper>();
+	private final static Log log = LogFactory
+			.getLog(ArgeoUserDetailsContextMapper.class);
+
+	private List<UserNatureMapper> userNatureMappers = new ArrayList<UserNatureMapper>();
 
 	public UserDetails mapUserFromContext(DirContextOperations ctx,
 			String username, GrantedAuthority[] authorities) {
@@ -23,8 +28,11 @@ public class ArgeoUserDetailsContextMapper implements UserDetailsContextMapper {
 		String password = new String(arr);
 
 		List<UserNature> userInfos = new ArrayList<UserNature>();
-		for (UserNatureMapper userInfoMapper : userInfoMappers) {
-			userInfos.add(userInfoMapper.mapUserInfoFromContext(ctx));
+		for (UserNatureMapper userInfoMapper : userNatureMappers) {
+			UserNature userNature = userInfoMapper.mapUserInfoFromContext(ctx);
+			if (log.isDebugEnabled())
+				log.debug("Add user nature " + userNature);
+			userInfos.add(userNature);
 		}
 
 		return new ArgeoUserDetails(username, Collections
@@ -38,7 +46,7 @@ public class ArgeoUserDetailsContextMapper implements UserDetailsContextMapper {
 		if (user instanceof ArgeoUser) {
 			ArgeoUser argeoUser = (ArgeoUser) user;
 			for (UserNature userInfo : argeoUser.getUserNatures()) {
-				for (UserNatureMapper userInfoMapper : userInfoMappers) {
+				for (UserNatureMapper userInfoMapper : userNatureMappers) {
 					if (userInfoMapper.supports(userInfo)) {
 						userInfoMapper.mapUserInfoToContext(userInfo, ctx);
 						break;// use the first mapper found an no others
@@ -48,8 +56,8 @@ public class ArgeoUserDetailsContextMapper implements UserDetailsContextMapper {
 		}
 	}
 
-	public void setUserInfoMappers(List<UserNatureMapper> userInfoMappers) {
-		this.userInfoMappers = userInfoMappers;
+	public void setUserNatureMappers(List<UserNatureMapper> userNatureMappers) {
+		this.userNatureMappers = userNatureMappers;
 	}
 
 }
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/CoworkerUserNatureMapper.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/CoworkerUserNatureMapper.java
index 6fb0ef048..47e80dc2e 100644
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/CoworkerUserNatureMapper.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/CoworkerUserNatureMapper.java
@@ -13,11 +13,14 @@ public class CoworkerUserNatureMapper implements UserNatureMapper {
 		basicUserInfo.setMobile(ctx.getStringAttribute("mobile"));
 		basicUserInfo.setTelephoneNumber(ctx
 				.getStringAttribute("telephoneNumber"));
+		basicUserInfo.setUuid(ctx.getStringAttribute("employeeNumber"));
 		return basicUserInfo;
 	}
 
-	public void mapUserInfoToContext(UserNature userInfoArg, DirContextAdapter ctx) {
+	public void mapUserInfoToContext(UserNature userInfoArg,
+			DirContextAdapter ctx) {
 		CoworkerNature userInfo = (CoworkerNature) userInfoArg;
+		ctx.setAttributeValue("employeeNumber", userInfo.getUuid());
 		if (userInfo.getDescription() != null) {
 			ctx.setAttributeValue("description", userInfo.getDescription());
 		}
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/SimpleUserNatureMapper.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/SimpleUserNatureMapper.java
index 6a6bab3c7..2a210910c 100644
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/SimpleUserNatureMapper.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/SimpleUserNatureMapper.java
@@ -12,6 +12,7 @@ public class SimpleUserNatureMapper implements UserNatureMapper {
 		basicUserInfo.setLastName(ctx.getStringAttribute("sn"));
 		basicUserInfo.setFirstName(ctx.getStringAttribute("givenName"));
 		basicUserInfo.setEmail(ctx.getStringAttribute("mail"));
+		basicUserInfo.setUuid(ctx.getStringAttribute("seeAlso"));
 		return basicUserInfo;
 	}
 
