From a3c64d2024a443612a76be4c10b448f352c88260 Mon Sep 17 00:00:00 2001 From: Andrew DeMaria Date: Wed, 19 Oct 2016 20:25:02 -0600 Subject: [PATCH] Migrate from acegisecurity to spring security Signed-off-by: Andrew DeMaria --- libresonic-main/pom.xml | 33 +- .../player/controller/MultiController.java | 42 ++- .../ldap/LibresonicLdapBindAuthenticator.java | 132 -------- ...tailsServiceBasedAuthoritiesPopulator.java | 51 --- .../LibresonicApplicationEventListener.java | 6 +- .../RESTRequestParameterProcessingFilter.java | 27 +- .../player/service/SecurityService.java | 40 ++- .../WEB-INF/applicationContext-security.xml | 305 ++++-------------- .../src/main/webapp/WEB-INF/jsp/login.jsp | 6 +- .../src/main/webapp/WEB-INF/jsp/top.jsp | 2 +- .../src/main/webapp/WEB-INF/web.xml | 10 +- pom.xml | 17 + 12 files changed, 147 insertions(+), 524 deletions(-) delete mode 100644 libresonic-main/src/main/java/org/libresonic/player/ldap/LibresonicLdapBindAuthenticator.java delete mode 100644 libresonic-main/src/main/java/org/libresonic/player/ldap/UserDetailsServiceBasedAuthoritiesPopulator.java diff --git a/libresonic-main/pom.xml b/libresonic-main/pom.xml index 850c8ddb..0d0a6234 100644 --- a/libresonic-main/pom.xml +++ b/libresonic-main/pom.xml @@ -57,27 +57,18 @@ - org.acegisecurity - acegi-security - 1.0.5 - - - org.springframework - spring-core - - - org.springframework - spring-remoting - - - org.springframework - spring-jdbc - - - org.springframework - spring-support - - + org.springframework.security + spring-security-web + + + + org.springframework.security + spring-security-ldap + + + + org.springframework.security + spring-security-config diff --git a/libresonic-main/src/main/java/org/libresonic/player/controller/MultiController.java b/libresonic-main/src/main/java/org/libresonic/player/controller/MultiController.java index 883e7670..e37b736e 100644 --- a/libresonic-main/src/main/java/org/libresonic/player/controller/MultiController.java +++ b/libresonic-main/src/main/java/org/libresonic/player/controller/MultiController.java @@ -19,30 +19,19 @@ */ package org.libresonic.player.controller; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Properties; -import java.util.Date; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - import javax.mail.Message; import javax.mail.Session; import javax.mail.Transport; import javax.mail.internet.InternetAddress; import javax.mail.internet.MimeMessage; - +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import net.tanesha.recaptcha.ReCaptcha; +import net.tanesha.recaptcha.ReCaptchaFactory; +import net.tanesha.recaptcha.ReCaptchaResponse; import org.apache.commons.lang.ObjectUtils; import org.apache.commons.lang.RandomStringUtils; import org.apache.commons.lang.StringUtils; -import org.springframework.web.bind.ServletRequestUtils; -import org.springframework.web.servlet.ModelAndView; -import org.springframework.web.servlet.mvc.multiaction.MultiActionController; -import org.springframework.web.servlet.view.RedirectView; - import org.libresonic.player.Logger; import org.libresonic.player.domain.Playlist; import org.libresonic.player.domain.User; @@ -51,9 +40,16 @@ import org.libresonic.player.service.PlaylistService; import org.libresonic.player.service.SecurityService; import org.libresonic.player.service.SettingsService; import org.libresonic.player.util.StringUtil; -import net.tanesha.recaptcha.ReCaptcha; -import net.tanesha.recaptcha.ReCaptchaFactory; -import net.tanesha.recaptcha.ReCaptchaResponse; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.web.bind.ServletRequestUtils; +import org.springframework.web.servlet.ModelAndView; +import org.springframework.web.servlet.mvc.multiaction.MultiActionController; +import org.springframework.web.servlet.view.RedirectView; + +import java.util.Date; +import java.util.HashMap; +import java.util.Map; +import java.util.Properties; /** * Multi-controller used for simple pages. @@ -76,8 +72,10 @@ public class MultiController extends MultiActionController { if (username != null && password != null) { username = StringUtil.urlEncode(username); password = StringUtil.urlEncode(password); - return new ModelAndView(new RedirectView("j_acegi_security_check?j_username=" + username + - "&j_password=" + password + "&_acegi_security_remember_me=checked")); + return new ModelAndView(new RedirectView("/j_spring_security_check?"+ + UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY+"=" + username + + "&"+UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY+"=" + password + )); } Map map = new HashMap(); @@ -297,4 +295,4 @@ public class MultiController extends MultiActionController { public void setPlaylistService(PlaylistService playlistService) { this.playlistService = playlistService; } -} \ No newline at end of file +} diff --git a/libresonic-main/src/main/java/org/libresonic/player/ldap/LibresonicLdapBindAuthenticator.java b/libresonic-main/src/main/java/org/libresonic/player/ldap/LibresonicLdapBindAuthenticator.java deleted file mode 100644 index 3591f944..00000000 --- a/libresonic-main/src/main/java/org/libresonic/player/ldap/LibresonicLdapBindAuthenticator.java +++ /dev/null @@ -1,132 +0,0 @@ -/* - This file is part of Libresonic. - - Libresonic is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - Libresonic is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Libresonic. If not, see . - - Copyright 2016 (C) Libresonic Authors - Based upon Subsonic, Copyright 2009 (C) Sindre Mehus - */ -package org.libresonic.player.ldap; - -import org.libresonic.player.Logger; -import org.libresonic.player.domain.User; -import org.libresonic.player.service.SecurityService; -import org.libresonic.player.service.SettingsService; -import org.acegisecurity.BadCredentialsException; -import org.acegisecurity.ldap.DefaultInitialDirContextFactory; -import org.acegisecurity.ldap.search.FilterBasedLdapUserSearch; -import org.acegisecurity.providers.ldap.LdapAuthenticator; -import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator; -import org.acegisecurity.userdetails.ldap.LdapUserDetails; -import org.apache.commons.lang.StringUtils; - -import java.util.HashMap; -import java.util.Map; - -/** - * LDAP authenticator which uses a delegate {@link BindAuthenticator}, and which - * supports dynamically changing LDAP provider URL and search filter. - * - * @author Sindre Mehus - */ -public class LibresonicLdapBindAuthenticator implements LdapAuthenticator { - - private static final Logger LOG = Logger.getLogger(LibresonicLdapBindAuthenticator.class); - - private SecurityService securityService; - private SettingsService settingsService; - - private long authenticatorTimestamp; - private BindAuthenticator delegateAuthenticator; - - public LdapUserDetails authenticate(String username, String password) { - - // LDAP authentication must be enabled on the system. - if (!settingsService.isLdapEnabled()) { - throw new BadCredentialsException("LDAP authentication disabled."); - } - - // User must be defined in Libresonic, unless auto-shadowing is enabled. - User user = securityService.getUserByName(username); - if (user == null && !settingsService.isLdapAutoShadowing()) { - throw new BadCredentialsException("User does not exist."); - } - - // LDAP authentication must be enabled for the given user. - if (user != null && !user.isLdapAuthenticated()) { - throw new BadCredentialsException("LDAP authentication disabled for user."); - } - - try { - createDelegate(); - LdapUserDetails details = delegateAuthenticator.authenticate(username, password); - if (details != null) { - LOG.info("User '" + username + "' successfully authenticated in LDAP. DN: " + details.getDn()); - - if (user == null) { - User newUser = new User(username, "", null, true, 0L, 0L, 0L); - newUser.setStreamRole(true); - newUser.setSettingsRole(true); - securityService.createUser(newUser); - LOG.info("Created local user '" + username + "' for DN " + details.getDn()); - } - } - - return details; - } catch (RuntimeException x) { - LOG.info("Failed to authenticate user '" + username + "' in LDAP.", x); - throw x; - } - } - - /** - * Creates the delegate {@link BindAuthenticator}. - */ - private synchronized void createDelegate() { - - // Only create it if necessary. - if (delegateAuthenticator == null || authenticatorTimestamp < settingsService.getSettingsChanged()) { - - DefaultInitialDirContextFactory contextFactory = new DefaultInitialDirContextFactory(settingsService.getLdapUrl()); - - String managerDn = settingsService.getLdapManagerDn(); - String managerPassword = settingsService.getLdapManagerPassword(); - if (StringUtils.isNotEmpty(managerDn) && StringUtils.isNotEmpty(managerPassword)) { - contextFactory.setManagerDn(managerDn); - contextFactory.setManagerPassword(managerPassword); - } - - Map