From 6ff556b317ff5edb29f542f0cfd230611d38fe80 Mon Sep 17 00:00:00 2001 From: Paulo Gustavo Veiga Date: Tue, 21 Feb 2012 16:36:19 -0300 Subject: [PATCH] Add configurable support for admin profile. --- .../main/java/com/wisemapping/model/User.java | 5 --- .../com/wisemapping/rest/AdminController.java | 10 +++--- .../security/AuthenticationProvider.java | 17 +++++---- .../com/wisemapping/security/UserDetails.java | 6 ++-- ...ilService.java => UserDetailsService.java} | 17 +++++++-- .../src/main/webapp/WEB-INF/app.properties | 15 ++++++-- .../main/webapp/WEB-INF/jsp-rest/userView.jsp | 35 +++++++++++++++++++ .../webapp/WEB-INF/wisemapping-security.xml | 11 ++++-- wise-webapp/src/test/sql/hsql/test-data.sql | 6 ++++ wise-webapp/src/test/sql/mysql/test-data.sql | 6 ++++ 10 files changed, 102 insertions(+), 26 deletions(-) rename wise-webapp/src/main/java/com/wisemapping/security/{UserDetailService.java => UserDetailsService.java} (77%) create mode 100644 wise-webapp/src/main/webapp/WEB-INF/jsp-rest/userView.jsp diff --git a/wise-webapp/src/main/java/com/wisemapping/model/User.java b/wise-webapp/src/main/java/com/wisemapping/model/User.java index 4e5ba43d..900b4ae9 100644 --- a/wise-webapp/src/main/java/com/wisemapping/model/User.java +++ b/wise-webapp/src/main/java/com/wisemapping/model/User.java @@ -25,7 +25,6 @@ public class User extends Collaborator implements Serializable { - private static final String ADMIN_EMAIL = "test@wisemapping.org"; private String firstname; private String lastname; private String password; @@ -132,8 +131,4 @@ public class User public void setUsername(String username) { this.username = username; } - - public boolean isAdmin() { - return ADMIN_EMAIL.equals(this.getEmail()); - } } diff --git a/wise-webapp/src/main/java/com/wisemapping/rest/AdminController.java b/wise-webapp/src/main/java/com/wisemapping/rest/AdminController.java index dfbdfaf8..69a13f4b 100644 --- a/wise-webapp/src/main/java/com/wisemapping/rest/AdminController.java +++ b/wise-webapp/src/main/java/com/wisemapping/rest/AdminController.java @@ -18,7 +18,7 @@ public class AdminController { @Autowired private UserService userService; - @RequestMapping(method = RequestMethod.GET, value = "admin/users/{id}", produces = {"application/xml", "application/json"}) + @RequestMapping(method = RequestMethod.GET, value = "admin/users/{id}", produces = {"application/xml", "application/json","text/html"}) @ResponseBody public ModelAndView getUserById(@PathVariable int id) throws IOException { final User userBy = userService.getUserBy(id); @@ -28,22 +28,24 @@ public class AdminController { return new ModelAndView("userView", "user", new RestUser(userBy)); } - @RequestMapping(method = RequestMethod.GET, value = "admin/users/email/{email}", produces = {"application/xml", "application/json"}) + @RequestMapping(method = RequestMethod.GET, value = "admin/users/email/{email}", produces = {"application/xml", "application/json","text/html"}) @ResponseBody public ModelAndView getUserByEmail(@PathVariable String email) throws IOException { final User userBy = userService.getUserBy(email); if (userBy == null) { - throw new IllegalArgumentException("User could not be found"); + throw new IllegalArgumentException("User '" + email + "' could not be found" ); } return new ModelAndView("userView", "user", new RestUser(userBy)); } @RequestMapping(method = RequestMethod.POST, value = "admin/users", consumes = {"application/xml", "application/json"}) - public void getUserByEmail(@RequestBody RestUser user) throws IOException, WiseMappingException { + public ModelAndView getUserByEmail(@RequestBody RestUser user) throws IOException, WiseMappingException { if (user == null) { throw new IllegalArgumentException("User could not be found"); } userService.createUser(user.getDelegated(), false); + return new ModelAndView("responseView", "message", "User created successfully"); + } } diff --git a/wise-webapp/src/main/java/com/wisemapping/security/AuthenticationProvider.java b/wise-webapp/src/main/java/com/wisemapping/security/AuthenticationProvider.java index 0f1a3030..48454c66 100644 --- a/wise-webapp/src/main/java/com/wisemapping/security/AuthenticationProvider.java +++ b/wise-webapp/src/main/java/com/wisemapping/security/AuthenticationProvider.java @@ -1,10 +1,8 @@ package com.wisemapping.security; -import com.wisemapping.dao.UserManager; import