@@ -23,6 +24,8 @@ public class SimpleUserNatureMapper implements UserNatureMapper {
 		ctx.setAttributeValue("sn", userInfo.getLastName());
 		ctx.setAttributeValue("givenName", userInfo.getFirstName());
 		ctx.setAttributeValue("mail", userInfo.getEmail());
+		// TODO: find a cleaner way?
+		ctx.setAttributeValue("seeAlso", userInfo.getUuid());
 	}
 
 	public Boolean supports(UserNature userInfo) {
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/UserDaoLdap.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/UserDaoLdap.java
new file mode 100644
index 000000000..18b47cf6a
--- /dev/null
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/UserDaoLdap.java
@@ -0,0 +1,111 @@
+package org.argeo.security.ldap;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+
+import javax.naming.NamingException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.argeo.security.ArgeoUser;
+import org.argeo.security.BasicArgeoUser;
+import org.argeo.security.core.ArgeoUserDetails;
+import org.argeo.security.dao.UserDao;
+import org.springframework.ldap.core.ContextMapper;
+import org.springframework.ldap.core.ContextSource;
+import org.springframework.ldap.core.DirContextAdapter;
+import org.springframework.ldap.core.DistinguishedName;
+import org.springframework.ldap.core.LdapTemplate;
+import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.UserDetailsManager;
+
+public class UserDaoLdap implements UserDao {
+	private final static Log log = LogFactory.getLog(UserDaoLdap.class);
+
+	private UserDetailsManager userDetailsManager;
+	private DefaultLdapAuthoritiesPopulator authoritiesPopulator;
+	private String userBase = "ou=users";
+
+	private final LdapTemplate ldapTemplate;
+
+	public UserDaoLdap(ContextSource contextSource) {
+		ldapTemplate = new LdapTemplate(contextSource);
+	}
+
+	public void create(ArgeoUser user) {
+		userDetailsManager.createUser((UserDetails) user);
+	}
+
+	public ArgeoUser getUser(String uname) {
+		return (ArgeoUser) userDetailsManager.loadUserByUsername(uname);
+	}
+
+	@SuppressWarnings("unchecked")
+	public List<ArgeoUser> listUsers() {
+		List<String> usernames = (List<String>) ldapTemplate.listBindings(
+				new DistinguishedName(userBase), new UserContextMapper());
+		List<ArgeoUser> lst = new ArrayList<ArgeoUser>();
+		for (String username : usernames) {
+			UserDetails userDetails = userDetailsManager
+					.loadUserByUsername(username);
+			lst.add((ArgeoUser) userDetails);
+		}
+		return lst;
+	}
+
+	public void update(ArgeoUser user) {
+		userDetailsManager.updateUser(new ArgeoUserDetails(user));
+	}
+
+	public void delete(String username) {
+		userDetailsManager.deleteUser(username);
+	}
+
+	public void updatePassword(String oldPassword, String newPassword) {
+		userDetailsManager.changePassword(oldPassword, newPassword);
+	}
+
+	public Boolean userExists(String username) {
+		return userDetailsManager.userExists(username);
+	}
+
+	public void setUserDetailsManager(UserDetailsManager userDetailsManager) {
+		this.userDetailsManager = userDetailsManager;
+	}
+
+	public void setAuthoritiesPopulator(
+			DefaultLdapAuthoritiesPopulator authoritiesPopulator) {
+		this.authoritiesPopulator = authoritiesPopulator;
+	}
+
+	public void setUserBase(String userBase) {
+		this.userBase = userBase;
+	}
+
+	class UserContextMapper implements ContextMapper {
+		public Object mapFromContext(Object ctxArg) {
+			DirContextAdapter ctx = (DirContextAdapter) ctxArg;
+			// BasicArgeoUser user = new BasicArgeoUser();
+			return ctx.getStringAttribute("uid");
+
+			// log.debug("dn# " + ctx.getDn());
+			// log.debug("NameInNamespace# " + ctx.getNameInNamespace());
+			// log.debug("toString# " + ctx.toString());
+
+			// Set<String> roles = authoritiesPopulator.getGroupMembershipRoles(
+			// ctx.composeName(user.getUsername(), userBase), user
+			// .getUsername());
+			// user.setRoles(new ArrayList<String>(roles));
+			// GrantedAuthority[] auths = authoritiesPopulator
+			// .getGrantedAuthorities(ldapTemplate.,
+			// user.getUsername());
+			// for (GrantedAuthority auth : auths) {
+			// user.getRoles().add(auth.getAuthority());
+			// }
+			// return user;
+		}
+	}
+
+}
diff --git a/security/runtime/org.argeo.security.mvc/pom.xml b/security/runtime/org.argeo.security.mvc/pom.xml
index 0fe4c2f51..68a3a7140 100644
--- a/security/runtime/org.argeo.security.mvc/pom.xml
+++ b/security/runtime/org.argeo.security.mvc/pom.xml
@@ -38,6 +38,13 @@
 		</plugins>
 	</build>
 	<dependencies>
+		<!-- Argeo Server -->
+		<dependency>
+			<groupId>org.argeo.commons.server</groupId>
+			<artifactId>org.argeo.server.core</artifactId>
+			<version>0.1.1-SNAPSHOT</version>
+		</dependency>
+	
 		<!-- Argeo Security -->
 		<dependency>
 			<groupId>org.argeo.commons.security</groupId>
diff --git a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java
index 7f5334564..505f0094f 100644
--- a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java
+++ b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java
@@ -1,15 +1,24 @@
 package org.argeo.security.mvc;
 
