Ajout du hashage des mots de passe dans Acegi

Correction en conséquence de SessionService Ajout d'une vérification de duplication d'email dans UserRegister
2008-02-03 20:37:51 +00:00
parent fe062a6766
commit 7e1042dbe9
7 changed files with 41 additions and 26 deletions
--- a/YACOSWeb/WebContent/WEB-INF/applicationContextAcegi.xml
+++ b/YACOSWeb/WebContent/WEB-INF/applicationContextAcegi.xml
@@ -42,12 +42,6 @@ http://www.springframework.org/schema/beans http://www.springframework.org/schem
  <property name="providers">
    <list>
      <ref local="daoAuthenticationProvider"/>
-      <bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
-        <property name="key" value="changeThis"/>
-      </bean>
-      <bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
-        <property name="key" value="changeThis"/>
-      </bean>
    </list>
  </property>
 </bean>
@@ -66,6 +60,12 @@ http://www.springframework.org/schema/beans http://www.springframework.org/schem
      </property>
    </bean>
  </property>
+  <property name="passwordEncoder" ref="passwordEncoder"/>
+</bean>
+
+<bean id="passwordEncoder" 
+		class="org.acegisecurity.providers.encoding.ShaPasswordEncoder">
+	<constructor-arg value="256"/>
 </bean>

 <bean id="userDetailsService" class="org.yacos.auth.UserDetailsService">
--- a/YACOSWeb/src/org/yacos/auth/UserDetails.java
+++ b/YACOSWeb/src/org/yacos/auth/UserDetails.java
@@ -59,7 +59,6 @@ public class UserDetails implements org.acegisecurity.userdetails.UserDetails {
 				authorities[i] = new GrantedAuthorityImpl("ROLE_"+rolesList.get(i).getType().name());
 			}
 		}
-		
 		return (GrantedAuthority[]) authorities;
 	}

--- a/YACOSWeb/src/org/yacos/web/PCmember/controller/ChoosePreferenceController.java
+++ b/YACOSWeb/src/org/yacos/web/PCmember/controller/ChoosePreferenceController.java
@@ -45,7 +45,7 @@ public class ChoosePreferenceController  extends SimpleFormController {
 		// TODO : mock object, replace with real user management
 		User toto = userManager.getUser("toto");
 		if(toto == null){
-			toto = userManager.addUser("toto", "toto", "Toto", "Toto", "Toto corp.", "toto@totocorp.com");
+			toto = userManager.addUser("toto",User.hashPassword("toto"), "Toto", "Toto", "Toto corp.", "toto@totocorp.com");
 		}
 		ArrayList<Preference> preferencesList = new ArrayList<Preference>();
 		Preference pref;
--- a/YACOSWeb/src/org/yacos/web/PCmember/controller/EvaluationController.java
+++ b/YACOSWeb/src/org/yacos/web/PCmember/controller/EvaluationController.java
@@ -114,7 +114,7 @@ public class EvaluationController  extends SimpleFormController {
        System.out.println("le title est: "+article.getTitle());
        User toto = userManager.getUser("toto");
 		if(toto == null){
-			toto = userManager.addUser("toto", "toto", "Toto", "Toto", "Toto corp.", "toto@totocorp.com");
+			toto = userManager.addUser("toto",User.hashPassword("toto"), "Toto", "Toto", "Toto corp.", "toto@totocorp.com");
 		}
 		
 		Report rpt =new Report(commentPCMember,commentAuthor,listeRating,toto,article);		
--- a/YACOSWeb/src/org/yacos/web/chairman/controller/AddConferenceController.java
+++ b/YACOSWeb/src/org/yacos/web/chairman/controller/AddConferenceController.java
@@ -95,6 +95,12 @@ public class AddConferenceController extends AbstractWizardFormController {
 		listPersonBean.remove(truePerson);
 		listPersonFiltered.remove(truePerson);
 	}
+	
+	public void addInvitation(String email){
+		PersonBean invitationBean = new PersonBean();
+		invitationBean.setLogin(email);
+		listPersonAdded.add(invitationBean);
+	}

