MightyPork
/
airsonic-custom
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'origin/pr/1302'

Browse Source
master
Andrew DeMaria 5 years ago
parent b6414ebb6c 3fe6e8b267
commit 7058b5098d
No known key found for this signature in database
GPG Key ID: 0A3F5E91F8364EDF
12 changed files with 55 additions and 47 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      airsonic-main/src/main/java/org/airsonic/player/controller/HelpController.java
  2. 6
      airsonic-main/src/main/java/org/airsonic/player/dao/MediaFileDao.java
  3. 6
      airsonic-main/src/main/java/org/airsonic/player/security/CustomUserDetailsContextMapper.java
  4. 10
      airsonic-main/src/main/java/org/airsonic/player/security/GlobalSecurityConfig.java
  5. 16
      airsonic-main/src/main/java/org/airsonic/player/security/JWTAuthenticationProvider.java
  6. 20
      airsonic-main/src/main/java/org/airsonic/player/security/JWTRequestParameterProcessingFilter.java
  7. 4
      airsonic-main/src/main/java/org/airsonic/player/service/JWTSecurityService.java
  8. 2
      airsonic-main/src/main/java/org/airsonic/player/service/upnp/DispatchingContentDirectory.java
  9. 10
      airsonic-main/src/main/java/org/airsonic/player/spring/RegisterPrecompiledJSPInitializer.java
  10. 16
      airsonic-main/src/main/java/org/airsonic/player/spring/SpringLiquibase.java
  11. 1
      checkstyle.xml
  12. 7
      pom.xml

4
airsonic-main/src/main/java/org/airsonic/player/controller/HelpController.java
Unescape View File

@ -50,7 +50,7 @@ import java.util.Map;
@RequestMapping("/help")
public class HelpController {
private static final Logger logger = LoggerFactory.getLogger(HelpController.class);
private static final Logger LOG = LoggerFactory.getLogger(HelpController.class);
private static final int LOG_LINES_TO_SHOW = 50;
@ -109,7 +109,7 @@ public class HelpController {
}
return lines;
} catch (Exception e) {
logger.warn("Could not open log file " + logFile, e);
LOG.warn("Could not open log file " + logFile, e);
return null;
}
}

6
airsonic-main/src/main/java/org/airsonic/player/dao/MediaFileDao.java
Unescape View File

@ -42,7 +42,7 @@ import java.util.*;
*/
@Repository
public class MediaFileDao extends AbstractDao {
private static final Logger logger = LoggerFactory.getLogger(MediaFileDao.class);
private static final Logger LOG = LoggerFactory.getLogger(MediaFileDao.class);
private static final String INSERT_COLUMNS = "path, folder, type, format, title, album, artist, album_artist, disc_number, " +
"track_number, year, genre, bit_rate, variable_bit_rate, duration_seconds, file_size, width, height, cover_art_path, " +
"parent_path, play_count, last_played, comment, created, changed, last_scanned, children_last_updated, present, " +
@ -133,7 +133,7 @@ public class MediaFileDao extends AbstractDao {
*/
@Transactional
public void createOrUpdateMediaFile(MediaFile file) {
logger.trace("Creating/Updating new media file at {}", file.getPath());
LOG.trace("Creating/Updating new media file at {}", file.getPath());
String sql = "update media_file set " +
"folder=?," +
"type=?," +
@ -165,7 +165,7 @@ public class MediaFileDao extends AbstractDao {
"mb_release_id=? " +
"where path=?";
logger.trace("Updating media file {}", Util.debugObject(file));
LOG.trace("Updating media file {}", Util.debugObject(file));
int n = update(sql,
file.getFolder(), file.getMediaType().name(), file.getFormat(), file.getTitle(), file.getAlbumName(), file.getArtist(),

6
airsonic-main/src/main/java/org/airsonic/player/security/CustomUserDetailsContextMapper.java
Unescape View File

@ -40,7 +40,7 @@ public class CustomUserDetailsContextMapper implements UserDetailsContextMapper
// ~ Instance fields
// ================================================================================================
private final Logger logger = LoggerFactory.getLogger(CustomUserDetailsContextMapper.class);
private static final Logger LOG = LoggerFactory.getLogger(CustomUserDetailsContextMapper.class);
private String passwordAttributeName = "userPassword";
@Autowired
@ -56,7 +56,7 @@ public class CustomUserDetailsContextMapper implements UserDetailsContextMapper
Collection<? extends GrantedAuthority> authorities) {
String dn = ctx.getNameInNamespace();
logger.debug("Mapping user details from context with DN: " + dn);
LOG.debug("Mapping user details from context with DN: " + dn);
// User must be defined in Airsonic, unless auto-shadowing is enabled.
User user = securityService.getUserByName(username, false);
@ -69,7 +69,7 @@ public class CustomUserDetailsContextMapper implements UserDetailsContextMapper
newUser.setStreamRole(true);
newUser.setSettingsRole(true);
securityService.createUser(newUser);
logger.info("Created local user '" + username + "' for DN " + dn);
LOG.info("Created local user '" + username + "' for DN " + dn);
user = securityService.getUserByName(username, false);
}

