\r
import java.util.ArrayList;\r
import java.util.Collection;\r
+import java.util.HashMap;\r
import java.util.List;\r
import java.util.Map;\r
import java.util.UUID;\r
import org.springframework.security.core.userdetails.UsernameNotFoundException;\r
import org.springframework.security.core.userdetails.cache.NullUserCache;\r
import org.springframework.stereotype.Service;\r
-import org.springframework.transaction.annotation.Propagation;\r
import org.springframework.transaction.annotation.Transactional;\r
import org.springframework.util.Assert;\r
\r
+import eu.etaxonomy.cdm.api.service.exception.ReferencedObjectUndeletableException;\r
import eu.etaxonomy.cdm.model.common.GrantedAuthorityImpl;\r
import eu.etaxonomy.cdm.model.common.Group;\r
import eu.etaxonomy.cdm.model.common.User;\r
this.grantedAuthorityDao = grantedAuthorityDao;\r
}\r
\r
- @Transactional(readOnly=false)\r
- protected Authentication createNewAuthentication(Authentication currentAuth, String newPassword) {\r
- UserDetails user = loadUserByUsername(currentAuth.getName());\r
-\r
- UsernamePasswordAuthenticationToken newAuthentication = new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities());\r
- newAuthentication.setDetails(currentAuth.getDetails());\r
-\r
- return newAuthentication;\r
- }\r
-\r
+ /**\r
+ * Changes the own password of in the database of the user which is\r
+ * currently authenticated. Requires to supply the old password for security\r
+ * reasons. Refreshes the authentication in the SecurityContext after the\r
+ * password change by re-authenticating the user with the new password.\r
+ *\r
+ * @see org.springframework.security.provisioning.UserDetailsManager#changePassword(java.lang.String,\r
+ * java.lang.String)\r
+ */\r
@Override\r
@Transactional(readOnly=false)\r
@PreAuthorize("isAuthenticated()")\r
Assert.hasText(newPassword);\r
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();\r
if(authentication != null && authentication.getPrincipal() != null && authentication.getPrincipal() instanceof User) {\r
+\r
+ // get current authentication and load it from the persistence layer,\r
+ // to make sure we are modifying the instance which is\r
+ // attached to the hibernate session\r
User user = (User)authentication.getPrincipal();\r
+ user = dao.load(user.getUuid());\r
\r
+ // check if old password is valid\r
authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(user.getUsername(), oldPassword));\r
\r
+ // make new password and set it\r
Object salt = this.saltSource.getSalt(user);\r
-\r
String password = passwordEncoder.encodePassword(newPassword, salt);\r
- ((User)user).setPassword(password);\r
+ user.setPassword(password);\r
+ dao.update(user);\r
\r
- dao.update((User)user);\r
- SecurityContextHolder.getContext().setAuthentication(createNewAuthentication(authentication, newPassword));\r
+ // authenticate the user again with the new password\r
+ UsernamePasswordAuthenticationToken newAuthentication = new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities());\r
+ newAuthentication.setDetails(authentication.getDetails());\r
+ SecurityContextHolder.getContext().setAuthentication(newAuthentication);\r
userCache.removeUserFromCache(user.getUsername());\r
+\r
} else {\r
throw new AccessDeniedException("Can't change password as no Authentication object found in context for current user.");\r
}\r
Object salt = this.saltSource.getSalt(user);\r
\r
String password = passwordEncoder.encodePassword(newPassword, salt);\r
- ((User)user).setPassword(password);\r
+ user.setPassword(password);\r
\r
- dao.update((User)user);\r
+ dao.update(user);\r
userCache.removeUserFromCache(user.getUsername());\r
} catch(NonUniqueResultException nure) {\r
throw new IncorrectResultSizeDataAccessException("More than one user found with name '" + username + "'", 1);\r
@Transactional(readOnly=false)\r
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")\r
public void createUser(UserDetails user) {\r
- Assert.isInstanceOf(User.class, user);\r
+ Assert.isInstanceOf(User.class, user);\r
\r
String rawPassword = user.getPassword();\r
Object salt = this.saltSource.getSalt(user);\r
String password = passwordEncoder.encodePassword(rawPassword, salt);\r
((User)user).setPassword(password);\r
\r
- dao.save((User)user);\r
+ UUID userUUID = dao.save((User)user);\r
+\r
+\r
}\r
\r
+\r
+\r
/* (non-Javadoc)\r
* @see org.springframework.security.provisioning.UserDetailsManager#deleteUser(java.lang.String)\r
*/\r
\r
User user = dao.findUserByUsername(username);\r
if(user != null) {\r
- dao.delete((User)user);\r
+ dao.delete(user);\r
}\r
\r
userCache.removeUserFromCache(username);\r
*/\r
// NOTE: this method must not be secured since it is being used during the\r
// authentication process\r
+ @Override\r
public UserDetails loadUserByUsername(String username)\r
throws UsernameNotFoundException, DataAccessException {\r
Assert.hasText(username);\r
}\r
}\r
\r
+ /* (non-Javadoc)\r
+ * @see org.springframework.security.provisioning.GroupManager#addGroupAuthority(java.lang.String, org.springframework.security.core.GrantedAuthority)\r
+ */\r
+ @Override\r
@Deprecated // use GroupService instead\r
@Transactional(readOnly=false)\r
