Author: echatellier Date: 2012-10-24 17:05:53 +0200 (Wed, 24 Oct 2012) New Revision: 230 Url: http://nuiton.org/repositories/revision/nuiton-web/230 Log: Encode password using md5 hash Add user and role delete action Modified: trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java trunk/nuiton-security/src/main/java/org/nuiton/web/security/TopiaSecurityRealm.java trunk/nuiton-security/src/main/java/org/nuiton/web/security/actions/RoleAction.java trunk/nuiton-security/src/main/java/org/nuiton/web/security/actions/UserAction.java trunk/nuiton-security/src/main/resources/WEB-INF/security/login.jsp trunk/nuiton-security/src/main/resources/WEB-INF/security/role-permissions.jsp trunk/nuiton-security/src/main/resources/WEB-INF/security/role.jsp trunk/nuiton-security/src/main/resources/WEB-INF/security/user-roles.jsp trunk/nuiton-security/src/main/resources/WEB-INF/security/user.jsp trunk/nuiton-security/src/main/resources/i18n/nuiton-security_en_GB.properties trunk/nuiton-security/src/main/resources/i18n/nuiton-security_fr_FR.properties Modified: trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java =================================================================== --- trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java 2012-10-24 12:43:58 UTC (rev 229) +++ trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java 2012-10-24 15:05:53 UTC (rev 230) @@ -59,7 +59,7 @@ public static final String ROOT_CONTEXT_CONTEXT = SecurityShiroFilter.class.getName() + "#" + TopiaContext.class.getName(); - protected static final String ANON_LOGIN = "anonymous"; + public static final String ANON_LOGIN = "anonymous"; public static final String SESSION_SAVED_URL = "savedUrl"; Modified: trunk/nuiton-security/src/main/java/org/nuiton/web/security/TopiaSecurityRealm.java =================================================================== --- trunk/nuiton-security/src/main/java/org/nuiton/web/security/TopiaSecurityRealm.java 2012-10-24 12:43:58 UTC (rev 229) +++ trunk/nuiton-security/src/main/java/org/nuiton/web/security/TopiaSecurityRealm.java 2012-10-24 15:05:53 UTC (rev 230) @@ -34,6 +34,7 @@ import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UsernamePasswordToken; +import org.apache.shiro.authc.credential.CredentialsMatcher; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; @@ -42,9 +43,10 @@ import org.nuiton.topia.TopiaException; import org.nuiton.topia.TopiaRuntimeException; import org.nuiton.util.ApplicationConfig; +import org.nuiton.util.StringUtil; import org.nuiton.web.SecurityDAOHelper; -public class TopiaSecurityRealm extends AuthorizingRealm { +public class TopiaSecurityRealm extends AuthorizingRealm implements CredentialsMatcher { private static final Log log = LogFactory.getLog(TopiaSecurityRealm.class); @@ -55,9 +57,21 @@ public TopiaSecurityRealm(TopiaContext rootContext, ApplicationConfig config) { this.rootContext = rootContext; this.config = config; + + setCredentialsMatcher(this); } @Override + public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) { + char[] tokenCredentials = (char[]) token.getCredentials(); + String submittedPassword = String.valueOf(tokenCredentials); + String submittedHashedPassword = StringUtil.encodeMD5(submittedPassword); + + String expectedHashedPassword = (String) info.getCredentials(); + return expectedHashedPassword.equals(submittedHashedPassword); + } + + @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { SimpleAuthorizationInfo result = null; @@ -162,7 +176,7 @@ if (securityUser != null) { if (login.equals(SecurityShiroFilter.ANON_LOGIN)) { result = new SimpleAuthenticationInfo(securityUser.getLogin(), - "", getName()); + StringUtil.encodeMD5(""), getName()); } else { result = new SimpleAuthenticationInfo(securityUser.getLogin(), securityUser.getPassword(), getName()); Modified: trunk/nuiton-security/src/main/java/org/nuiton/web/security/actions/RoleAction.java =================================================================== --- trunk/nuiton-security/src/main/java/org/nuiton/web/security/actions/RoleAction.java 2012-10-24 12:43:58 UTC (rev 229) +++ trunk/nuiton-security/src/main/java/org/nuiton/web/security/actions/RoleAction.java 2012-10-24 15:05:53 UTC (rev 230) @@ -26,6 +26,8 @@ package org.nuiton.web.security.actions; import org.apache.commons.lang3.StringUtils; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.nuiton.topia.TopiaContext; import org.nuiton.topia.TopiaException; import org.nuiton.topia.TopiaRuntimeException; @@ -39,6 +41,8 @@ /** serialVersionUID. */ private static final long serialVersionUID = 1L; + private static