Migrate from acegisecurity to spring security

Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
master
Andrew DeMaria 8 years ago
parent 1e81ae70d4
commit 04f0167f66
  1. 33
      libresonic-main/pom.xml
  2. 40
      libresonic-main/src/main/java/org/libresonic/player/controller/MultiController.java
  3. 132
      libresonic-main/src/main/java/org/libresonic/player/ldap/LibresonicLdapBindAuthenticator.java
  4. 51
      libresonic-main/src/main/java/org/libresonic/player/ldap/UserDetailsServiceBasedAuthoritiesPopulator.java
  5. 6
      libresonic-main/src/main/java/org/libresonic/player/security/LibresonicApplicationEventListener.java
  6. 27
      libresonic-main/src/main/java/org/libresonic/player/security/RESTRequestParameterProcessingFilter.java
  7. 40
      libresonic-main/src/main/java/org/libresonic/player/service/SecurityService.java
  8. 303
      libresonic-main/src/main/webapp/WEB-INF/applicationContext-security.xml
  9. 6
      libresonic-main/src/main/webapp/WEB-INF/jsp/login.jsp
  10. 2
      libresonic-main/src/main/webapp/WEB-INF/jsp/top.jsp
  11. 10
      libresonic-main/src/main/webapp/WEB-INF/web.xml
  12. 17
      pom.xml

@ -57,27 +57,18 @@
</dependency>
<dependency>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security</artifactId>
<version>1.0.5</version>
<exclusions>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-remoting</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-support</artifactId>
</exclusion>
</exclusions>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<dependency>

@ -19,30 +19,19 @@
*/
package org.libresonic.player.controller;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Date;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.mail.Message;
import javax.mail.Session;
import javax.mail.Transport;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.tanesha.recaptcha.ReCaptcha;
import net.tanesha.recaptcha.ReCaptchaFactory;
import net.tanesha.recaptcha.ReCaptchaResponse;
import org.apache.commons.lang.ObjectUtils;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.commons.lang.StringUtils;
import org.springframework.web.bind.ServletRequestUtils;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.multiaction.MultiActionController;
import org.springframework.web.servlet.view.RedirectView;
import org.libresonic.player.Logger;
import org.libresonic.player.domain.Playlist;
import org.libresonic.player.domain.User;
@ -51,9 +40,16 @@ import org.libresonic.player.service.PlaylistService;
import org.libresonic.player.service.SecurityService;
import org.libresonic.player.service.SettingsService;
import org.libresonic.player.util.StringUtil;
import net.tanesha.recaptcha.ReCaptcha;
import net.tanesha.recaptcha.ReCaptchaFactory;
import net.tanesha.recaptcha.ReCaptchaResponse;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.bind.ServletRequestUtils;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.multiaction.MultiActionController;
import org.springframework.web.servlet.view.RedirectView;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
/**
* Multi-controller used for simple pages.
@ -76,8 +72,10 @@ public class MultiController extends MultiActionController {
if (username != null && password != null) {
username = StringUtil.urlEncode(username);
password = StringUtil.urlEncode(password);
return new ModelAndView(new RedirectView("j_acegi_security_check?j_username=" + username +
"&j_password=" + password + "&_acegi_security_remember_me=checked"));
return new ModelAndView(new RedirectView("/j_spring_security_check?"+
UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY+"=" + username +
"&"+UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY+"=" + password
));
}
Map<String, Object> map = new HashMap<String, Object>();