10
airsonic-main/src/main/java/org/airsonic/player/security/GlobalSecurityConfig.java
Unescape View File

@ -29,7 +29,7 @@ import java.security.SecureRandom;
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class GlobalSecurityConfig extends GlobalAuthenticationConfigurerAdapter {
private static Logger logger = LoggerFactory.getLogger(GlobalSecurityConfig.class);
private static final Logger LOG = LoggerFactory.getLogger(GlobalSecurityConfig.class);
static final String FAILURE_URL = "/login?error=1";
@ -65,7 +65,7 @@ public class GlobalSecurityConfig extends GlobalAuthenticationConfigurerAdapter
auth.userDetailsService(securityService);
String jwtKey = settingsService.getJWTKey();
if (StringUtils.isBlank(jwtKey)) {
logger.warn("Generating new jwt key");
LOG.warn("Generating new jwt key");
jwtKey = JWTSecurityService.generateKey();
settingsService.setJWTKey(jwtKey);
settingsService.save();
@ -142,15 +142,15 @@ public class GlobalSecurityConfig extends GlobalAuthenticationConfigurerAdapter
boolean development = SettingsService.isDevelopmentMode();
if (StringUtils.isBlank(rememberMeKey) && !development) {
// ...if it is empty, generate a random key on startup (default).
logger.debug("Generating a new ephemeral 'remember me' key in a secure way.");
LOG.debug("Generating a new ephemeral 'remember me' key in a secure way.");
rememberMeKey = generateRememberMeKey();
} else if (StringUtils.isBlank(rememberMeKey) && development) {
// ...if we are in development mode, we can use a fixed key.
logger.warn("Using a fixed 'remember me' key because we're in development mode, this is INSECURE.");
LOG.warn("Using a fixed 'remember me' key because we're in development mode, this is INSECURE.");
rememberMeKey = DEVELOPMENT_REMEMBER_ME_KEY;
} else {
// ...otherwise, use the custom key directly.
logger.info("Using a fixed 'remember me' key from system properties, this is insecure.");
LOG.info("Using a fixed 'remember me' key from system properties, this is insecure.");
}
http

16
airsonic-main/src/main/java/org/airsonic/player/security/JWTAuthenticationProvider.java
Unescape View File

@ -23,7 +23,7 @@ import java.util.Objects;
public class JWTAuthenticationProvider implements AuthenticationProvider {
private static final Logger logger = LoggerFactory.getLogger(JWTAuthenticationProvider.class);
private static final Logger LOG = LoggerFactory.getLogger(JWTAuthenticationProvider.class);
private final String jwtKey;
@ -35,7 +35,7 @@ public class JWTAuthenticationProvider implements AuthenticationProvider {
public Authentication authenticate(Authentication auth) throws AuthenticationException {
JWTAuthenticationToken authentication = (JWTAuthenticationToken) auth;
if (authentication.getCredentials() == null || !(authentication.getCredentials() instanceof String)) {
logger.error("Credentials not present");
LOG.error("Credentials not present");
return null;
}
String rawToken = (String) auth.getCredentials();
@ -45,7 +45,7 @@ public class JWTAuthenticationProvider implements AuthenticationProvider {
// TODO:AD This is super unfortunate, but not sure there is a better way when using JSP
if (StringUtils.contains(authentication.getRequestedPath(), "/WEB-INF/jsp/")) {
logger.warn("BYPASSING AUTH FOR WEB-INF page");
LOG.warn("BYPASSING AUTH FOR WEB-INF page");
} else if (!roughlyEqual(path.asString(), authentication.getRequestedPath())) {
throw new InsufficientAuthenticationException("Credentials not valid for path " + authentication
.getRequestedPath() + ". They are valid for " + path.asString());
@ -58,9 +58,9 @@ public class JWTAuthenticationProvider implements AuthenticationProvider {
}
private static boolean roughlyEqual(String expectedRaw, String requestedPathRaw) {
logger.debug("Comparing expected [{}] vs requested [{}]", expectedRaw, requestedPathRaw);
LOG.debug("Comparing expected [{}] vs requested [{}]", expectedRaw, requestedPathRaw);
if (StringUtils.isEmpty(expectedRaw)) {
logger.debug("False: empty expected");
LOG.debug("False: empty expected");
return false;
}
try {
@ -68,7 +68,7 @@ public class JWTAuthenticationProvider implements AuthenticationProvider {
UriComponents requested = UriComponentsBuilder.fromUriString(requestedPathRaw).build();
if (!Objects.equals(expected.getPath(), requested.getPath())) {
logger.debug("False: expected path [{}] does not match requested path [{}]",
LOG.debug("False: expected path [{}] does not match requested path [{}]",
expected.getPath(), requested.getPath());
return false;
}
@ -80,12 +80,12 @@ public class JWTAuthenticationProvider implements AuthenticationProvider {
!difference.entriesOnlyOnLeft().isEmpty() ||
difference.entriesOnlyOnRight().size() != 1 ||
difference.entriesOnlyOnRight().get(JWTSecurityService.JWT_PARAM_NAME) == null) {
logger.debug("False: expected query params [{}] do not match requested query params [{}]", expected.getQueryParams(), requested.getQueryParams());
LOG.debug("False: expected query params [{}] do not match requested query params [{}]", expected.getQueryParams(), requested.getQueryParams());
return false;
}
} catch (Exception e) {
logger.warn("Exception encountered while comparing paths", e);
LOG.warn("Exception encountered while comparing paths", e);
return false;
}
return true;