extraEnvVars = new HashMap(); - extraEnvVars.put("java.naming.referral", "follow"); - contextFactory.setExtraEnvVars(extraEnvVars); - - FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch("", settingsService.getLdapSearchFilter(), contextFactory); - userSearch.setSearchSubtree(true); - userSearch.setDerefLinkFlag(true); - - delegateAuthenticator = new BindAuthenticator(contextFactory); - delegateAuthenticator.setUserSearch(userSearch); - - authenticatorTimestamp = settingsService.getSettingsChanged(); - } - } - - public void setSecurityService(SecurityService securityService) { - this.securityService = securityService; - } - - public void setSettingsService(SettingsService settingsService) { - this.settingsService = settingsService; - } -} diff --git a/libresonic-main/src/main/java/org/libresonic/player/ldap/UserDetailsServiceBasedAuthoritiesPopulator.java b/libresonic-main/src/main/java/org/libresonic/player/ldap/UserDetailsServiceBasedAuthoritiesPopulator.java deleted file mode 100644 index 81f4e3ef..00000000 --- a/libresonic-main/src/main/java/org/libresonic/player/ldap/UserDetailsServiceBasedAuthoritiesPopulator.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - This file is part of Libresonic. - - Libresonic is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - Libresonic is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Libresonic. If not, see . - - Copyright 2016 (C) Libresonic Authors - Based upon Subsonic, Copyright 2009 (C) Sindre Mehus - */ -package org.libresonic.player.ldap; - -import org.acegisecurity.GrantedAuthority; -import org.acegisecurity.ldap.LdapDataAccessException; -import org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator; -import org.acegisecurity.userdetails.UserDetailsService; -import org.acegisecurity.userdetails.UserDetails; -import org.acegisecurity.userdetails.ldap.LdapUserDetails; - -/** - * An {@link LdapAuthoritiesPopulator} that retrieves the roles from the - * database using the {@link UserDetailsService} instead of retrieving the roles - * from LDAP. An instance of this class can be configured for the - * {@link org.acegisecurity.providers.ldap.LdapAuthenticationProvider} when - * authentication should be done using LDAP and authorization using the - * information stored in the database. - * - * @author Thomas M. Hofmann - */ -public class UserDetailsServiceBasedAuthoritiesPopulator implements LdapAuthoritiesPopulator { - - private UserDetailsService userDetailsService; - - public GrantedAuthority[] getGrantedAuthorities(LdapUserDetails userDetails) throws LdapDataAccessException { - UserDetails details = userDetailsService.loadUserByUsername(userDetails.getUsername()); - return details.getAuthorities(); - } - - public void setUserDetailsService(UserDetailsService userDetailsService) { - this.userDetailsService = userDetailsService; - } -} \ No newline at end of file diff --git a/libresonic-main/src/main/java/org/libresonic/player/security/LibresonicApplicationEventListener.java b/libresonic-main/src/main/java/org/libresonic/player/security/LibresonicApplicationEventListener.java index 48469d42..dfeaee5f 100644 --- a/libresonic-main/src/main/java/org/libresonic/player/security/LibresonicApplicationEventListener.java +++ b/libresonic-main/src/main/java/org/libresonic/player/security/LibresonicApplicationEventListener.java @@ -19,11 +19,11 @@ package org.libresonic.player.security; -import org.acegisecurity.event.authentication.AbstractAuthenticationFailureEvent; -import org.acegisecurity.providers.AbstractAuthenticationToken; -import org.acegisecurity.ui.WebAuthenticationDetails; import org.springframework.context.ApplicationEvent; import org.springframework.context.ApplicationListener; +import org.springframework.security.authentication.AbstractAuthenticationToken; +import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent; +import org.springframework.security.web.authentication.WebAuthenticationDetails; /** * @author Sindre Mehus diff --git a/libresonic-main/src/main/java/org/libresonic/player/security/RESTRequestParameterProcessingFilter.java b/libresonic-main/src/main/java/org/libresonic/player/security/RESTRequestParameterProcessingFilter.java index 9081c372..efa374b6 100644 --- a/libresonic-main/src/main/java/org/libresonic/player/security/RESTRequestParameterProcessingFilter.java +++ b/libresonic-main/src/main/java/org/libresonic/player/security/RESTRequestParameterProcessingFilter.java @@ -19,25 +19,8 @@ */ package org.libresonic.player.security; -import java.io.IOException; - -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.acegisecurity.Authentication; -import org.acegisecurity.AuthenticationException; -import org.acegisecurity.context.SecurityContextHolder; -import org.acegisecurity.providers.ProviderManager; -import org.acegisecurity.providers.UsernamePasswordAuthenticationToken; import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.lang.StringUtils; - import org.libresonic.player.Logger; import org.libresonic.player.controller.JAXBWriter; import org.libresonic.player.controller.RESTController; @@ -47,6 +30,16 @@ import org.libresonic.player.domain.Version; import org.libresonic.player.service.SecurityService; import org.libresonic.player.service.SettingsService; import org.libresonic.player.util.StringUtil; +import org.springframework.security.authentication.ProviderManager; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.context.SecurityContextHolder; + +import javax.servlet.*; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; /** * Performs authentication based on credentials being present in the HTTP request parameters. Also checks diff --git a/libresonic-main/src/main/java/org/libresonic/player/service/SecurityService.java b/libresonic-main/src/main/java/org/libresonic/player/service/SecurityService.java index 773e215e..2b79c018 100644 --- a/libresonic-main/src/main/java/org/libresonic/player/service/SecurityService.java +++ b/libresonic-main/src/main/java/org/libresonic/player/service/SecurityService.java @@ -19,20 +19,6 @@ */ package org.libresonic.player.service; -import java.io.File; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; - -import org.acegisecurity.GrantedAuthority; -import org.acegisecurity.GrantedAuthorityImpl; -import org.acegisecurity.providers.dao.DaoAuthenticationProvider; -import org.acegisecurity.userdetails.UserDetails; -import org.acegisecurity.userdetails.UserDetailsService; -import org.acegisecurity.userdetails.UsernameNotFoundException; -import org.acegisecurity.wrapper.SecurityContextHolderAwareRequestWrapper; -import org.springframework.dao.DataAccessException; - import net.sf.ehcache.Ehcache; import org.libresonic.player.Logger; import org.libresonic.player.dao.UserDao; @@ -40,6 +26,18 @@ import org.libresonic.player.domain.MediaFile; import org.libresonic.player.domain.MusicFolder; import org.libresonic.player.domain.User; import org.libresonic.player.util.FileUtil; +import org.springframework.dao.DataAccessException; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper; + +import javax.servlet.http.HttpServletRequest; +import java.io.File; +import java.util.ArrayList; +import java.util.List; /** * Provides security-related services for authentication and authorization. @@ -57,7 +55,7 @@ public class SecurityService implements UserDetailsService { /** * Locates the user based on the username. * - * @param username The username presented to the {@link DaoAuthenticationProvider} + * @param username The username * @return A fully populated user record (never null) * @throws UsernameNotFoundException if the user could not be found or the user has no GrantedAuthority. * @throws DataAccessException If user could not be found for a repository-specific reason. @@ -69,16 +67,14 @@ public class SecurityService implements UserDetailsService { } String[] roles = userDao.getRolesForUser(username); - GrantedAuthority[] authorities = new GrantedAuthority[roles.length]; + List authorities = new ArrayList<>(); + authorities.add(new SimpleGrantedAuthority("IS_AUTHENTICATED_ANONYMOUSLY")); + authorities.add(new SimpleGrantedAuthority("ROLE_USER")); for (int i = 0; i < roles.length; i++) { - authorities[i] = new GrantedAuthorityImpl("ROLE_" + roles[i].toUpperCase()); + authorities.add(new SimpleGrantedAuthority("ROLE_" + roles[i].toUpperCase())); } - // If user is LDAP authenticated, disable user. The proper authentication should in that case - // be done by LibresonicLdapBindAuthenticator. - boolean enabled = !user.isLdapAuthenticated(); - - return new org.acegisecurity.userdetails.User(username, user.getPassword(), enabled, true, true, true, authorities); + return new