final Log log = LogFactory.getLog(RoleAction.class); + protected SecurityRoleDAO securityRoleDAO; protected SecurityRole role; @@ -48,7 +52,10 @@ String roleId = getParameter("roleId"); if (StringUtils.isNotBlank(roleId)) { try { + TopiaContext transaction = rootContext.beginTransaction(); + securityRoleDAO = SecurityDAOHelper.getSecurityRoleDAO(transaction); role = securityRoleDAO.findByTopiaId(roleId); + transaction.closeContext(); } catch (TopiaException ex) { throw new TopiaRuntimeException(ex); } @@ -59,6 +66,27 @@ return role; } + public String delete() throws Exception { + try { + String roleId = getParameter("roleId"); + if (StringUtils.isNotBlank(roleId)) { + TopiaContext transaction = rootContext.beginTransaction(); + securityRoleDAO = SecurityDAOHelper.getSecurityRoleDAO(transaction); + SecurityRole role = securityRoleDAO.findByTopiaId(roleId); + securityRoleDAO.delete(role); + transaction.commitTransaction(); + transaction.closeContext(); + } + + } catch (Exception ex) { + if (log.isErrorEnabled()) { + log.error("Can't delete role", ex); + } + } + + return SUCCESS; + } + @Override public String execute() throws Exception { String result = super.execute(); @@ -66,10 +94,10 @@ try { TopiaContext transaction = rootContext.beginTransaction(); securityRoleDAO = SecurityDAOHelper.getSecurityRoleDAO(transaction); - if (role.getTopiaId() == null) { - securityRoleDAO.create(role); + if (getRole().getTopiaId() == null) { + securityRoleDAO.create(getRole()); } else { - securityRoleDAO.update(role); + securityRoleDAO.update(getRole()); } transaction.commitTransaction(); transaction.closeContext(); Modified: trunk/nuiton-security/src/main/java/org/nuiton/web/security/actions/UserAction.java =================================================================== --- trunk/nuiton-security/src/main/java/org/nuiton/web/security/actions/UserAction.java 2012-10-24 12:43:58 UTC (rev 229) +++ trunk/nuiton-security/src/main/java/org/nuiton/web/security/actions/UserAction.java 2012-10-24 15:05:53 UTC (rev 230) @@ -24,10 +24,14 @@ package org.nuiton.web.security.actions; +import static org.nuiton.i18n.I18n._; import org.apache.commons.lang3.StringUtils; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.nuiton.topia.TopiaContext; import org.nuiton.topia.TopiaException; import org.nuiton.topia.TopiaRuntimeException; +import org.nuiton.util.StringUtil; import org.nuiton.web.SecurityDAOHelper; import org.nuiton.web.security.SecurityUser; import org.nuiton.web.security.SecurityUserDAO; @@ -38,16 +42,25 @@ /** serialVersionUID. */ private static final long serialVersionUID = 1L; + private static final Log log = LogFactory.getLog(UserAction.class); + protected SecurityUserDAO securityUserDAO; protected SecurityUser user; + protected String password; + + protected String confirm; + public SecurityUser getUser() { if (user == null) { String roleId = getParameter("userId"); if (StringUtils.isNotBlank(roleId)) { try { + TopiaContext transaction = rootContext.beginTransaction(); + securityUserDAO = SecurityDAOHelper.getSecurityUserDAO(transaction); user = securityUserDAO.findByTopiaId(roleId); + transaction.closeContext(); } catch (TopiaException ex) { throw new TopiaRuntimeException(ex); } @@ -58,13 +71,56 @@ return user; } + public void setPassword(String password) { + this.password = password; + } + + public void setConfirm(String confirm) { + this.confirm = confirm; + } + + public String delete() throws Exception { + try { + String roleId = getParameter("userId"); + if (StringUtils.isNotBlank(roleId)) { + TopiaContext transaction = rootContext.beginTransaction(); + securityUserDAO = SecurityDAOHelper.getSecurityUserDAO(transaction); + SecurityUser user = securityUserDAO.findByTopiaId(roleId); + securityUserDAO.delete(user); + transaction.commitTransaction(); + transaction.closeContext(); + } + } catch (Exception ex) { + if (log.isErrorEnabled()) { + log.error("Can't delete user", ex); + } + } + + return SUCCESS; + } + @Override + public void validate() { + if (StringUtils.isNotBlank(password)) { + if (!password.equals(confirm)) { + addActionError(_("Les mots de passes ne sont pas identiques !")); + } + } + } + + @Override public String execute() throws Exception { String result = super.execute(); try { TopiaContext transaction = rootContext.beginTransaction(); securityUserDAO = SecurityDAOHelper.getSecurityUserDAO(transaction); + + SecurityUser user = getUser(); + if (StringUtils.isNotBlank(password)) { + String md5Password = StringUtil.encodeMD5(password); + user.setPassword(md5Password); + } if (user.getTopiaId() == null) { securityUserDAO.create(user); } else { Modified: trunk/nuiton-security/src/main/resources/WEB-INF/security/login.jsp =================================================================== --- trunk/nuiton-security/src/main/resources/WEB-INF/security/login.jsp 2012-10-24 12:43:58 UTC (rev 229) +++ trunk/nuiton-security/src/main/resources/WEB-INF/security/login.jsp 2012-10-24 15:05:53 UTC (rev 230) @@ -1,24 +1,12 @@ <%-- #%L - Nuiton Web :: Nuiton Security + SGQ :: Web $Id:$ $HeadURL:$ %% - Copyright (C) 2012 CodeLutin, Chatellier Eric + Copyright (C) 2012 Herboristerie Cailleau %% - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Lesser General Public License as - published by the Free Software Foundation, either version 3 of the - License, or (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Lesser Public License for more details. - - You should have received a copy of the GNU General Lesser Public - License along with this program. If not, see - <http://www.gnu.org/licenses/lgpl-3.0.html>. + Herboristerie Cailleau - Tous droits réservés #L% --%> <%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> Modified: trunk/nuiton-security/src/main/resources/WEB-INF/security/role-permissions.jsp =================================================================== --- trunk/nuiton-security/src/main/resources/WEB-INF/security/role-permissions.jsp 2012-10-24 12:43:58 UTC (rev 229) +++ trunk/nuiton-security/src/main/resources/WEB-INF/security/role-permissions.jsp 2012-10-24 15:05:53 UTC (rev 230) @@ -1,24 +1,12 @@ <%-- #%L - Nuiton Web :: Nuiton Security + SGQ :: Web $Id:$ $HeadURL:$ %% - Copyright (C) 2012 CodeLutin, Chatellier Eric + Copyright (C) 2012 Herboristerie Cailleau %% - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Lesser General Public License as - published by the Free Software Foundation, either version 3 of the - License, or (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Lesser Public License for more details. - - You should have received a copy of the GNU General Lesser Public - License along with this program. If not, see - <http://www.gnu.org/licenses/lgpl-3.0.html>. + Herboristerie Cailleau - Tous droits réservés #L% --%> <%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> Modified: trunk/nuiton-security/src/main/resources/WEB-INF/security/role.jsp =================================================================== --- trunk/nuiton-security/src/main/resources/WEB-INF/security/role.jsp 2012-10-24 12:43:58 UTC (rev 229) +++ trunk/nuiton-security/src/main/resources/WEB-INF/security/role.jsp 2012-10-24 15:05:53 UTC (rev 230) @@ -1,24 +1,12 @@ <%-- #%L - Nuiton Web :: Nuiton Security + SGQ :: Web $Id:$ $HeadURL:$ %% - Copyright (C) 2012 CodeLutin, Chatellier Eric + Copyright (C) 2012 Herboristerie Cailleau %% - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Lesser General Public License as - published by the Free Software Foundation, either version 3 of the - License, or (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Lesser Public License for more details. - - You should have received a copy of the GNU General Lesser Public - License along with this program. If not, see - <http://www.gnu.org/licenses/lgpl-3.0.html>. + Herboristerie Cailleau - Tous droits réservés #L% --%> <%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> @@ -33,14 +21,14 @@ <div class="security-div"> <h1>Sécurité</h1> - - <s:if test='%{product.topiaId != null}'> - <h2>Nouveau rôle</h2> + + <s:if test='%{role.topiaId != null}'> + <h2>Modification d'un rôle</h2> </s:if> <s:else> - <h2>Modification d'un rôle</h2> + <h2>Nouveau rôle</h2> </s:else> - + <s:form action="role" namespace="/security" class="security-form"> <s:actionerror /> <s:hidden name="roleId" value="%{role.topiaId}" /> @@ -49,5 +37,12 @@ </s:form> </div> + <s:if test='%{role.topiaId != null}'> + <s:a action="role!delete" namespace="/security" class="delete"> + <s:param name="roleId"><s:property value="role.topiaId" /></s:param> + Supprimer + </s:a> + </s:if> + </body> </html> \ No newline at end of file Modified: trunk/nuiton-security/src/main/resources/WEB-INF/security/user-roles.jsp =================================================================== --- trunk/nuiton-security/src/main/resources/WEB-INF/security/user-roles.jsp 2012-10-24 12:43:58 UTC (rev 229) +++ trunk/nuiton-security/src/main/resources/WEB-INF/security/user-roles.jsp 2012-10-24 15:05:53 UTC (rev 230) @@ -1,24 +1,12 @@ <%-- #%L - Nuiton Web :: Nuiton Security + SGQ :: Web $Id:$ $HeadURL:$ %% - Copyright (C) 2012 CodeLutin, Chatellier Eric + Copyright (C) 2012 Herboristerie Cailleau %% - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Lesser General Public License as - published by the Free Software Foundation, either version 3 of the - License, or (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Lesser Public License for more details. - - You should have received a copy of the GNU General Lesser Public - License along with this program. If not, see - <http://www.gnu.org/licenses/lgpl-3.0.html>. + Herboristerie Cailleau - Tous droits réservés #L% --%> <%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> @@ -63,11 +51,16 @@ <th rowspan="<s:property value="users.size()" />" class="vertical">Utilisateurs</th> </s:if> <td> - <a href="<s:url action='user!input' namespace='/security'> - <s:param name="userId"><s:property value="topiaId" /></s:param> - </s:url>"> + <s:if test="login == @org.nuiton.web.security.SecurityShiroFilter@ANON_LOGIN"> <s:property value="login" /> - </a> + </s:if> + <s:else> + <a href="<s:url action='user!input' namespace='/security'> + <s:param name="userId"><s:property value="topiaId" /></s:param> + </s:url>"> + <s:property value="login" /> + </a> + </s:else> </td> <s:iterator value="roles" var="role"> <td> Modified: trunk/nuiton-security/src/main/resources/WEB-INF/security/user.jsp =================================================================== --- trunk/nuiton-security/src/main/resources/WEB-INF/security/user.jsp 2012-10-24 12:43:58 UTC (rev 229) +++ trunk/nuiton-security/src/main/resources/WEB-INF/security/user.jsp 2012-10-24 15:05:53 UTC (rev 230) @@ -1,24 +1,12 @@ <%-- #%L - Nuiton Web :: Nuiton Security + SGQ :: Web $Id:$ $HeadURL:$ %% - Copyright (C) 2012 CodeLutin, Chatellier Eric + Copyright (C) 2012 Herboristerie Cailleau %% - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Lesser General Public License as - published by the Free Software Foundation, either version 3 of the - License, or (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Lesser Public License for more details. - - You should have received a copy of the GNU General Lesser Public - License along with this program. If not, see - <http://www.gnu.org/licenses/lgpl-3.0.html>. + Herboristerie Cailleau - Tous droits réservés #L% --%> <%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> @@ -26,7 +14,7 @@ <%@taglib uri="/struts-tags" prefix="s" %> <html xmlns="http://www.w3.org/1999/xhtml"> <head> - <title>Secu</title> + <title>Sécurité</title> </head> <body> @@ -34,14 +22,28 @@ <div class="security-div"> <h1>Sécurité</h1> - <h2>Nouvel utilisateur</h2> + <s:if test='%{role.topiaId != null}'> + <h2>Modification d'un utilisateur</h2> + </s:if> + <s:else> + <h2>Nouveau utilisateur</h2> + </s:else> + <s:form action="user" namespace="/security" class="security-form"> <s:actionerror /> <s:hidden name="userId" value="%{user.topiaId}" /> <s:textfield label="Identifiant" name="user.login" value="%{user.login}"/> - <s:password label="Mot de passe" name="user.password" value="%{user.password}" /> + <s:password label="Mot de passe" name="password" /> + <s:password label="Confirmation" name="confirm" /> <s:submit label="Valider" /> </s:form> + + <s:if test='%{user.topiaId != null}'> + <s:a action="user!delete" namespace="/security" class="delete"> + <s:param name="userId"><s:property value="user.topiaId" /></s:param> + Supprimer + </s:a> + </s:if> </div> </body> </html> \ No newline at end of file Modified: trunk/nuiton-security/src/main/resources/i18n/nuiton-security_en_GB.properties =================================================================== --- trunk/nuiton-security/src/main/resources/i18n/nuiton-security_en_GB.properties 2012-10-24 12:43:58 UTC (rev 229) +++ trunk/nuiton-security/src/main/resources/i18n/nuiton-security_en_GB.properties 2012-10-24 15:05:53 UTC (rev 230) @@ -1,3 +1,4 @@ Compte\ bloqué.\ Contacter\ un\ administrateur= Identifiant\ ou\ mot\ de\ passe\ invalide\ \!= +Les\ mots\ de\ passes\ ne\ sont\ pas\ identiques\ \!= Nombre\ de\ tentatives\ dépassé= Modified: trunk/nuiton-security/src/main/resources/i18n/nuiton-security_fr_FR.properties =================================================================== --- trunk/nuiton-security/src/main/resources/i18n/nuiton-security_fr_FR.properties 2012-10-24 12:43:58 UTC (rev 229) +++ trunk/nuiton-security/src/main/resources/i18n/nuiton-security_fr_FR.properties 2012-10-24 15:05:53 UTC (rev 230) @@ -1,3 +1,4 @@ Compte\ bloqué.\ Contacter\ un\ administrateur= Identifiant\ ou\ mot\ de\ passe\ invalide\ \!= +Les\ mots\ de\ passes\ ne\ sont\ pas\ identiques\ \!= Nombre\ de\ tentatives\ dépassé=