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")\r
}\r
}\r
\r
+ /* (non-Javadoc)\r
+ * @see org.springframework.security.provisioning.GroupManager#addUserToGroup(java.lang.String, java.lang.String)\r
+ */\r
+ @Override\r
@Deprecated // use GroupService instead\r
@Transactional(readOnly=false)\r
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")\r
}\r
}\r
\r
+ /* (non-Javadoc)\r
+ * @see org.springframework.security.provisioning.GroupManager#createGroup(java.lang.String, java.util.List)\r
+ */\r
+ @Override\r
@Deprecated // use GroupService instead\r
@Transactional(readOnly=false)\r
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")\r
groupDao.save(group);\r
}\r
\r
+ /* (non-Javadoc)\r
+ * @see org.springframework.security.provisioning.GroupManager#deleteGroup(java.lang.String)\r
+ */\r
+ @Override\r
@Deprecated // use GroupService instead\r
@Transactional(readOnly=false)\r
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")\r
groupDao.delete(group);\r
}\r
\r
+ /* (non-Javadoc)\r
+ * @see org.springframework.security.provisioning.GroupManager#findAllGroups()\r
+ */\r
+ @Override\r
@Deprecated // use GroupService instead\r
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")\r
public List<String> findAllGroups() {\r
return groupDao.listNames(null,null);\r
}\r
\r
+ /* (non-Javadoc)\r
+ * @see org.springframework.security.provisioning.GroupManager#findGroupAuthorities(java.lang.String)\r
+ */\r
+ @Override\r
@Deprecated // use GroupService instead\r
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")\r
public List<GrantedAuthority> findGroupAuthorities(String groupName) {\r
return new ArrayList<GrantedAuthority>(group.getGrantedAuthorities());\r
}\r
\r
+ /* (non-Javadoc)\r
+ * @see org.springframework.security.provisioning.GroupManager#findUsersInGroup(java.lang.String)\r
+ */\r
+ @Override\r
@Deprecated // use GroupService instead\r
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")\r
public List<String> findUsersInGroup(String groupName) {\r
return users;\r
}\r
\r
+ /* (non-Javadoc)\r
+ * @see org.springframework.security.provisioning.GroupManager#removeGroupAuthority(java.lang.String, org.springframework.security.core.GrantedAuthority)\r
+ */\r
+ @Override\r
@Deprecated // use GroupService instead\r
@Transactional(readOnly=false)\r
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")\r
}\r
}\r
\r
+ /* (non-Javadoc)\r
+ * @see org.springframework.security.provisioning.GroupManager#removeUserFromGroup(java.lang.String, java.lang.String)\r
+ */\r
+ @Override\r
@Deprecated // use GroupService instead\r
@Transactional(readOnly=false)\r
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")\r
}\r
}\r
\r
+ /* (non-Javadoc)\r
+ * @see org.springframework.security.provisioning.GroupManager#renameGroup(java.lang.String, java.lang.String)\r
+ */\r
+ @Override\r
@Deprecated // use GroupService instead\r
@Transactional(readOnly=false)\r
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")\r
groupDao.update(group);\r
}\r
\r
+ /* (non-Javadoc)\r
+ * @see eu.etaxonomy.cdm.api.service.ServiceBase#save(eu.etaxonomy.cdm.model.common.CdmBase)\r
+ */\r
+ @Override\r
@Transactional(readOnly=false)\r
- @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_RUN_AS_ADMIN') or hasRole('ROLE_USER_MANAGER')")\r
+ // @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_RUN_AS_ADMIN') or hasRole('ROLE_USER_MANAGER')")\r
public UUID save(User user) {\r
if(user.getId() == 0 || dao.load(user.getUuid()) == null){\r
createUser(user);\r
return user.getUuid();\r
}\r
\r
+ /* (non-Javadoc)\r
+ * @see eu.etaxonomy.cdm.api.service.ServiceBase#update(eu.etaxonomy.cdm.model.common.CdmBase)\r
+ */\r
@Override\r
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")\r
public UUID update(User user) {\r
return user.getUuid();\r
}\r
\r
+ /* (non-Javadoc)\r
+ * @see eu.etaxonomy.cdm.api.service.IUserService#saveGrantedAuthority(org.springframework.security.core.GrantedAuthority)\r
+ */\r
@Override\r
@Transactional(readOnly=false)\r
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")\r
return grantedAuthorityDao.save((GrantedAuthorityImpl)grantedAuthority);\r
}\r
\r
- @Deprecated // use GroupService instead\r
- @Transactional(readOnly=false)\r
- @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")\r
- public UUID saveGroup(Group group) {\r
- return groupDao.save(group);\r
- }\r
+\r
\r
/* (non-Javadoc)\r
* @see eu.etaxonomy.cdm.api.service.IUserService#listByUsername(java.lang.String, eu.etaxonomy.cdm.persistence.query.MatchMode, java.util.List, java.lang.Integer, java.lang.Integer, java.util.List, java.util.List)\r
\r
@Override\r
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")\r
- public UUID delete(User persistentObject) {\r
+ public String delete(User persistentObject) {\r
return super.delete(persistentObject);\r
}\r
\r
@Override\r
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")\r
public Map<UUID, User> save(Collection<User> newInstances) {\r
- return super.save(newInstances);\r
+ Map<UUID, User> users = new HashMap<UUID, User>();\r
+ for (User user: newInstances){\r
+ createUser(user);\r
+ users.put(user.getUuid(), user);\r
+ }\r
+ return users;\r
}\r
\r
@Override\r