diff --git a/libresonic-main/pom.xml b/libresonic-main/pom.xml
index 850c8ddb..0d0a6234 100644
--- a/libresonic-main/pom.xml
+++ b/libresonic-main/pom.xml
@@ -57,27 +57,18 @@
- org.acegisecurity
- acegi-security
- 1.0.5
-
-
- org.springframework
- spring-core
-
-
- org.springframework
- spring-remoting
-
-
- org.springframework
- spring-jdbc
-
-
- org.springframework
- spring-support
-
-
+ org.springframework.security
+ spring-security-web
+
+
+
+ org.springframework.security
+ spring-security-ldap
+
+
+
+ org.springframework.security
+ spring-security-config
diff --git a/libresonic-main/src/main/java/org/libresonic/player/controller/MultiController.java b/libresonic-main/src/main/java/org/libresonic/player/controller/MultiController.java
index 883e7670..e37b736e 100644
--- a/libresonic-main/src/main/java/org/libresonic/player/controller/MultiController.java
+++ b/libresonic-main/src/main/java/org/libresonic/player/controller/MultiController.java
@@ -19,30 +19,19 @@
*/
package org.libresonic.player.controller;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Date;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
import javax.mail.Message;
import javax.mail.Session;
import javax.mail.Transport;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
-
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import net.tanesha.recaptcha.ReCaptcha;
+import net.tanesha.recaptcha.ReCaptchaFactory;
+import net.tanesha.recaptcha.ReCaptchaResponse;
import org.apache.commons.lang.ObjectUtils;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.commons.lang.StringUtils;
-import org.springframework.web.bind.ServletRequestUtils;
-import org.springframework.web.servlet.ModelAndView;
-import org.springframework.web.servlet.mvc.multiaction.MultiActionController;
-import org.springframework.web.servlet.view.RedirectView;
-
import org.libresonic.player.Logger;
import org.libresonic.player.domain.Playlist;
import org.libresonic.player.domain.User;
@@ -51,9 +40,16 @@ import org.libresonic.player.service.PlaylistService;
import org.libresonic.player.service.SecurityService;
import org.libresonic.player.service.SettingsService;
import org.libresonic.player.util.StringUtil;
-import net.tanesha.recaptcha.ReCaptcha;
-import net.tanesha.recaptcha.ReCaptchaFactory;
-import net.tanesha.recaptcha.ReCaptchaResponse;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.bind.ServletRequestUtils;
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.mvc.multiaction.MultiActionController;
+import org.springframework.web.servlet.view.RedirectView;
+
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
/**
* Multi-controller used for simple pages.
@@ -76,8 +72,10 @@ public class MultiController extends MultiActionController {
if (username != null && password != null) {
username = StringUtil.urlEncode(username);
password = StringUtil.urlEncode(password);
- return new ModelAndView(new RedirectView("j_acegi_security_check?j_username=" + username +
- "&j_password=" + password + "&_acegi_security_remember_me=checked"));
+ return new ModelAndView(new RedirectView("/j_spring_security_check?"+
+ UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY+"=" + username +
+ "&"+UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY+"=" + password
+ ));
}
Map map = new HashMap();
@@ -297,4 +295,4 @@ public class MultiController extends MultiActionController {
public void setPlaylistService(PlaylistService playlistService) {
this.playlistService = playlistService;
}
-}
\ No newline at end of file
+}
diff --git a/libresonic-main/src/main/java/org/libresonic/player/ldap/LibresonicLdapBindAuthenticator.java b/libresonic-main/src/main/java/org/libresonic/player/ldap/LibresonicLdapBindAuthenticator.java
deleted file mode 100644
index 3591f944..00000000
--- a/libresonic-main/src/main/java/org/libresonic/player/ldap/LibresonicLdapBindAuthenticator.java
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- This file is part of Libresonic.
-
- Libresonic is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- Libresonic is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with Libresonic. If not, see .