com.wisemapping.model.User; import org.jetbrains.annotations.NotNull; -import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.encoding.PasswordEncoder; @@ -13,8 +11,7 @@ import org.springframework.security.core.AuthenticationException; public class AuthenticationProvider implements org.springframework.security.authentication.AuthenticationProvider { - private UserManager userManager; - + private UserDetailsService userDetailsService; private PasswordEncoder encoder; @Override() @@ -23,13 +20,12 @@ public class AuthenticationProvider implements org.springframework.security.auth // All your user authentication needs final String email = auth.getName(); - final User user = userManager.getUserBy(email); + final UserDetails userDetails = getUserDetailsService().loadUserByUsername(email); + final User user = userDetails.getUser(); final String credentials = (String) auth.getCredentials(); if (user == null || credentials == null || !encoder.isPasswordValid(user.getPassword(), credentials, null)) { throw new BadCredentialsException("Username/Password does not match for " + auth.getPrincipal()); } - - final UserDetails userDetails = new UserDetails(user); return new UsernamePasswordAuthenticationToken(userDetails, credentials, userDetails.getAuthorities()); } @@ -42,8 +38,11 @@ public class AuthenticationProvider implements org.springframework.security.auth this.encoder = encoder; } - public void setUserManager(UserManager userManager) { - this.userManager = userManager; + public UserDetailsService getUserDetailsService() { + return userDetailsService; } + public void setUserDetailsService(UserDetailsService userDetailsService) { + this.userDetailsService = userDetailsService; + } } diff --git a/wise-webapp/src/main/java/com/wisemapping/security/UserDetails.java b/wise-webapp/src/main/java/com/wisemapping/security/UserDetails.java index e9da42d9..cb09c68e 100644 --- a/wise-webapp/src/main/java/com/wisemapping/security/UserDetails.java +++ b/wise-webapp/src/main/java/com/wisemapping/security/UserDetails.java @@ -28,14 +28,16 @@ import java.util.Collection; public class UserDetails implements org.springframework.security.core.userdetails.UserDetails { private com.wisemapping.model.User user; + private boolean isAdmin; - public UserDetails(@NotNull final com.wisemapping.model.User user) { + public UserDetails(@NotNull final com.wisemapping.model.User user, boolean isAdmin) { this.user = user; + this.isAdmin = isAdmin; } public Collection getAuthorities() { final Collection result = new ArrayList(); - if(this.getUser().isAdmin()) { + if (this.isAdmin) { final SimpleGrantedAuthority role_admin = new SimpleGrantedAuthority("ROLE_ADMIN"); result.add(role_admin); } diff --git a/wise-webapp/src/main/java/com/wisemapping/security/UserDetailService.java b/wise-webapp/src/main/java/com/wisemapping/security/UserDetailsService.java similarity index 77% rename from wise-webapp/src/main/java/com/wisemapping/security/UserDetailService.java rename to wise-webapp/src/main/java/com/wisemapping/security/UserDetailsService.java index 4a83a481..d5285236 100644 --- a/wise-webapp/src/main/java/com/wisemapping/security/UserDetailService.java +++ b/wise-webapp/src/main/java/com/wisemapping/security/UserDetailsService.java @@ -20,25 +20,31 @@ package com.wisemapping.security; import com.wisemapping.dao.UserManager; import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; import org.springframework.dao.DataAccessException; import org.springframework.security.core.userdetails.UsernameNotFoundException; -public class UserDetailService +public class UserDetailsService implements org.springframework.security.core.userdetails.UserDetailsService { private UserManager userManager; + private String adminUser; @Override public UserDetails loadUserByUsername(@NotNull String email) throws UsernameNotFoundException, DataAccessException { final com.wisemapping.model.User model = userManager.getUserBy(email); if (model != null) { - return new UserDetails(model); + return new UserDetails(model, isAdmin(email)); } else { throw new UsernameNotFoundException(email); } } + private boolean isAdmin(@Nullable String email) { + return email != null && adminUser != null && email.trim().endsWith(adminUser); + } + public UserManager getUserManager() { return userManager; } @@ -47,4 +53,11 @@ public class UserDetailService this.userManager = userManager; } + public String getAdminUser() { + return adminUser; + } + + public void setAdminUser(String adminUser) { + this.adminUser = adminUser; + } } diff --git a/wise-webapp/src/main/webapp/WEB-INF/app.properties b/wise-webapp/src/main/webapp/WEB-INF/app.properties index 30659d8f..d7c00098 100755 --- a/wise-webapp/src/main/webapp/WEB-INF/app.properties +++ b/wise-webapp/src/main/webapp/WEB-INF/app.properties @@ -16,8 +16,6 @@ database.hibernate.dialect=org.hibernate.dialect.HSQLDialect database.username=sa database.password= -# Enable/Disable user confirmation by e-mail. If it's enabled, mail must be configured. -user.confirm.registration=false ################################################################################## # Mail configuration. Must be configured to enable user registration confirmation. @@ -34,3 +32,16 @@ mail.user= mail.password= mail.registrationEmail=root@localhost mail.siteEmail=root@localhost + + +################################################################################## +# Site configuration +################################################################################## + +# Enable/Disable user registration confirmation by e-mail. If it's enabled, mail must be configured. +user.confirm.registration=false + +# Site administration user. This user will have special permissions for operations such as removing users, set password +# etc. +admin.user = admin@wisemapping.org + diff --git a/wise-webapp/src/main/webapp/WEB-INF/jsp-rest/userView.jsp b/wise-webapp/src/main/webapp/WEB-INF/jsp-rest/userView.jsp new file mode 100644 index 00000000..7c568172 --- /dev/null +++ b/wise-webapp/src/main/webapp/WEB-INF/jsp-rest/userView.jsp @@ -0,0 +1,35 @@ +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %> +<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> + + + + Mindmap Detail + + +

Details for User with id '${user.id}'

+ + + + + + + + + + + + + + + + + + + + + + + +
Email:${user.email}
Fist Name:${user.firstname}
Last Name:${user.lastname}
Username:${user.username}
Active:${user.active}
+ + \ No newline at end of file diff --git a/wise-webapp/src/main/webapp/WEB-INF/wisemapping-security.xml b/wise-webapp/src/main/webapp/WEB-INF/wisemapping-security.xml index 88d0108d..256c2640 100644 --- a/wise-webapp/src/main/webapp/WEB-INF/wisemapping-security.xml +++ b/wise-webapp/src/main/webapp/WEB-INF/wisemapping-security.xml @@ -8,6 +8,11 @@ http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> + + + + + @@ -50,11 +55,13 @@ - + - + + + \ No newline at end of file diff --git a/wise-webapp/src/test/sql/hsql/test-data.sql b/wise-webapp/src/test/sql/hsql/test-data.sql index 45519d51..54318c6d 100644 --- a/wise-webapp/src/test/sql/hsql/test-data.sql +++ b/wise-webapp/src/test/sql/hsql/test-data.sql @@ -1,5 +1,11 @@ INSERT INTO COLABORATOR(id,email,creation_date) values (1,'test@wisemapping.org',CURDATE()); INSERT INTO USER (colaborator_id,username,firstname, lastname, password, activationCode,activation_date,allowSendEmail) values(1,'WiseMapping Test User','Wise','test', 'ENC:a94a8fe5ccb19ba61c4c0873d391e987982fbbd3',1237,CURDATE(),1); + +INSERT INTO COLABORATOR(id,email,creation_date) values (2,'admin@wisemapping.org',CURDATE()); +INSERT INTO USER (colaborator_id,username,firstname, lastname, password, activationCode,activation_date,allowSendEmail) +values(2,'WiseMapping Admin User','Wise','test', 'admin',1237,CURDATE(),1); + + COMMIT; SHUTDOWN; \ No newline at end of file diff --git a/wise-webapp/src/test/sql/mysql/test-data.sql b/wise-webapp/src/test/sql/mysql/test-data.sql index 82db4a9a..fc794d3d 100644 --- a/wise-webapp/src/test/sql/mysql/test-data.sql +++ b/wise-webapp/src/test/sql/mysql/test-data.sql @@ -1,4 +1,10 @@ INSERT INTO COLABORATOR(id,email,creation_date) values (1,'test@wisemapping.org',CURRENT_DATE()); INSERT INTO USER (colaborator_id,username,firstname, lastname, password, activationCode,activation_date,allowSendEmail) values(1,'WiseMapping Test User','Wise','Test', 'ENC:a94a8fe5ccb19ba61c4c0873d391e987982fbbd3',1237,CURRENT_DATE(),1); + +INSERT INTO COLABORATOR(id,email,creation_date) values (2,'admin@wisemapping.org',CURRENT_DATE()); +INSERT INTO USER (colaborator_id,username,firstname, lastname, password, activationCode,activation_date,allowSendEmail) +values(2,'WiseMapping Admin User','Wise','Test', 'admin',1237,CURRENT_DATE(),1); + + COMMIT;