From ace5dd1f1e6ff6ef6d688ff5422cdcd9adc03162 Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mitre.org>
Date: Wed, 13 Jun 2012 16:33:55 -0400
Subject: [PATCH] imported userinfouserdetails filter from MITRE codebase

---
 .../repository/UserInfoRepository.java        |  2 +-
 openid-connect-server/.springBeans            |  2 +
 .../impl/JpaUserInfoRepository.java           |  2 +-
 .../impl/UserInfoUserDetailsService.java      | 77 +++++++++++++++++++
 .../src/main/webapp/WEB-INF/local-config.xml  |  9 +++
 .../main/webapp/WEB-INF/spring-servlet.xml    |  4 +
 .../src/main/webapp/WEB-INF/tags/topbar.tag   |  2 +-
 7 files changed, 95 insertions(+), 3 deletions(-)
 create mode 100644 openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/UserInfoUserDetailsService.java
 create mode 100644 openid-connect-server/src/main/webapp/WEB-INF/local-config.xml

diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/UserInfoRepository.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/UserInfoRepository.java
index 7d3165302..b60f12e59 100644
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/UserInfoRepository.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/UserInfoRepository.java
@@ -43,7 +43,7 @@ public interface UserInfoRepository {
 	 * @param user
 	 * @return
 	 */
-	public UserInfo save(DefaultUserInfo userInfo);
+	public UserInfo save(UserInfo userInfo);
 	
 	/**
 	 * Removes the given UserInfo from the repository
diff --git a/openid-connect-server/.springBeans b/openid-connect-server/.springBeans
index aa6d022f3..d54509e13 100644
--- a/openid-connect-server/.springBeans
+++ b/openid-connect-server/.springBeans
@@ -9,6 +9,8 @@
 	<configs>
 		<config>src/main/webapp/WEB-INF/user-context.xml</config>
 		<config>src/main/webapp/WEB-INF/server-config.xml</config>
+		<config>src/main/webapp/WEB-INF/local-config.xml</config>
+		<config>src/main/webapp/WEB-INF/data-context.xml</config>
 	</configs>
 	<configSets>
 	</configSets>
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java
index d89f51e84..223212e3c 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java
@@ -49,7 +49,7 @@ public class JpaUserInfoRepository implements UserInfoRepository {
 	
 	@Override
 	@Transactional	
-	public UserInfo save(DefaultUserInfo userInfo) {
+	public UserInfo save(UserInfo userInfo) {
 		return saveOrUpdate(userInfo.getUserId(), manager, userInfo);
 	}
 
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/UserInfoUserDetailsService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/UserInfoUserDetailsService.java
new file mode 100644
index 000000000..11b73364b
--- /dev/null
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/UserInfoUserDetailsService.java
@@ -0,0 +1,77 @@
+package org.mitre.openid.connect.service.impl;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.mitre.openid.connect.model.UserInfo;
+import org.mitre.openid.connect.repository.UserInfoRepository;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Primary;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.GrantedAuthorityImpl;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+@Service("userInfoUserDetailsService")
+public class UserInfoUserDetailsService implements UserDetailsService {
+	
+	@Autowired
+	UserInfoRepository repository;
+	
+    public static final GrantedAuthority ROLE_USER = new GrantedAuthorityImpl("ROLE_USER");
+    public static final GrantedAuthority ROLE_ADMIN = new GrantedAuthorityImpl("ROLE_ADMIN");
+
+    private List<String> admins = new ArrayList<String>();
+    
+	@Override
+	public UserDetails loadUserByUsername(String username)
+			throws UsernameNotFoundException {
+		UserInfo userInfo = repository.getByUserId(username);
+		
+		if (userInfo != null) {
+		
+			// TODO: make passwords configurable? part of object?
+			String password = "password";
+			
+	        boolean enabled = true;
+	        /*
+	         * TODO: this was for a MITRE-specific flag
+	        if(userInfo.getDeleteFlag() > 0){
+	        	enabled = false;
+	        }
+	        */
+	        boolean accountNonExpired = true;
+	        boolean credentialsNonExpired = true;
+	        boolean accountNonLocked = true;
+	        List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
+	        authorities.add(ROLE_USER);
+	        
+	        if (admins != null && admins.contains(username)) {
+	        	authorities.add(ROLE_ADMIN);
+	        }
+	        
+			User user = new User(userInfo.getUserId(), password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
+			return user;
+		} else {
+			return null;
+		}
+	}
+
+	/**
+     * @return the admins
+     */
+    public List<String> getAdmins() {
+    	return admins;
+    }
+
+	/**
+     * @param admins the admins to set
+     */
+    public void setAdmins(List<String> admins) {
+    	this.admins = admins;
+    }
+
+}
diff --git a/openid-connect-server/src/main/webapp/WEB-INF/local-config.xml b/openid-connect-server/src/main/webapp/WEB-INF/local-config.xml
new file mode 100644
index 000000000..be9238ddc
--- /dev/null
+++ b/openid-connect-server/src/main/webapp/WEB-INF/local-config.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+
+<!-- Empty: Override this file in your local project to change configuration options. -->
+
+</beans>
diff --git a/openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml b/openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml
index 489086bb8..b2963f76b 100644
--- a/openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml
@@ -230,4 +230,8 @@
 	<!-- <task:annotation-driven scheduler="taskScheduler" executor="taskExecutor" 
 		/> -->
 
+
+	<!-- import application-local configuration information (such as bean definitions) -->
+	<import resource="local-config.xml" />
+
 </beans>
diff --git a/openid-connect-server/src/main/webapp/WEB-INF/tags/topbar.tag b/openid-connect-server/src/main/webapp/WEB-INF/tags/topbar.tag
index 773b25e82..9c98ce37c 100644
--- a/openid-connect-server/src/main/webapp/WEB-INF/tags/topbar.tag
+++ b/openid-connect-server/src/main/webapp/WEB-INF/tags/topbar.tag
@@ -20,7 +20,7 @@
                 
                 	<security:authentication property="authorities" var="roles"/>
 
-                    <security:authorize ifAllGranted="ROLE_USER">
+                    <security:authorize ifAnyGranted="ROLE_USER">
                         Logged in as <a href="#"><%= request.getUserPrincipal().getName() %></a>
                     </security:authorize>
                 </p>