@ -1,132 +0,0 @@
/*
This file is part of Libresonic.
Libresonic is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
Libresonic is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Libresonic. If not, see <http://www.gnu.org/licenses/>.
Copyright 2016 (C) Libresonic Authors
Based upon Subsonic, Copyright 2009 (C) Sindre Mehus
*/
package org.libresonic.player.ldap;
import org.libresonic.player.Logger;
import org.libresonic.player.domain.User;
import org.libresonic.player.service.SecurityService;
import org.libresonic.player.service.SettingsService;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.ldap.DefaultInitialDirContextFactory;
import org.acegisecurity.ldap.search.FilterBasedLdapUserSearch;
import org.acegisecurity.providers.ldap.LdapAuthenticator;
import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator;
import org.acegisecurity.userdetails.ldap.LdapUserDetails;
import org.apache.commons.lang.StringUtils;
import java.util.HashMap;
import java.util.Map;
/**
* LDAP authenticator which uses a delegate {@link BindAuthenticator}, and which
* supports dynamically changing LDAP provider URL and search filter.
*
* @author Sindre Mehus
*/
public class LibresonicLdapBindAuthenticator implements LdapAuthenticator {
private static final Logger LOG = Logger.getLogger(LibresonicLdapBindAuthenticator.class);
private SecurityService securityService;
private SettingsService settingsService;
private long authenticatorTimestamp;
private BindAuthenticator delegateAuthenticator;
public LdapUserDetails authenticate(String username, String password) {
// LDAP authentication must be enabled on the system.
if (!settingsService.isLdapEnabled()) {
throw new BadCredentialsException("LDAP authentication disabled.");
}
// User must be defined in Libresonic, unless auto-shadowing is enabled.
User user = securityService.getUserByName(username);
if (user == null && !settingsService.isLdapAutoShadowing()) {
throw new BadCredentialsException("User does not exist.");
}
// LDAP authentication must be enabled for the given user.
if (user != null && !user.isLdapAuthenticated()) {
throw new BadCredentialsException("LDAP authentication disabled for user.");
}
try {
createDelegate();
LdapUserDetails details = delegateAuthenticator.authenticate(username, password);
if (details != null) {
LOG.info("User '" + username + "' successfully authenticated in LDAP. DN: " + details.getDn());
if (user == null) {
User newUser = new User(username, "", null, true, 0L, 0L, 0L);
newUser.setStreamRole(true);
newUser.setSettingsRole(true);
securityService.createUser(newUser);
LOG.info("Created local user '" + username + "' for DN " + details.getDn());
}
}
return details;
} catch (RuntimeException x) {
LOG.info("Failed to authenticate user '" + username + "' in LDAP.", x);
throw x;
}
}
/**
* Creates the delegate {@link BindAuthenticator}.
*/
private synchronized void createDelegate() {
// Only create it if necessary.
if (delegateAuthenticator == null || authenticatorTimestamp < settingsService.getSettingsChanged()) {
DefaultInitialDirContextFactory contextFactory = new DefaultInitialDirContextFactory(settingsService.getLdapUrl());
String managerDn = settingsService.getLdapManagerDn();
String managerPassword = settingsService.getLdapManagerPassword();
if (StringUtils.isNotEmpty(managerDn) && StringUtils.isNotEmpty(managerPassword)) {
contextFactory.setManagerDn(managerDn);
contextFactory.setManagerPassword(managerPassword);
}
Map<String, String> extraEnvVars = new HashMap<String, String>();
extraEnvVars.put("java.naming.referral", "follow");
contextFactory.setExtraEnvVars(extraEnvVars);
FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch("", settingsService.getLdapSearchFilter(), contextFactory);
userSearch.setSearchSubtree(true);
userSearch.setDerefLinkFlag(true);
delegateAuthenticator = new BindAuthenticator(contextFactory);
delegateAuthenticator.setUserSearch(userSearch);
authenticatorTimestamp = settingsService.getSettingsChanged();
}
}
public void setSecurityService(SecurityService securityService) {
this.securityService = securityService;
}
public void setSettingsService(SettingsService settingsService) {
this.settingsService = settingsService;
}
}