-
- Copyright 2016 (C) Libresonic Authors
- Based upon Subsonic, Copyright 2009 (C) Sindre Mehus
- */
-package org.libresonic.player.ldap;
-
-import org.libresonic.player.Logger;
-import org.libresonic.player.domain.User;
-import org.libresonic.player.service.SecurityService;
-import org.libresonic.player.service.SettingsService;
-import org.acegisecurity.BadCredentialsException;
-import org.acegisecurity.ldap.DefaultInitialDirContextFactory;
-import org.acegisecurity.ldap.search.FilterBasedLdapUserSearch;
-import org.acegisecurity.providers.ldap.LdapAuthenticator;
-import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator;
-import org.acegisecurity.userdetails.ldap.LdapUserDetails;
-import org.apache.commons.lang.StringUtils;
-
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- * LDAP authenticator which uses a delegate {@link BindAuthenticator}, and which
- * supports dynamically changing LDAP provider URL and search filter.
- *
- * @author Sindre Mehus
- */
-public class LibresonicLdapBindAuthenticator implements LdapAuthenticator {
-
- private static final Logger LOG = Logger.getLogger(LibresonicLdapBindAuthenticator.class);
-
- private SecurityService securityService;
- private SettingsService settingsService;
-
- private long authenticatorTimestamp;
- private BindAuthenticator delegateAuthenticator;
-
- public LdapUserDetails authenticate(String username, String password) {
-
- // LDAP authentication must be enabled on the system.
- if (!settingsService.isLdapEnabled()) {
- throw new BadCredentialsException("LDAP authentication disabled.");
- }
-
- // User must be defined in Libresonic, unless auto-shadowing is enabled.
- User user = securityService.getUserByName(username);
- if (user == null && !settingsService.isLdapAutoShadowing()) {
- throw new BadCredentialsException("User does not exist.");
- }
-
- // LDAP authentication must be enabled for the given user.
- if (user != null && !user.isLdapAuthenticated()) {
- throw new BadCredentialsException("LDAP authentication disabled for user.");
- }
-
- try {
- createDelegate();
- LdapUserDetails details = delegateAuthenticator.authenticate(username, password);
- if (details != null) {
- LOG.info("User '" + username + "' successfully authenticated in LDAP. DN: " + details.getDn());
-
- if (user == null) {
- User newUser = new User(username, "", null, true, 0L, 0L, 0L);
- newUser.setStreamRole(true);
- newUser.setSettingsRole(true);
- securityService.createUser(newUser);
- LOG.info("Created local user '" + username + "' for DN " + details.getDn());
- }
- }
-
- return details;
- } catch (RuntimeException x) {
- LOG.info("Failed to authenticate user '" + username + "' in LDAP.", x);
- throw x;
- }
- }
-
- /**
- * Creates the delegate {@link BindAuthenticator}.
- */
- private synchronized void createDelegate() {
-
- // Only create it if necessary.
- if (delegateAuthenticator == null || authenticatorTimestamp < settingsService.getSettingsChanged()) {
-
- DefaultInitialDirContextFactory contextFactory = new DefaultInitialDirContextFactory(settingsService.getLdapUrl());
-
- String managerDn = settingsService.getLdapManagerDn();
- String managerPassword = settingsService.getLdapManagerPassword();
- if (StringUtils.isNotEmpty(managerDn) && StringUtils.isNotEmpty(managerPassword)) {
- contextFactory.setManagerDn(managerDn);
- contextFactory.setManagerPassword(managerPassword);
- }
-
- Map extraEnvVars = new HashMap();
- extraEnvVars.put("java.naming.referral", "follow");
- contextFactory.setExtraEnvVars(extraEnvVars);
-
- FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch("", settingsService.getLdapSearchFilter(), contextFactory);
- userSearch.setSearchSubtree(true);
- userSearch.setDerefLinkFlag(true);
-
- delegateAuthenticator = new BindAuthenticator(contextFactory);
- delegateAuthenticator.setUserSearch(userSearch);
-
- authenticatorTimestamp = settingsService.getSettingsChanged();
- }
- }
-
- public void setSecurityService(SecurityService securityService) {
- this.securityService = securityService;
- }
-
- public void setSettingsService(SettingsService settingsService) {
- this.settingsService = settingsService;
- }
-}
diff --git a/libresonic-main/src/main/java/org/libresonic/player/ldap/UserDetailsServiceBasedAuthoritiesPopulator.java b/libresonic-main/src/main/java/org/libresonic/player/ldap/UserDetailsServiceBasedAuthoritiesPopulator.java
deleted file mode 100644
index 81f4e3ef..00000000
--- a/libresonic-main/src/main/java/org/libresonic/player/ldap/UserDetailsServiceBasedAuthoritiesPopulator.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- This file is part of Libresonic.