20
airsonic-main/src/main/java/org/airsonic/player/security/JWTRequestParameterProcessingFilter.java
Unescape View File

@ -22,7 +22,7 @@ import java.io.IOException;
import java.util.Optional;
public class JWTRequestParameterProcessingFilter implements Filter {
private static final Logger logger = LoggerFactory.getLogger(JWTRequestParameterProcessingFilter.class);
private static final Logger LOG = LoggerFactory.getLogger(JWTRequestParameterProcessingFilter.class);
private final AuthenticationManager authenticationManager;
private final AuthenticationFailureHandler failureHandler;
@ -63,8 +63,8 @@ public class JWTRequestParameterProcessingFilter implements Filter {
return;
}
if (logger.isDebugEnabled()) {
logger.debug("Request is to process authentication");
if (LOG.isDebugEnabled()) {
LOG.debug("Request is to process authentication");
}
Authentication authResult;
@ -78,7 +78,7 @@ public class JWTRequestParameterProcessingFilter implements Filter {
}
}
catch (InternalAuthenticationServiceException failed) {
logger.error(
LOG.error(
"An internal error occurred while trying to authenticate the user.",
failed);
unsuccessfulAuthentication(request, response, failed);
@ -92,8 +92,8 @@ public class JWTRequestParameterProcessingFilter implements Filter {
return;
}
if (logger.isDebugEnabled()) {
logger.debug("Authentication success. Updating SecurityContextHolder to contain: "
if (LOG.isDebugEnabled()) {
LOG.debug("Authentication success. Updating SecurityContextHolder to contain: "
+ authResult);
}
@ -107,10 +107,10 @@ public class JWTRequestParameterProcessingFilter implements Filter {
throws IOException, ServletException {
SecurityContextHolder.clearContext();
if (logger.isDebugEnabled()) {
logger.debug("Authentication request failed: " + failed.toString(), failed);
logger.debug("Updated SecurityContextHolder to contain null Authentication");
logger.debug("Delegating to authentication failure handler " + failureHandler);
if (LOG.isDebugEnabled()) {
LOG.debug("Authentication request failed: " + failed.toString(), failed);
LOG.debug("Updated SecurityContextHolder to contain null Authentication");
LOG.debug("Delegating to authentication failure handler " + failureHandler);
}
failureHandler.onAuthenticationFailure(request, response, failed);

4
airsonic-main/src/main/java/org/airsonic/player/service/JWTSecurityService.java
Unescape View File

@ -19,7 +19,7 @@ import java.util.Date;
@Service("jwtSecurityService")
public class JWTSecurityService {
private static final Logger logger = LoggerFactory.getLogger(JWTSecurityService.class);
private static final Logger LOG = LoggerFactory.getLogger(JWTSecurityService.class);
public static final String JWT_PARAM_NAME = "jwt";
public static final String CLAIM_PATH = "path";
@ -47,7 +47,7 @@ public class JWTSecurityService {
UriComponents components = UriComponentsBuilder.fromUriString(path).build();
String query = components.getQuery();
String claim = components.getPath() + (!StringUtils.isBlank(query) ? "?" + components.getQuery() : "");
logger.debug("Creating token with claim " + claim);
LOG.debug("Creating token with claim " + claim);
return JWT.create()
.withClaim(CLAIM_PATH, claim)
.withExpiresAt(expireDate)