@ -1,51 +0,0 @@
/*
This file is part of Libresonic.
Libresonic is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
Libresonic is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Libresonic. If not, see <http://www.gnu.org/licenses/>.
Copyright 2016 (C) Libresonic Authors
Based upon Subsonic, Copyright 2009 (C) Sindre Mehus
*/
package org.libresonic.player.ldap;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.ldap.LdapDataAccessException;
import org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.ldap.LdapUserDetails;
/**
* An {@link LdapAuthoritiesPopulator} that retrieves the roles from the
* database using the {@link UserDetailsService} instead of retrieving the roles
* from LDAP. An instance of this class can be configured for the
* {@link org.acegisecurity.providers.ldap.LdapAuthenticationProvider} when
* authentication should be done using LDAP and authorization using the
* information stored in the database.
*
* @author Thomas M. Hofmann
*/
public class UserDetailsServiceBasedAuthoritiesPopulator implements LdapAuthoritiesPopulator {
private UserDetailsService userDetailsService;
public GrantedAuthority[] getGrantedAuthorities(LdapUserDetails userDetails) throws LdapDataAccessException {
UserDetails details = userDetailsService.loadUserByUsername(userDetails.getUsername());
return details.getAuthorities();
}
public void setUserDetailsService(UserDetailsService userDetailsService) {
this.userDetailsService = userDetailsService;
}
}

@ -19,11 +19,11 @@
package org.libresonic.player.security;
import org.acegisecurity.event.authentication.AbstractAuthenticationFailureEvent;
import org.acegisecurity.providers.AbstractAuthenticationToken;
import org.acegisecurity.ui.WebAuthenticationDetails;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
/**
* @author Sindre Mehus

@ -19,25 +19,8 @@
*/
package org.libresonic.player.security;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.providers.ProviderManager;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringUtils;
import org.libresonic.player.Logger;
import org.libresonic.player.controller.JAXBWriter;
import org.libresonic.player.controller.RESTController;
@ -47,6 +30,16 @@ import org.libresonic.player.domain.Version;
import org.libresonic.player.service.SecurityService;
import org.libresonic.player.service.SettingsService;
import org.libresonic.player.util.StringUtil;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* Performs authentication based on credentials being present in the HTTP request parameters. Also checks

@ -19,20 +19,6 @@
*/
package org.libresonic.player.service;
import java.io.File;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.acegisecurity.wrapper.SecurityContextHolderAwareRequestWrapper;
import org.springframework.dao.DataAccessException;
import net.sf.ehcache.Ehcache;
import org.libresonic.player.Logger;
import org.libresonic.player.dao.UserDao;
@ -40,6 +26,18 @@ import org.libresonic.player.domain.MediaFile;
import org.libresonic.player.domain.MusicFolder;
import org.libresonic.player.domain.User;
import org.libresonic.player.util.FileUtil;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper;
import javax.servlet.http.HttpServletRequest;
import java.io.File;
import java.util.ArrayList;
import java.util.List;
/**
* Provides security-related services for authentication and authorization.
@ -57,7 +55,7 @@ public class SecurityService implements UserDetailsService {
/**
* Locates the user based on the username.
*
* @param username The username presented to the {@link DaoAuthenticationProvider}
* @param username The username
* @return A fully populated user record (never <code>null</code>)
* @throws UsernameNotFoundException if the user could not be found or the user has no GrantedAuthority.
* @throws DataAccessException If user could not be found for a repository-specific reason.
@ -69,16 +67,14 @@ public class SecurityService implements UserDetailsService {
}
String[] roles = userDao.getRolesForUser(username);
GrantedAuthority[] authorities = new GrantedAuthority[roles.length];
List<GrantedAuthority> authorities = new ArrayList<>();
authorities.add(new SimpleGrantedAuthority("IS_AUTHENTICATED_ANONYMOUSLY"));
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
for (int i = 0; i < roles.length; i++) {
authorities[i] = new GrantedAuthorityImpl("ROLE_" + roles[i].toUpperCase());
authorities.add(new SimpleGrantedAuthority("ROLE_" + roles[i].toUpperCase()));
}
// If user is LDAP authenticated, disable user. The proper authentication should in that case
// be done by LibresonicLdapBindAuthenticator.
boolean enabled = !user.isLdapAuthenticated();
return new org.acegisecurity.userdetails.User(username, user.getPassword(), enabled, true, true, true, authorities);
return new org.springframework.security.core.userdetails.User(username, user.getPassword(), authorities);
}
/**