-
- Libresonic is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- Libresonic is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with Libresonic. If not, see .
-
- Copyright 2016 (C) Libresonic Authors
- Based upon Subsonic, Copyright 2009 (C) Sindre Mehus
- */
-package org.libresonic.player.ldap;
-
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.ldap.LdapDataAccessException;
-import org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator;
-import org.acegisecurity.userdetails.UserDetailsService;
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.userdetails.ldap.LdapUserDetails;
-
-/**
- * An {@link LdapAuthoritiesPopulator} that retrieves the roles from the
- * database using the {@link UserDetailsService} instead of retrieving the roles
- * from LDAP. An instance of this class can be configured for the
- * {@link org.acegisecurity.providers.ldap.LdapAuthenticationProvider} when
- * authentication should be done using LDAP and authorization using the
- * information stored in the database.
- *
- * @author Thomas M. Hofmann
- */
-public class UserDetailsServiceBasedAuthoritiesPopulator implements LdapAuthoritiesPopulator {
-
- private UserDetailsService userDetailsService;
-
- public GrantedAuthority[] getGrantedAuthorities(LdapUserDetails userDetails) throws LdapDataAccessException {
- UserDetails details = userDetailsService.loadUserByUsername(userDetails.getUsername());
- return details.getAuthorities();
- }
-
- public void setUserDetailsService(UserDetailsService userDetailsService) {
- this.userDetailsService = userDetailsService;
- }
-}
\ No newline at end of file
diff --git a/libresonic-main/src/main/java/org/libresonic/player/security/LibresonicApplicationEventListener.java b/libresonic-main/src/main/java/org/libresonic/player/security/LibresonicApplicationEventListener.java
index 48469d42..dfeaee5f 100644
--- a/libresonic-main/src/main/java/org/libresonic/player/security/LibresonicApplicationEventListener.java
+++ b/libresonic-main/src/main/java/org/libresonic/player/security/LibresonicApplicationEventListener.java
@@ -19,11 +19,11 @@
package org.libresonic.player.security;
-import org.acegisecurity.event.authentication.AbstractAuthenticationFailureEvent;
-import org.acegisecurity.providers.AbstractAuthenticationToken;
-import org.acegisecurity.ui.WebAuthenticationDetails;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationListener;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
+import org.springframework.security.web.authentication.WebAuthenticationDetails;
/**
* @author Sindre Mehus
diff --git a/libresonic-main/src/main/java/org/libresonic/player/security/RESTRequestParameterProcessingFilter.java b/libresonic-main/src/main/java/org/libresonic/player/security/RESTRequestParameterProcessingFilter.java
index 9081c372..efa374b6 100644
--- a/libresonic-main/src/main/java/org/libresonic/player/security/RESTRequestParameterProcessingFilter.java
+++ b/libresonic-main/src/main/java/org/libresonic/player/security/RESTRequestParameterProcessingFilter.java
@@ -19,25 +19,8 @@
*/
package org.libresonic.player.security;
-import java.io.IOException;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.acegisecurity.Authentication;
-import org.acegisecurity.AuthenticationException;
-import org.acegisecurity.context.SecurityContextHolder;
-import org.acegisecurity.providers.ProviderManager;
-import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringUtils;
-
import org.libresonic.player.Logger;
import org.libresonic.player.controller.JAXBWriter;
import org.libresonic.player.controller.RESTController;
@@ -47,6 +30,16 @@ import org.libresonic.player.domain.Version;
import org.libresonic.player.service.SecurityService;
import org.libresonic.player.service.SettingsService;
import org.libresonic.player.util.StringUtil;
+import org.springframework.security.authentication.ProviderManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
/**
* Performs authentication based on credentials being present in the HTTP request parameters. Also checks
diff --git a/libresonic-main/src/main/java/org/libresonic/player/service/SecurityService.java b/libresonic-main/src/main/java/org/libresonic/player/service/SecurityService.java
index 773e215e..2b79c018 100644
--- a/libresonic-main/src/main/java/org/libresonic/player/service/SecurityService.java
+++ b/libresonic-main/src/main/java/org/libresonic/player/service/SecurityService.java
@@ -19,20 +19,6 @@
*/
package org.libresonic.player.service;
-import java.io.File;
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.GrantedAuthorityImpl;
-import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.userdetails.UserDetailsService;
-import org.acegisecurity.userdetails.UsernameNotFoundException;
-import org.acegisecurity.wrapper.SecurityContextHolderAwareRequestWrapper;
-import org.springframework.dao.DataAccessException;
-
import net.sf.ehcache.Ehcache;
import org.libresonic.player.Logger;
import org.libresonic.player.dao.UserDao;
@@ -40,6 +26,18 @@ import org.libresonic.player.domain.MediaFile;
import org.libresonic.player.domain.MusicFolder;
import org.libresonic.player.domain.User;
import org.libresonic.player.util.FileUtil;
+import org.springframework.dao.DataAccessException;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper;
+
+import javax.servlet.http.HttpServletRequest;
+import java.io.File;
+import java.util.ArrayList;
+import java.util.List;
/**
* Provides security-related services for authentication and authorization.