+import java.util.List;
+
 import org.argeo.security.ArgeoUser;
 import org.argeo.security.core.ArgeoUserDetails;
+import org.argeo.security.dao.RoleDao;
+import org.argeo.security.dao.UserDao;
+import org.argeo.server.BooleanAnswer;
+import org.argeo.server.ServerAnswer;
 import org.springframework.security.Authentication;
 import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 
 @Controller
 public class UsersRolesController {
+	private UserDao userDao;
+	private RoleDao roleDao;
 
 	@RequestMapping("/getCredentials.security")
 	@ModelAttribute("getCredentials")
@@ -17,6 +26,40 @@ public class UsersRolesController {
 		Authentication authentication = SecurityContextHolder.getContext()
 				.getAuthentication();
 
-		return ArgeoUserDetails.createBasicArgeoUser(authentication);
+		return ArgeoUserDetails.asArgeoUser(authentication);
+	}
+
+	@RequestMapping("/getUsersList.security")
+	@ModelAttribute("getUsersList")
+	public List<ArgeoUser> getUsersList() {
+		return userDao.listUsers();
+	}
+
+	@RequestMapping("/userExists.security")
+	@ModelAttribute("userExists")
+	public BooleanAnswer userExists(@RequestParam("username") String username) {
+		return new BooleanAnswer(userDao.userExists(username));
+	}
+
+	@RequestMapping("/deleteUser.security")
+	@ModelAttribute("deleteUser")
+	public ServerAnswer deleteUser(@RequestParam("username") String username) {
+		userDao.delete(username);
+		return ServerAnswer.ok(username + " deleted");
 	}
+
+	@RequestMapping("/getUserDetails.security")
+	@ModelAttribute("getUserDetails")
+	public ArgeoUser getUserDetails(@RequestParam("username") String username) {
+		return userDao.getUser(username);
+	}
+
+	public void setUserDao(UserDao userDao) {
+		this.userDao = userDao;
+	}
+
+	public void setRoleDao(RoleDao roleDao) {
+		this.roleDao = roleDao;
+	}
+
 }
diff --git a/server/runtime/org.argeo.server.core/src/main/java/org/argeo/server/BooleanAnswer.java b/server/runtime/org.argeo.server.core/src/main/java/org/argeo/server/BooleanAnswer.java
new file mode 100644
index 000000000..3823fa360
--- /dev/null
+++ b/server/runtime/org.argeo.server.core/src/main/java/org/argeo/server/BooleanAnswer.java
@@ -0,0 +1,21 @@
+package org.argeo.server;
+
+
+/** Answer to an execution of a remote service which performed changes. */
+public class BooleanAnswer {
+	private Boolean value = Boolean.TRUE;
+
+	/** Canonical constructor */
+	public BooleanAnswer(Boolean status) {
+		this.value = status;
+	}
+
+	/** Empty constructor */
+	public BooleanAnswer() {
+	}
+
+	public Boolean getValue() {
+		return value;
+	}
+
+}
-- 
2.30.2