@ -1,246 +1,65 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
<bean id="loginFailureLogger" class="org.libresonic.player.security.LoginFailureLogger"/>
<bean class="org.libresonic.player.security.LibresonicApplicationEventListener">
<property name="loginFailureLogger" ref="loginFailureLogger"/>
</bean>
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
/wap**=httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,basicExceptionTranslationFilter,filterInvocationInterceptor
/podcastChannel**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
/podcast**=httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,basicExceptionTranslationFilter,filterInvocationInterceptor
/rest/**=httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,restRequestParameterProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,basicExceptionTranslationFilter,filterInvocationInterceptor
/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/login.view?logout"/>
<!-- URL redirected to after logout -->
<constructor-arg>
<list>
<ref bean="rememberMeServices"/>
<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
</list>
</constructor-arg>
</bean>
<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureUrl" value="/login.view?error"/>
<property name="defaultTargetUrl" value="/"/>
<property name="alwaysUseDefaultTargetUrl" value="true"/>
<property name="filterProcessesUrl" value="/j_acegi_security_check"/>
<property name="rememberMeServices" ref="rememberMeServices"/>
</bean>
<bean id="basicProcessingFilter" class="org.acegisecurity.ui.basicauth.BasicProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationEntryPoint" ref="basicProcessingFilterEntryPoint"/>
</bean>
<bean id="restRequestParameterProcessingFilter" class="org.libresonic.player.security.RESTRequestParameterProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="settingsService" ref="settingsService"/>
<property name="securityService" ref="securityService"/>
<property name="loginFailureLogger" ref="loginFailureLogger"/>
</bean>
<bean id="basicProcessingFilterEntryPoint" class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
<property name="realmName" value="Libresonic"/>
</bean>
<bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="rememberMeServices" ref="rememberMeServices"/>
</bean>
<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
<property name="key" value="libresonic"/>
<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
</bean>
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/login.view?"/>
<property name="forceHttps" value="false"/>
</bean>
</property>
<property name="accessDeniedHandler">
<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.view"/>
</bean>
</property>
</bean>
<bean id="basicExceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
<property name="realmName" value="Libresonic"/>
</bean>
</property>
</bean>
<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="alwaysReauthenticate" value="true"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
/login.view=IS_AUTHENTICATED_ANONYMOUSLY
/recover.view=IS_AUTHENTICATED_ANONYMOUSLY
/accessDenied.view=IS_AUTHENTICATED_ANONYMOUSLY
/coverArt.view=IS_AUTHENTICATED_ANONYMOUSLY
/hls/**=IS_AUTHENTICATED_ANONYMOUSLY
/stream/**=IS_AUTHENTICATED_ANONYMOUSLY
/ws/**=IS_AUTHENTICATED_ANONYMOUSLY
/share/**=IS_AUTHENTICATED_ANONYMOUSLY
/style/**=IS_AUTHENTICATED_ANONYMOUSLY
/icons/**=IS_AUTHENTICATED_ANONYMOUSLY
/flash/**=IS_AUTHENTICATED_ANONYMOUSLY
/script/**=IS_AUTHENTICATED_ANONYMOUSLY
/sonos/**=IS_AUTHENTICATED_ANONYMOUSLY
/crossdomain.xml=IS_AUTHENTICATED_ANONYMOUSLY
/personalSettings.view=ROLE_SETTINGS
/passwordSettings.view=ROLE_SETTINGS
/playerSettings.view=ROLE_SETTINGS
/shareSettings.view=ROLE_SETTINGS
/generalSettings.view=ROLE_ADMIN
/advancedSettings.view=ROLE_ADMIN
/userSettings.view=ROLE_ADMIN
/musicFolderSettings.view=ROLE_ADMIN
/networkSettings.view=ROLE_ADMIN
/dlnaSettings.view=ROLE_ADMIN
/sonosSettings.view=ROLE_ADMIN
/transcodingSettings.view=ROLE_ADMIN
/internetRadioSettings.view=ROLE_ADMIN
/podcastSettings.view=ROLE_ADMIN
/db.view=ROLE_ADMIN
/deletePlaylist.view=ROLE_PLAYLIST
/savePlaylist.view=ROLE_PLAYLIST
/download.view=ROLE_DOWNLOAD
/upload.view=ROLE_UPLOAD
/createShare.view=ROLE_SHARE
/changeCoverArt.view=ROLE_COVERART
/editTags.view=ROLE_COVERART
/setMusicFileInfo.view=ROLE_COMMENT
/podcastReceiverAdmin.view=ROLE_PODCAST
/**=IS_AUTHENTICATED_REMEMBERED
</value>
</property>
</bean>
<bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false"/>
<property name="decisionVoters">
<list>
<bean class="org.acegisecurity.vote.RoleVoter"/>
<bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
</list>
</property>
</bean>
<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
<property name="userDetailsService" ref="securityService"/>
<property name="tokenValiditySeconds" value="31536000"/>
<!-- One year -->
<property name="key" value="libresonic"/>
</bean>
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
<ref local="ldapAuthenticationProvider"/>
<bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key" value="libresonic"/>
</bean>
<bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
<property name="key" value="libresonic"/>
</bean>
</list>
</property>
</bean>
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="securityService"/>
<property name="userCache" ref="userCacheWrapper"/>
</bean>
<bean id="userCacheWrapper" class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
<property name="cache" ref="userCache"/>
</bean>
<bean id="ldapAuthenticationProvider" class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
<constructor-arg ref="bindAuthenticator"/>
<constructor-arg ref="userDetailsServiceBasedAuthoritiesPopulator"/>
<property name="userCache" ref="userCacheWrapper"/>
</bean>
<bean id="bindAuthenticator" class="org.libresonic.player.ldap.LibresonicLdapBindAuthenticator">
<property name="securityService" ref="securityService"/>
<property name="settingsService" ref="settingsService"/>
</bean>
<bean id="userDetailsServiceBasedAuthoritiesPopulator"
class="org.libresonic.player.ldap.UserDetailsServiceBasedAuthoritiesPopulator">
<property name="userDetailsService" ref="securityService"/>
</bean>
<!-- Authorization of AJAX services. -->
<bean id="ajaxServiceInterceptor" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value>
org.libresonic.player.ajax.TagService.setTags=ROLE_COVERART
org.libresonic.player.ajax.TransferService.getUploadInfo=ROLE_UPLOAD
</value>
</property>
</bean>
<bean id="ajaxTagServiceSecure" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="target" ref="ajaxTagService"/>
<property name="interceptorNames">
<list>
<idref local="ajaxServiceInterceptor"/>
</list>
</property>
</bean>
<bean id="ajaxTransferServiceSecure" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="target" ref="ajaxTransferService"/>
<property name="interceptorNames">
<list>
<idref local="ajaxServiceInterceptor"/>
</list>
</property>
</bean>
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<security:http auto-config='true'>
<!-- IS_AUTHENTICATED_ANONYMOUSLY -->
<security:intercept-url pattern="/login.*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:intercept-url pattern="/recover.view" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/accessDenied.view" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/coverArt.view" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/hls/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/stream/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/ws/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/share/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/style/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/icons/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/flash/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/script/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/sonos/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/crossdomain.xml" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- ROLE_SETTINGS -->
<security:intercept-url pattern="/personalSettings.view" access="ROLE_SETTINGS" />
<security:intercept-url pattern="/passwordSettings.view" access="ROLE_SETTINGS" />
<security:intercept-url pattern="/playerSettings.view" access="ROLE_SETTINGS" />
<security:intercept-url pattern="/shareSettings.view" access="ROLE_SETTINGS" />
<!-- ROLE_ADMIN -->
<security:intercept-url pattern="/generalSettings.view" access="ROLE_ADMIN" />
<security:intercept-url pattern="/advancedSettings.view" access="ROLE_ADMIN" />
<security:intercept-url pattern="/userSettings.view" access="ROLE_ADMIN" />
<security:intercept-url pattern="/musicFolderSettings.view" access="ROLE_ADMIN" />
<security:intercept-url pattern="/networkSettings.view" access="ROLE_ADMIN" />
<security:intercept-url pattern="/dlnaSettings.view" access="ROLE_ADMIN" />
<security:intercept-url pattern="/sonosSettings.view" access="ROLE_ADMIN" />
<security:intercept-url pattern="/transcodingSettings.view" access="ROLE_ADMIN" />
<security:intercept-url pattern="/internetRadioSettings.view" access="ROLE_ADMIN" />
<security:intercept-url pattern="/podcastSettings.view" access="ROLE_ADMIN" />
<security:intercept-url pattern="/db.view" access="ROLE_ADMIN" />
<!-- MISC -->
<security:intercept-url pattern="/deletePlaylist.view" access="ROLE_PLAYLIST" />
<security:intercept-url pattern="/savePlaylist.view" access="ROLE_PLAYLIST" />
<security:intercept-url pattern="/download.view" access="ROLE_DOWNLOAD" />
<security:intercept-url pattern="/upload.view" access="ROLE_UPLOAD" />
<security:intercept-url pattern="/createShare.view" access="ROLE_SHARE" />
<security:intercept-url pattern="/changeCoverArt.view" access="ROLE_COVERART" />
<security:intercept-url pattern="/editTags.view" access="ROLE_COVERART" />
<security:intercept-url pattern="/setMusicFileInfo.view" access="ROLE_COMMENT" />
<security:intercept-url pattern="/podcastReceiverAdmin.view" access="ROLE_PODCAST" />
<!-- ROLE_USER -->
<security:intercept-url pattern="/**" access="ROLE_USER" />
<security:form-login login-page="/login.view" default-target-url="/home.view" />
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="securityService" />
</security:authentication-manager>
</beans>

