/* Copyright (c) 2001 - 2007 TOPP - www.openplans.org. All rights reserved. * This code is licensed under the GPL 2.0 license, availible at the root * application directory. */ package org.geoserver.security; import java.io.File; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.util.ArrayList; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Properties; import java.util.Set; import java.util.TreeMap; import java.util.TreeSet; import java.util.logging.Level; import java.util.logging.Logger; import org.acegisecurity.GrantedAuthority; import org.acegisecurity.userdetails.User; import org.acegisecurity.userdetails.UserDetails; import org.acegisecurity.userdetails.UserDetailsService; import org.acegisecurity.userdetails.UsernameNotFoundException; import org.acegisecurity.userdetails.memory.UserAttribute; import org.acegisecurity.userdetails.memory.UserAttributeEditor; import org.geoserver.config.GeoServer; import org.geoserver.config.GeoServerInfo; import org.geoserver.platform.GeoServerExtensions; import org.springframework.dao.DataAccessException; import org.springframework.dao.DataAccessResourceFailureException; import org.vfny.geoserver.global.ConfigurationException; import org.vfny.geoserver.global.GeoserverDataDirectory; /** * A simple DAO reading/writing the user's property files * * @author Andrea Aime - OpenGeo * */ public class GeoserverUserDao implements UserDetailsService { /** logger */ static Logger LOGGER = org.geotools.util.logging.Logging.getLogger("org.geoserver.security"); TreeMap<String, User> userMap; PropertyFileWatcher userDefinitionsFile; File securityDir; GeoServer geoServer; /** * Returns the {@link GeoserverUserDao} instance registered in the GeoServer Spring context */ public static GeoserverUserDao get() { return GeoServerExtensions.bean(GeoserverUserDao.class); } public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { checkUserMap(); UserDetails user = userMap.get(username); if (user == null) throw new UsernameNotFoundException("Could not find user: " + username); return user; } /** * Either loads the default property file on the first access, or reloads it if it has been * modified since last access. * * @throws DataAccessResourceFailureException */ void checkUserMap() throws DataAccessResourceFailureException { InputStream is = null; OutputStream os = null; if ((userMap == null) || ((userDefinitionsFile != null) && userDefinitionsFile.isStale())) { try { if (userDefinitionsFile == null) { File propFile = new File(securityDir, "users.properties"); if (!propFile.exists()) { // we're probably dealing with an old data dir, create // the file without // changing the username and password if possible Properties p = new Properties(); GeoServerInfo global = geoServer.getGlobal(); if ((geoServer != null) && (global.getAdminUsername() != null) && !global.getAdminUsername().trim().equals("")) { p.put(global.getAdminUsername(), global.getAdminPassword() + ",ROLE_ADMINISTRATOR"); } else { p.put("admin", "geoserver,ROLE_ADMINISTRATOR"); } os = new FileOutputStream(propFile); p.store(os, "Format: name=password,ROLE1,...,ROLEN"); os.close(); // setup a sample service.properties File serviceFile = new File(securityDir, "service.properties"); os = new FileOutputStream(serviceFile); is = GeoserverUserDao.class .getResourceAsStream("serviceTemplate.properties"); byte[] buffer = new byte[1024]; int count = 0; while ((count = is.read(buffer)) > 0) { os.write(buffer, 0, count); } } userDefinitionsFile = new PropertyFileWatcher(propFile); } userMap = loadUsersFromProperties(userDefinitionsFile.getProperties()); } catch (Exception e) { LOGGER.log(Level.SEVERE, "An error occurred loading user definitions", e); } finally { if (is != null) try { is.close(); } catch (IOException ei) { /* nothing to do */ } if (os != null) try { os.close(); } catch (IOException eo) { /* nothing to do */ } } } } /** * Get the list of roles currently known by users (there's guarantee the well known * ROLE_ADMINISTRATOR will be part of the lot) */ public List<String> getRoles() { checkUserMap(); Set<String> roles = new TreeSet<String>(); roles.add("ROLE_ADMINISTRATOR"); for (User user : getUsers()) { for (GrantedAuthority ga : user.getAuthorities()) { roles.add(ga.getAuthority()); } } return new ArrayList<String>(roles); } /** * Returns the list of users. To be used for UI editing of users, it's a live map * * @return */ public List<User> getUsers() { checkUserMap(); return new ArrayList(userMap.values()); } /** * Adds a user in the user map * @param user */ public void putUser(User user) { checkUserMap(); if(userMap.containsKey(user.getUsername())) throw new IllegalArgumentException("The user " + user.getUsername() + " already exists"); else userMap.put(user.getUsername(), user); } /** * Updates a user in the user map * @param user */ public void setUser(User user) { checkUserMap(); if(userMap.containsKey(user.getUsername())) userMap.put(user.getUsername(), user); else throw new IllegalArgumentException("The user " + user.getUsername() + " already exists"); } /** * Removes the specified user from the users list * @param username * @return */ public boolean removeUser(String username) { checkUserMap(); return userMap.remove(username) != null; } /** * Writes down the current users map to file system */ public void storeUsers() throws IOException { FileOutputStream os = null; try { // turn back the users into a users map Properties p = storeUsersToProperties(userMap); // write out to the data dir File propFile = new File(securityDir, "users.properties"); os = new FileOutputStream(propFile); p.store(os, null); } catch (Exception e) { if (e instanceof IOException) throw (IOException) e; else throw (IOException) new IOException( "Could not write updated users list to file system").initCause(e); } finally { if (os != null) os.close(); } } public GeoServer getGeoServer() { return geoServer; } public void setGeoServer(GeoServer geoServer) throws ConfigurationException { this.geoServer = geoServer; securityDir = GeoserverDataDirectory.findCreateConfigDir("security"); } /** * Force the dao to reload its definitions from the file */ public void reload() { userDefinitionsFile = null; } /** * Loads the user from property file into the users map * * @param users * @param props */ TreeMap<String, User> loadUsersFromProperties(Properties props) { TreeMap<String, User> users = new TreeMap<String, User>(); UserAttributeEditor configAttribEd = new UserAttributeEditor(); for (Iterator iter = props.keySet().iterator(); iter.hasNext();) { // the attribute editors parses the list of strings into password, username and enabled // flag String username = (String) iter.next(); configAttribEd.setAsText(props.getProperty(username)); // if the parsing succeeded turn that into a user object UserAttribute attr = (UserAttribute) configAttribEd.getValue(); if (attr != null) { User user = createUserObject(username, attr.getPassword(), attr.isEnabled(), attr.getAuthorities()); users.put(username, user); } } return users; } protected User createUserObject(String username,String password, boolean isEnabled,GrantedAuthority[] authorities) { return new User(username, password, isEnabled, true, true, true, authorities); } /** * Stores the provided user map into a properties object * * @param userMap * @return */ Properties storeUsersToProperties(Map<String, User> userMap) { Properties p = new Properties(); for (User user : userMap.values()) { p.setProperty(user.getUsername(), serializeUser(user)); } return p; } /** * Turns the users password, granted authorities and enabled state into a property file value * * @param user * @return */ String serializeUser(User user) { StringBuffer sb = new StringBuffer(); sb.append(user.getPassword()); sb.append(","); for (GrantedAuthority ga : user.getAuthorities()) { sb.append(ga.getAuthority()); sb.append(","); } sb.append(user.isEnabled() ? "enabled" : "disabled"); return sb.toString(); } }