@@ -57,7 +55,7 @@ public class SecurityService implements UserDetailsService {
/**
* Locates the user based on the username.
*
- * @param username The username presented to the {@link DaoAuthenticationProvider}
+ * @param username The username
* @return A fully populated user record (never null)
* @throws UsernameNotFoundException if the user could not be found or the user has no GrantedAuthority.
* @throws DataAccessException If user could not be found for a repository-specific reason.
@@ -69,16 +67,14 @@ public class SecurityService implements UserDetailsService {
}
String[] roles = userDao.getRolesForUser(username);
- GrantedAuthority[] authorities = new GrantedAuthority[roles.length];
+ List authorities = new ArrayList<>();
+ authorities.add(new SimpleGrantedAuthority("IS_AUTHENTICATED_ANONYMOUSLY"));
+ authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
for (int i = 0; i < roles.length; i++) {
- authorities[i] = new GrantedAuthorityImpl("ROLE_" + roles[i].toUpperCase());
+ authorities.add(new SimpleGrantedAuthority("ROLE_" + roles[i].toUpperCase()));
}
- // If user is LDAP authenticated, disable user. The proper authentication should in that case
- // be done by LibresonicLdapBindAuthenticator.
- boolean enabled = !user.isLdapAuthenticated();
-
- return new org.acegisecurity.userdetails.User(username, user.getPassword(), enabled, true, true, true, authorities);
+ return new org.springframework.security.core.userdetails.User(username, user.getPassword(), authorities);
}
/**
diff --git a/libresonic-main/src/main/webapp/WEB-INF/applicationContext-security.xml b/libresonic-main/src/main/webapp/WEB-INF/applicationContext-security.xml
index b2af9b4b..4a9850e8 100644
--- a/libresonic-main/src/main/webapp/WEB-INF/applicationContext-security.xml
+++ b/libresonic-main/src/main/webapp/WEB-INF/applicationContext-security.xml
@@ -1,246 +1,65 @@
-
-
-
-
-
-
-
-
-
-
-
- PATTERN_TYPE_APACHE_ANT
- /wap**=httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,basicExceptionTranslationFilter,filterInvocationInterceptor
- /podcastChannel**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
- /podcast**=httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,basicExceptionTranslationFilter,filterInvocationInterceptor
- /rest/**=httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,restRequestParameterProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,basicExceptionTranslationFilter,filterInvocationInterceptor
- /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- PATTERN_TYPE_APACHE_ANT
-
- /login.view=IS_AUTHENTICATED_ANONYMOUSLY
- /recover.view=IS_AUTHENTICATED_ANONYMOUSLY
- /accessDenied.view=IS_AUTHENTICATED_ANONYMOUSLY
- /coverArt.view=IS_AUTHENTICATED_ANONYMOUSLY
- /hls/**=IS_AUTHENTICATED_ANONYMOUSLY
- /stream/**=IS_AUTHENTICATED_ANONYMOUSLY
- /ws/**=IS_AUTHENTICATED_ANONYMOUSLY
- /share/**=IS_AUTHENTICATED_ANONYMOUSLY
- /style/**=IS_AUTHENTICATED_ANONYMOUSLY
- /icons/**=IS_AUTHENTICATED_ANONYMOUSLY
- /flash/**=IS_AUTHENTICATED_ANONYMOUSLY
- /script/**=IS_AUTHENTICATED_ANONYMOUSLY