2
airsonic-main/src/main/java/org/airsonic/player/service/upnp/DispatchingContentDirectory.java
Unescape View File

@ -44,7 +44,7 @@ import java.util.Arrays;
@Service
public class DispatchingContentDirectory extends CustomContentDirectory {
public static final Logger LOG = LoggerFactory.getLogger(DispatchingContentDirectory.class);
private static final Logger LOG = LoggerFactory.getLogger(DispatchingContentDirectory.class);
public static final String CONTAINER_ID_ROOT = "0";
public static final String CONTAINER_ID_PLAYLIST_PREFIX = "playlist";

10
airsonic-main/src/main/java/org/airsonic/player/spring/RegisterPrecompiledJSPInitializer.java
Unescape View File

@ -24,14 +24,14 @@ import java.nio.charset.Charset;
@Component
public class RegisterPrecompiledJSPInitializer implements ServletContextInitializer {
private static final Logger logger = LoggerFactory.getLogger(RegisterPrecompiledJSPInitializer.class);
private static final Logger LOG = LoggerFactory.getLogger(RegisterPrecompiledJSPInitializer.class);
@Override
public void onStartup(ServletContext servletContext) {
if (SettingsService.isDevelopmentMode()) {
logger.debug("Not registering precompiled jsps");
LOG.debug("Not registering precompiled jsps");
} else {
logger.debug("Registering precompiled jsps");
LOG.debug("Registering precompiled jsps");
registerPrecompiledJSPs(servletContext);
}
}
@ -39,14 +39,14 @@ public class RegisterPrecompiledJSPInitializer implements ServletContextInitiali
private static void registerPrecompiledJSPs(ServletContext servletContext) {
WebApp webApp = parseXmlFragment();
for (ServletDef def : webApp.getServletDefs()) {
logger.trace("Registering precompiled JSP: {} -> {}", def.getName(), def.getSclass());
LOG.trace("Registering precompiled JSP: {} -> {}", def.getName(), def.getSclass());
ServletRegistration.Dynamic reg = servletContext.addServlet(def.getName(), def.getSclass());
// Need to set loadOnStartup somewhere between 0 and 128. 0 is highest priority. 99 should be fine
reg.setLoadOnStartup(99);
}
for (ServletMappingDef mapping : webApp.getServletMappingDefs()) {
logger.trace("Mapping servlet: {} -> {}", mapping.getName(), mapping.getUrlPattern());
LOG.trace("Mapping servlet: {} -> {}", mapping.getName(), mapping.getUrlPattern());
servletContext.getServletRegistration(mapping.getName()).addMapping(mapping.getUrlPattern());
}
}

16
airsonic-main/src/main/java/org/airsonic/player/spring/SpringLiquibase.java
Unescape View File

@ -16,20 +16,20 @@ import java.sql.Connection;
import java.util.List;
public class SpringLiquibase extends liquibase.integration.spring.SpringLiquibase {
private static final Logger logger = LoggerFactory.getLogger(SpringLiquibase.class);
private static final Logger LOG = LoggerFactory.getLogger(SpringLiquibase.class);
@Override
public void afterPropertiesSet() throws LiquibaseException {
logger.trace("Starting Liquibase Update");
LOG.trace("Starting Liquibase Update");
try {
super.afterPropertiesSet();
} catch (Exception e) {
logger.error("===============================================");
logger.error("An exception occurred during database migration");
logger.error("A rollback file has been generated at " + rollbackFile);
logger.error("Execute it within your database to rollback any changes");
logger.error("The exception is as follows\n", e);
logger.error("===============================================");
LOG.error("===============================================");
LOG.error("An exception occurred during database migration");
LOG.error("A rollback file has been generated at " + rollbackFile);
LOG.error("Execute it within your database to rollback any changes");
LOG.error("The exception is as follows\n", e);
LOG.error("===============================================");
throw(e);
}
}

1
checkstyle.xml
Unescape View File

@ -64,6 +64,7 @@
<property name="allowEmptyMethods" value="true"/>
<property name="allowEmptyTypes" value="true"/>
</module>
<module name="org.airsonic.checkstyle.LoggerNameCheck"/>
</module>
<module name="UniqueProperties"/>

7
pom.xml
Unescape View File

@ -255,6 +255,13 @@
</goals>
</execution>
</executions>
<dependencies>
<dependency>
<groupId>org.airsonic</groupId>
<artifactId>checkstyle</artifactId>
<version>1.0-RELEASE</version>
</dependency>
</dependencies>
</plugin>
<plugin>
<groupId>org.owasp</groupId>

Write Preview
Loading…
Cancel
Save