Commit 8d3cf213 authored by Matija Obreza's avatar Matija Obreza
Browse files

Require SYSTEM_ADMIN account

parent 6de98e61
......@@ -10,3 +10,4 @@ target/
.idea/
effective.pom
node_modules/
.flattened-pom.xml
......@@ -35,6 +35,8 @@ import org.springframework.security.core.userdetails.UserDetailsService;
*/
public interface BasicUserService<R extends GrantedAuthority, T extends BasicUser<R>> extends UserDetailsService {
public String SYSTEM_ADMIN = "SYSTEM_ADMIN";
/**
* Get User by id.
*
......
......@@ -31,6 +31,7 @@ import org.genesys.blocks.security.service.PasswordPolicy;
import org.genesys.blocks.security.service.PasswordPolicy.PasswordPolicyException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.security.access.prepost.PreAuthorize;
......@@ -48,7 +49,7 @@ import org.springframework.transaction.annotation.Transactional;
* @param <T> the generic type
*/
@Transactional(readOnly = true)
public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends BasicUser<R>> implements BasicUserService<R, T> {
public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends BasicUser<R>> implements BasicUserService<R, T>, InitializingBean {
/** The Constant LOG. */
public static final Logger LOG = LoggerFactory.getLogger(BasicUserServiceImpl.class);
......@@ -75,6 +76,35 @@ public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends
@Autowired(required = false)
protected AclEntryPersistence aclEntryRepository;
@Override
@Transactional
public void afterPropertiesSet() throws Exception {
try {
loadUserByUsername(BasicUserService.SYSTEM_ADMIN);
} catch (UsernameNotFoundException e) {
T systemAdmin = createSystemAdministrator(BasicUserService.SYSTEM_ADMIN);
if (systemAdmin == null) {
throw new UserException("Implementation did not return a valid SYSTEM_ADMIN account");
}
if (systemAdmin.getAccountType() != AccountType.SYSTEM) {
throw new UserException("Implementation did not return a SYSTEM_ADMIN account of type SYSTEM");
}
LOG.warn("New system admin {} account created with uuid={}", BasicUserService.SYSTEM_ADMIN, systemAdmin.getUuid());
}
}
/**
* Implementations must create a user with specified username with ADMINISTRATOR
* role and account type {@link AccountType#SYSTEM}
*
* @param username Generally SYSTEM_ADMIN
* @return user instance with ADMINISTRATOR role
* @throws UserException
*/
protected abstract T createSystemAdministrator(String username) throws UserException;
/**
* Sets the account lockout time.
*
......
......@@ -23,6 +23,7 @@ import com.google.common.collect.Sets;
import org.genesys.blocks.oauth.service.OAuthServiceImpl;
import org.genesys.blocks.security.NotUniqueUserException;
import org.genesys.blocks.security.UserException;
import org.genesys.blocks.security.model.TestUser;
import org.genesys.blocks.security.model.UserRole;
import org.genesys.blocks.security.model.BasicUser.AccountType;
......@@ -83,6 +84,13 @@ public class ApplicationConfig {
@Autowired
private TestUserPersistence testUserRepository;
@Override
protected TestUser createSystemAdministrator(String username) throws UserException {
TestUser admin = createUser(username, "System Administrator", null, AccountType.SYSTEM);
setRoles(admin, Sets.newHashSet(UserRole.ADMINISTRATOR));
return admin;
}
@Override
public TestUser getUserByEmail(final String email) throws UsernameNotFoundException {
return testUserRepository.findByEmail(email);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment