RenJuan/TASKPM
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ItEr37S07ArquitecturaServidorItEr36S10: first part of the integration of the Spring Security authentication provider with database user information.

Browse source 
First part of the integration of the Spring Security authentication provider with database user information.
This commit is contained in:
Fernando Bellas Permuy 2009-12-03 19:35:04 +01:00 committed by Javier Moran Rua
parent 3d0ad4e94d
commit 44c3ce2942
8 changed files with 83 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
navalplanner-business/src/main/java/org/navalplanner/business/users/bootstrap/IUsersBootstrap.java → navalplanner-webapp/src/main/java/org/navalplanner/web/users/bootstrap/IUsersBootstrap.java
View file

@ -18,7 +18,7 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.navalplanner.business.users.bootstrap;
package org.navalplanner.web.users.bootstrap;
import org.navalplanner.business.IDataBootstrap;

10
navalplanner-business/src/main/java/org/navalplanner/business/users/bootstrap/MandatoryUser.java → navalplanner-webapp/src/main/java/org/navalplanner/web/users/bootstrap/MandatoryUser.java
View file

@ -18,7 +18,7 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.navalplanner.business.users.bootstrap;
package org.navalplanner.web.users.bootstrap;
import java.util.Arrays;
import java.util.Collection;
@ -44,6 +44,14 @@ public enum MandatoryUser {
this.initialRoles = new HashSet<UserRole>(initialUserRoles);
}
public String getLoginName() {
return this.name().toLowerCase();
}
public String getClearPassword() {
return getLoginName();
}
public Set<UserRole> getInitialRoles() {
return initialRoles;
}

7
navalplanner-business/src/main/java/org/navalplanner/business/users/bootstrap/UsersBootstrap.java → navalplanner-webapp/src/main/java/org/navalplanner/web/users/bootstrap/UsersBootstrap.java
View file

@ -18,7 +18,7 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.navalplanner.business.users.bootstrap;
package org.navalplanner.web.users.bootstrap;
import org.navalplanner.business.users.daos.IUserDAO;
import org.navalplanner.business.users.entities.User;
@ -47,9 +47,10 @@ public class UsersBootstrap implements IUsersBootstrap {
private void createUserIfNotExists(MandatoryUser u) {
if (!userDAO.existsByLoginName(u.name())) {
if (!userDAO.existsByLoginName(u.getLoginName())) {
userDAO.save(User.create(u.name(), u.name(), u.getInitialRoles()));
userDAO.save(User.create(u.getLoginName(), u.getClearPassword(),
u.getInitialRoles()));
}

10
navalplanner-webapp/src/main/java/org/navalplanner/web/security/DefaultUserDetailsService.java → navalplanner-webapp/src/main/java/org/navalplanner/web/users/services/DefaultUserDetailsService.java
View file

@ -18,7 +18,7 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.navalplanner.web.security;
package org.navalplanner.web.users.services;
import static org.navalplanner.web.I18nHelper._;
@ -33,6 +33,7 @@ import org.springframework.dao.DataAccessException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@ -44,14 +45,13 @@ import org.springframework.transaction.annotation.Transactional;
*
* @author Fernando Bellas Permuy <fbellas@udc.es>
*/
@Service
// FIXME public class DefaultUserDetailsService implements UserDetailsService {
public class DefaultUserDetailsService {
@Service("defaultUserDetailsService")
public class DefaultUserDetailsService implements UserDetailsService {
@Autowired
private IUserDAO userDAO;
// FIXME @Override
@Override
@Transactional(readOnly=true)
public UserDetails loadUserByUsername(String loginName)
throws UsernameNotFoundException, DataAccessException {

43
navalplanner-webapp/src/main/java/org/navalplanner/web/users/services/IPasswordEncoderService.java Normal file
View file

@ -0,0 +1,43 @@
/*
* This file is part of ###PROJECT_NAME###
*
* Copyright (C) 2009 Fundación para o Fomento da Calidade Industrial e
* Desenvolvemento Tecnolóxico de Galicia
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.navalplanner.web.users.services;
/**
* Service for encoding passwords when information about users
* is stored in the database. In particular, it must be used to encode a
* password when creating a user and to change a user's password. For
* maximum flexibility, the implementation of the service uses the password
* encoder and the salt source configured in the Spring Security configuration
* file (in consequence, it is possible to change the configuration to use
* any password encoder and/or salt source without modifying the
* implementation of this service). The only restriction the implementation
* imposes is that when using a reflection-based salt source, the "username"
* property must be specified.
* <b/>
* When information about users is maintained externally (e.g. in a LDAP
* server), this service is not used, since the Web application is not
* in charge of creating users or changing passwords.
*
* @author Fernando Bellas Permuy <fbellas@udc.es>
*/
public interface IPasswordEncoderService {
}