@ -12,7 +12,7 @@
</head>
<body class="mainframe bgcolor1" onload="document.getElementById('j_username').focus()">
<form action="<c:url value="/j_acegi_security_check"/>" method="POST">
<form action="<c:url value="/j_spring_security_check"/>" method="POST">
<div class="bgcolor2 shadow" align="center" style="padding:20px 50px 20px 50px; margin-top:100px;margin-left:50px;margin-right:50px">
<div style="margin-bottom:1em;max-width:50em;text-align:left;"><sub:wiki text="${model.loginMessage}"/></div>
@ -35,10 +35,6 @@
<tr>
<td align="left"><input name="submit" type="submit" value="<fmt:message key="login.login"/>" tabindex="4"></td>
<td align="left" class="detail">
<input type="checkbox" name="_acegi_security_remember_me" id="remember" class="checkbox" tabindex="3">
<label for="remember"><fmt:message key="login.remember"/></label>
</td>
</tr>
<tr>
<td></td>

@ -138,7 +138,7 @@
<div class="detail">
<fmt:message key="top.logout" var="logout"><fmt:param value="${model.user.username}"/></fmt:message>
<a href="j_acegi_logout" target="_top">${fn:escapeXml(logout)}</a>
<a href="j_spring_security_logout" target="_top">${fn:escapeXml(logout)}</a>
</div>
</td>

@ -208,16 +208,12 @@
</filter-mapping>
<filter>
<filter-name>AcegiFilter</filter-name>
<filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>org.acegisecurity.util.FilterChainProxy</param-value>
</init-param>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>AcegiFilter</filter-name>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

@ -18,6 +18,7 @@
<project.build.sourceEncoding>iso-8859-1</project.build.sourceEncoding>
<cxf.version>2.4.2</cxf.version>
<spring.version>3.2.17.RELEASE</spring.version>
<spring.security.version>3.2.9.RELEASE</spring.security.version>
</properties>
<repositories>
@ -109,6 +110,22 @@
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>

Loading…
Cancel
Save