- /sonos/**=IS_AUTHENTICATED_ANONYMOUSLY
- /crossdomain.xml=IS_AUTHENTICATED_ANONYMOUSLY
-
- /personalSettings.view=ROLE_SETTINGS
- /passwordSettings.view=ROLE_SETTINGS
- /playerSettings.view=ROLE_SETTINGS
- /shareSettings.view=ROLE_SETTINGS
-
- /generalSettings.view=ROLE_ADMIN
- /advancedSettings.view=ROLE_ADMIN
- /userSettings.view=ROLE_ADMIN
- /musicFolderSettings.view=ROLE_ADMIN
- /networkSettings.view=ROLE_ADMIN
- /dlnaSettings.view=ROLE_ADMIN
- /sonosSettings.view=ROLE_ADMIN
- /transcodingSettings.view=ROLE_ADMIN
- /internetRadioSettings.view=ROLE_ADMIN
- /podcastSettings.view=ROLE_ADMIN
- /db.view=ROLE_ADMIN
-
- /deletePlaylist.view=ROLE_PLAYLIST
- /savePlaylist.view=ROLE_PLAYLIST
-
- /download.view=ROLE_DOWNLOAD
-
- /upload.view=ROLE_UPLOAD
-
- /createShare.view=ROLE_SHARE
-
- /changeCoverArt.view=ROLE_COVERART
- /editTags.view=ROLE_COVERART
-
- /setMusicFileInfo.view=ROLE_COMMENT
-
- /podcastReceiverAdmin.view=ROLE_PODCAST
-
- /**=IS_AUTHENTICATED_REMEMBERED
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- org.libresonic.player.ajax.TagService.setTags=ROLE_COVERART
- org.libresonic.player.ajax.TransferService.getUploadInfo=ROLE_UPLOAD
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+ http://www.springframework.org/schema/security
+ http://www.springframework.org/schema/security/spring-security-3.2.xsd">
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/libresonic-main/src/main/webapp/WEB-INF/jsp/login.jsp b/libresonic-main/src/main/webapp/WEB-INF/jsp/login.jsp
index acc6a193..6209b414 100644
--- a/libresonic-main/src/main/webapp/WEB-INF/jsp/login.jsp
+++ b/libresonic-main/src/main/webapp/WEB-INF/jsp/login.jsp
@@ -12,7 +12,7 @@
-" method="POST">
+" method="POST">
@@ -35,10 +35,6 @@
| " tabindex="4"> |
-
-
-
- |
|
diff --git a/libresonic-main/src/main/webapp/WEB-INF/jsp/top.jsp b/libresonic-main/src/main/webapp/WEB-INF/jsp/top.jsp
index a8e1cbe3..7eeb095d 100644
--- a/libresonic-main/src/main/webapp/WEB-INF/jsp/top.jsp
+++ b/libresonic-main/src/main/webapp/WEB-INF/jsp/top.jsp
@@ -138,7 +138,7 @@
diff --git a/libresonic-main/src/main/webapp/WEB-INF/web.xml b/libresonic-main/src/main/webapp/WEB-INF/web.xml
index 661fffe8..5bd36336 100644
--- a/libresonic-main/src/main/webapp/WEB-INF/web.xml
+++ b/libresonic-main/src/main/webapp/WEB-INF/web.xml
@@ -208,16 +208,12 @@
- AcegiFilter
- org.acegisecurity.util.FilterToBeanProxy
-
- targetClass
- org.acegisecurity.util.FilterChainProxy
-
+ springSecurityFilterChain
+ org.springframework.web.filter.DelegatingFilterProxy
- AcegiFilter
+ springSecurityFilterChain
/*
diff --git a/pom.xml b/pom.xml
index 85a35243..4cfd9010 100644
--- a/pom.xml
+++ b/pom.xml
@@ -18,6 +18,7 @@
iso-8859-1
2.4.2
3.2.17.RELEASE
+ 3.2.9.RELEASE
@@ -109,6 +110,22 @@
spring-web
${spring.version}
+
+ org.springframework.security
+ spring-security-web
+ ${spring.security.version}
+
+
+ org.springframework.security
+ spring-security-ldap
+ ${spring.security.version}
+
+
+ org.springframework.security
+ spring-security-config
+ ${spring.security.version}
+ jar
+
org.springframework
spring-jdbc