 	public void deletePerson(PersonBean b) {

--- a/YACOSWeb/src/org/yacos/web/system/controller/SUserRegistrationController.java
+++ b/YACOSWeb/src/org/yacos/web/system/controller/SUserRegistrationController.java
@@ -10,6 +10,8 @@ import org.springframework.validation.BindException;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.mvc.SimpleFormController;
 import org.springframework.web.servlet.view.RedirectView;
+import org.yacos.core.exceptions.PKAlreadyUsedException;
+import org.yacos.core.exceptions.UserEMailAlreadyExistsException;
 import org.yacos.core.users.IUserManager;
 import org.yacos.core.users.User;
 import org.yacos.web.system.form.FormUser;
@@ -30,26 +32,28 @@ public class SUserRegistrationController extends SimpleFormController {
 	 */
 	@Override
 	protected ModelAndView onSubmit(HttpServletRequest request,
-			HttpServletResponse response, Object command, BindException errors)
-			throws Exception {
+			HttpServletResponse response, Object command, BindException errors) {
 		FormUser userCommand = (FormUser) command;
 		
 		// Tries to retrieve the current user : case of user modification
 		User user = SessionService.getInstance().getCurrentUser();
 		
-		if( (userCommand.getIsNew()) && (userManager.getUser(userCommand.getLogin()) != null)){
-			errors.rejectValue("login", "form.register.error.alreadyExists");
-			return new ModelAndView(new RedirectView(getFormView()));
-		}
-		
 		if( userCommand.getIsNew() ){
-			userManager.addUser(
-					userCommand.getLogin(),
-					userCommand.getPassword(),
-					userCommand.getFirstName(),
-					userCommand.getLastName(),
-					userCommand.getOrganization(),
-					userCommand.getEmail());
+			try {
+				userManager.addUser(
+						userCommand.getLogin(),
+						User.hashPassword(userCommand.getPassword()),
+						userCommand.getFirstName(),
+						userCommand.getLastName(),
+						userCommand.getOrganization(),
+						userCommand.getEmail());
+			} catch (PKAlreadyUsedException e) {
+				errors.rejectValue("login", "form.register.error.alreadyExists");
+				return new ModelAndView(new RedirectView(getFormView()));
+			} catch (UserEMailAlreadyExistsException e) {
+				errors.rejectValue("email", "form.register.error.alreadyExists");
+				return new ModelAndView(new RedirectView(getFormView()));
+			}
 		} else {
 			user.setEmail(userCommand.getEmail());
 			user.setFirstName(userCommand.getFirstName());
--- a/YACOSWeb/src/org/yacos/web/system/session/SessionService.java
+++ b/YACOSWeb/src/org/yacos/web/system/session/SessionService.java
@@ -7,7 +7,10 @@ import javax.servlet.ServletContext;
 import javax.servlet.http.HttpServletRequest;
 import org.acegisecurity.Authentication;
 import org.acegisecurity.context.SecurityContextHolder;
+import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
+import org.acegisecurity.providers.encoding.ShaPasswordEncoder;
+import org.acegisecurity.userdetails.UserDetails;
 import org.springframework.web.util.WebUtils;
 import org.yacos.auth.UserDetailsService;
 import org.yacos.core.conferences.Conference;
@@ -107,9 +110,12 @@ public class SessionService {
 		request.setAttribute("currentConference", currentConference);
 		// Refreshing user credentials
 		Authentication currentAuthentication = SecurityContextHolder.getContext().getAuthentication();
-		DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
-		authProvider.setUserDetailsService(new UserDetailsService());
-		SecurityContextHolder.getContext().setAuthentication(authProvider.authenticate(currentAuthentication));
+		if(currentAuthentication instanceof UsernamePasswordAuthenticationToken){
+			DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
+			authProvider.setPasswordEncoder(new ShaPasswordEncoder(256));
+			authProvider.setUserDetailsService(new UserDetailsService());
+			SecurityContextHolder.getContext().setAuthentication(authProvider.authenticate(currentAuthentication));
+		}
 	}
 	
 	/**