GeoServerUser.java

/* (c) 2014 Open Source Geospatial Foundation - all rights reserved
 * (c) 2001 - 2013 OpenPlans
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */
package org.geoserver.security.impl;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
import java.util.TreeSet;

import org.springframework.security.core.CredentialsContainer;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.util.StringUtils;

/**
 * GeoServer implementation of  {@link UserDetails}. 
 * 
 * @author christian
 */
public class GeoServerUser implements UserDetails, CredentialsContainer, Comparable<GeoServerUser> {

    private static final long serialVersionUID = 1L;

    
    public static final String DEFAULT_ADMIN_PASSWD="geoserver";
    public static final boolean AdminEnabled=true;
    public static final String ADMIN_USERNAME="admin";
    final public static String ROOT_USERNAME="root";
    final public static String ANONYMOUS_USERNAME="anonymous";

    /**
     * Create the geoserver default administrator
     */
    public static GeoServerUser createDefaultAdmin() {
        GeoServerUser admin = new GeoServerUser(ADMIN_USERNAME);
        admin.setPassword(DEFAULT_ADMIN_PASSWD);
        admin.setEnabled(AdminEnabled);
        return admin;
    }
    
    public static GeoServerUser createRoot() {
        GeoServerUser root = new GeoServerUser(GeoServerUser.ROOT_USERNAME);
        root.setPassword(null);
        root.setEnabled(true);
        Set<GrantedAuthority> roles = new HashSet<GrantedAuthority>();
        roles.add(GeoServerRole.ADMIN_ROLE);
        root.setAuthorities(roles);
        return root;
    }
    
    public static GeoServerUser createAnonymous() {
        GeoServerUser anon = new GeoServerUser(GeoServerUser.ANONYMOUS_USERNAME);
        anon.setPassword(null);
        anon.setEnabled(true);
        Set<GrantedAuthority> roles = new HashSet<GrantedAuthority>();
        roles.add(GeoServerRole.ANONYMOUS_ROLE);
        anon.setAuthorities(roles);
        return anon;
    }



    private String password;
    private String username;
    private boolean accountNonExpired;
    private boolean accountNonLocked;
    private boolean credentialsNonExpired;
    private boolean enabled;
    
    protected Properties properties;
    protected Collection<GrantedAuthority> authorities;

     

    public GeoServerUser(String username) {
        this.username=username;
        this.enabled = true;
        this.accountNonExpired=this.accountNonLocked=this.credentialsNonExpired = true;
        this.authorities=null;
    }

    public GeoServerUser(GeoServerUser other) {
        this.username = other.getUsername();
        this.password = other.getPassword();
        this.accountNonExpired = other.isAccountNonExpired();
        this.accountNonLocked = other.isAccountNonLocked();
        this.credentialsNonExpired = other.isCredentialsNonExpired();
        this.authorities = other.getAuthorities() != null ? 
            new ArrayList<GrantedAuthority>(other.getAuthorities()) : null;
    }

    /**
     * The user name.
     */
    public String getUsername() {
        return username;
    }

    /**
     * The user password.
     */
    public String getPassword() {
        return password;
    }

    public void setPassword(String passwd) {
        this.password = passwd;
    }

    /* (non-Javadoc)
     * @see org.springframework.security.core.userdetails.UserDetails#isEnabled()
     */
    public boolean isEnabled() {
        return enabled;
    }

    public void setEnabled(boolean enabled) {
        this.enabled = enabled;
    }

    /* (non-Javadoc)
     * @see org.springframework.security.core.userdetails.UserDetails#isAccountNonExpired()
     */
    public boolean isAccountNonExpired() {
        return accountNonExpired;
    }

    public void setAccountNonExpired(boolean accountNonExpired) {
        if (this.accountNonExpired!=accountNonExpired) {
            this.accountNonExpired = accountNonExpired;
        }
    }

    /* (non-Javadoc)
     * @see org.springframework.security.core.userdetails.UserDetails#isAccountNonLocked()
     */
    public boolean isAccountNonLocked() {
        return accountNonLocked;
    }

    public void setAccountNonLocked(boolean accountNonLocked) {
        if (this.accountNonLocked!=accountNonLocked) {
            this.accountNonLocked = accountNonLocked;
            //calculateGrantedAuthorities();
        }
    }

    /* (non-Javadoc)
     * @see org.springframework.security.core.userdetails.UserDetails#isCredentialsNonExpired()
     */
    public boolean isCredentialsNonExpired() {
        return credentialsNonExpired;
    }

    public void setCredentialsNonExpired(boolean credentialsNonExpired) {
        if (this.credentialsNonExpired!=credentialsNonExpired) {
            this.credentialsNonExpired = credentialsNonExpired;
            //calculateGrantedAuthorities();
        }
    }

    /* (non-Javadoc)
     * @see org.springframework.security.core.userdetails.UserDetails#getAuthorities()
     */
    public Collection<GrantedAuthority> getAuthorities() {
        if (authorities==null)
            authorities=Collections.unmodifiableSet(new TreeSet<GrantedAuthority>());
        return authorities;
    }

    /**
     * Set the roles of the user. 
     * 
     * @param roles
     */
    public void setAuthorities(Set<? extends GrantedAuthority> roles) {
        authorities=Collections.unmodifiableSet(roles);
    }

    /* (non-Javadoc)
     * @see org.springframework.security.core.CredentialsContainer#eraseCredentials()
     */
    public void eraseCredentials() {
        password = null;
    }

    /**
     * Additional properties associated with the user.
     * <p>
     * This typically is information filled in by the backend user/group service. For examples: 
     * eMail Address, telephone number, etc..
     * </p>
     */
    public Properties getProperties() {
        if (properties==null)
            properties = new Properties();
        return properties;
    }

    /* (non-Javadoc)
     * @see java.lang.Comparable#compareTo(java.lang.Object)
     */
    public int compareTo(GeoServerUser o) {
        if (o==null) return 1;
        return getUsername().compareTo(o.getUsername());
    }

    public GeoServerUser copy() {
        return new GeoServerUser(this);
    }

    /**
     * Returns {@code true} if the supplied object is a {@code User} instance with the
     * same {@code username} value.
     * <p>
     * In other words, the objects are equal if they have the same username, representing the
     * same principal.
     * </p>
     */
    @Override
    public boolean equals(Object rhs) {
        if (rhs instanceof GeoServerUser) {
            return username.equals(((GeoServerUser) rhs).username);
        }
        return false;
    }

    /**
     * Returns the hashcode of the {@code username}.
     */
    @Override
    public int hashCode() {
        return username.hashCode();
    }

    @Override
    public String toString() {
        StringBuilder sb = new StringBuilder();
        //sb.append(super.toString()).append(": ");
        sb.append("Username: ").append(this.username).append("; ");
        sb.append("Password: [PROTECTED]; ");
        sb.append("Enabled: ").append(this.enabled).append("; ");
        sb.append("AccountNonExpired: ").append(this.accountNonExpired).append("; ");
        sb.append("CredentialsNonExpired: ").append(this.credentialsNonExpired).append("; ");
        sb.append("AccountNonLocked: ").append(this.accountNonLocked).append("; ");
        sb.append(" [ ");
        if (authorities!=null)
            sb.append(StringUtils.collectionToCommaDelimitedString(authorities));
        sb.append(" ] ");
        
        return sb.toString();
    }
}