11
navalplanner-webapp/src/main/resources/navalplanner-webapp-spring-security-config.xml
View file

@ -28,11 +28,12 @@
</http>
<authentication-provider>
<user-service>
<user name="user" password="user" authorities="ROLE_BASIC_USER" />
<user name="admin" password="admin" authorities="ROLE_ADMINISTRATION, ROLE_BASIC_USER" />
</user-service>
<authentication-provider user-service-ref="defaultUserDetailsService">
<password-encoder hash="md5">
<!-- NOTE: see IPasswordEncoderService's JavaDoc for restrictions
on "user-property". -->
<salt-source user-property="username"/>
</password-encoder>
</authentication-provider>
</beans:beans>

15
navalplanner-business/src/test/java/org/navalplanner/business/test/users/bootstrap/UsersBootstrapTest.java → navalplanner-webapp/src/test/java/org/navalplanner/web/test/users/bootstrap/UsersBootstrapTest.java
View file

@ -18,19 +18,20 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.navalplanner.business.test.users.bootstrap;
package org.navalplanner.web.test.users.bootstrap;
import static org.junit.Assert.assertEquals;
import static org.navalplanner.business.BusinessGlobalNames.BUSINESS_SPRING_CONFIG_FILE;
import static org.navalplanner.business.test.BusinessGlobalNames.BUSINESS_SPRING_CONFIG_TEST_FILE;
import static org.navalplanner.web.WebappGlobalNames.WEBAPP_SPRING_CONFIG_FILE;
import static org.navalplanner.web.test.WebappGlobalNames.WEBAPP_SPRING_CONFIG_TEST_FILE;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.navalplanner.business.common.exceptions.InstanceNotFoundException;
import org.navalplanner.business.users.bootstrap.IUsersBootstrap;
import org.navalplanner.business.users.bootstrap.MandatoryUser;
import org.navalplanner.business.users.daos.IUserDAO;
import org.navalplanner.business.users.entities.User;
import org.navalplanner.web.users.bootstrap.IUsersBootstrap;
import org.navalplanner.web.users.bootstrap.MandatoryUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
@ -43,7 +44,7 @@ import org.springframework.transaction.annotation.Transactional;
*/
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = { BUSINESS_SPRING_CONFIG_FILE,
BUSINESS_SPRING_CONFIG_TEST_FILE })
WEBAPP_SPRING_CONFIG_FILE, WEBAPP_SPRING_CONFIG_TEST_FILE })
@Transactional
public class UsersBootstrapTest {
@ -72,9 +73,9 @@ public class UsersBootstrapTest {
for (MandatoryUser u : MandatoryUser.values()) {
User user = userDAO.findByLoginName(u.name());
User user = userDAO.findByLoginName(u.getLoginName());
assertEquals(u.name(), user.getLoginName());
assertEquals(u.getLoginName(), user.getLoginName());
assertEquals(u.getInitialRoles(), user.getRoles());
}

15
navalplanner-webapp/src/test/java/org/navalplanner/web/test/security/UserDetailsServiceTest.java → navalplanner-webapp/src/test/java/org/navalplanner/web/test/users/services/UserDetailsServiceTest.java
View file

@ -18,7 +18,7 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.navalplanner.web.test.security;
package org.navalplanner.web.test.users.services;
import static org.junit.Assert.assertEquals;
import static org.navalplanner.business.BusinessGlobalNames.BUSINESS_SPRING_CONFIG_FILE;
@ -30,13 +30,13 @@ import java.util.Set;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.navalplanner.business.users.bootstrap.IUsersBootstrap;
import org.navalplanner.business.users.bootstrap.MandatoryUser;
import org.navalplanner.business.users.entities.UserRole;
import org.navalplanner.web.security.DefaultUserDetailsService;
import org.navalplanner.web.users.bootstrap.IUsersBootstrap;
import org.navalplanner.web.users.bootstrap.MandatoryUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.transaction.annotation.Transactional;
@ -54,8 +54,7 @@ import org.springframework.transaction.annotation.Transactional;
public class UserDetailsServiceTest {
@Autowired
// FIXME private UserDetailsService userDetailsService;
private DefaultUserDetailsService userDetailsService;
private UserDetailsService userDetailsService;
@Autowired
private IUsersBootstrap usersBootstrap;
@ -68,9 +67,9 @@ public class UserDetailsServiceTest {
for (MandatoryUser u : MandatoryUser.values()) {
UserDetails userDetails =
userDetailsService.loadUserByUsername(u.name());
userDetailsService.loadUserByUsername(u.getLoginName());
assertEquals(u.name(), userDetails.getUsername());
assertEquals(u.getLoginName(), userDetails.getUsername());
assertEquals(u.getInitialRoles(), getUserRoles(userDetails));