org.springframework.security.core.userdetails.User(username, user.getPassword(), authorities); } /** diff --git a/libresonic-main/src/main/webapp/WEB-INF/applicationContext-security.xml b/libresonic-main/src/main/webapp/WEB-INF/applicationContext-security.xml index b2af9b4b..4a9850e8 100644 --- a/libresonic-main/src/main/webapp/WEB-INF/applicationContext-security.xml +++ b/libresonic-main/src/main/webapp/WEB-INF/applicationContext-security.xml @@ -1,246 +1,65 @@ - - - - - - - - - - - - PATTERN_TYPE_APACHE_ANT - /wap**=httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,basicExceptionTranslationFilter,filterInvocationInterceptor - /podcastChannel**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor - /podcast**=httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,basicExceptionTranslationFilter,filterInvocationInterceptor - /rest/**=httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,restRequestParameterProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,basicExceptionTranslationFilter,filterInvocationInterceptor - /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - PATTERN_TYPE_APACHE_ANT - - /login.view=IS_AUTHENTICATED_ANONYMOUSLY - /recover.view=IS_AUTHENTICATED_ANONYMOUSLY - /accessDenied.view=IS_AUTHENTICATED_ANONYMOUSLY - /coverArt.view=IS_AUTHENTICATED_ANONYMOUSLY - /hls/**=IS_AUTHENTICATED_ANONYMOUSLY - /stream/**=IS_AUTHENTICATED_ANONYMOUSLY - /ws/**=IS_AUTHENTICATED_ANONYMOUSLY - /share/**=IS_AUTHENTICATED_ANONYMOUSLY - /style/**=IS_AUTHENTICATED_ANONYMOUSLY - /icons/**=IS_AUTHENTICATED_ANONYMOUSLY - /flash/**=IS_AUTHENTICATED_ANONYMOUSLY - /script/**=IS_AUTHENTICATED_ANONYMOUSLY - /sonos/**=IS_AUTHENTICATED_ANONYMOUSLY - /crossdomain.xml=IS_AUTHENTICATED_ANONYMOUSLY - - /personalSettings.view=ROLE_SETTINGS - /passwordSettings.view=ROLE_SETTINGS - /playerSettings.view=ROLE_SETTINGS - /shareSettings.view=ROLE_SETTINGS - - /generalSettings.view=ROLE_ADMIN - /advancedSettings.view=ROLE_ADMIN - /userSettings.view=ROLE_ADMIN - /musicFolderSettings.view=ROLE_ADMIN - /networkSettings.view=ROLE_ADMIN - /dlnaSettings.view=ROLE_ADMIN - /sonosSettings.view=ROLE_ADMIN - /transcodingSettings.view=ROLE_ADMIN - /internetRadioSettings.view=ROLE_ADMIN - /podcastSettings.view=ROLE_ADMIN - /db.view=ROLE_ADMIN - - /deletePlaylist.view=ROLE_PLAYLIST - /savePlaylist.view=ROLE_PLAYLIST - - /download.view=ROLE_DOWNLOAD - - /upload.view=ROLE_UPLOAD - - /createShare.view=ROLE_SHARE - - /changeCoverArt.view=ROLE_COVERART - /editTags.view=ROLE_COVERART - - /setMusicFileInfo.view=ROLE_COMMENT - - /podcastReceiverAdmin.view=ROLE_PODCAST - - /**=IS_AUTHENTICATED_REMEMBERED - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - org.libresonic.player.ajax.TagService.setTags=ROLE_COVERART - org.libresonic.player.ajax.TransferService.getUploadInfo=ROLE_UPLOAD - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file + xsi:schemaLocation="http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans-3.0.xsd + http://www.springframework.org/schema/security + http://www.springframework.org/schema/security/spring-security-3.2.xsd"> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/libresonic-main/src/main/webapp/WEB-INF/jsp/login.jsp b/libresonic-main/src/main/webapp/WEB-INF/jsp/login.jsp index acc6a193..6209b414 100644 --- a/libresonic-main/src/main/webapp/WEB-INF/jsp/login.jsp +++ b/libresonic-main/src/main/webapp/WEB-INF/jsp/login.jsp @@ -12,7 +12,7 @@ -
" method="POST"> +" method="POST">
@@ -35,10 +35,6 @@ " tabindex="4"> - - - - diff --git a/libresonic-main/src/main/webapp/WEB-INF/jsp/top.jsp b/libresonic-main/src/main/webapp/WEB-INF/jsp/top.jsp index a8e1cbe3..7eeb095d 100644 --- a/libresonic-main/src/main/webapp/WEB-INF/jsp/top.jsp +++ b/libresonic-main/src/main/webapp/WEB-INF/jsp/top.jsp @@ -138,7 +138,7 @@
- ${fn:escapeXml(logout)} + ${fn:escapeXml(logout)}
diff --git a/libresonic-main/src/main/webapp/WEB-INF/web.xml b/libresonic-main/src/main/webapp/WEB-INF/web.xml index 661fffe8..5bd36336 100644 --- a/libresonic-main/src/main/webapp/WEB-INF/web.xml +++ b/libresonic-main/src/main/webapp/WEB-INF/web.xml @@ -208,16 +208,12 @@ - AcegiFilter - org.acegisecurity.util.FilterToBeanProxy - - targetClass - org.acegisecurity.util.FilterChainProxy - + springSecurityFilterChain + org.springframework.web.filter.DelegatingFilterProxy - AcegiFilter + springSecurityFilterChain /* diff --git a/pom.xml b/pom.xml index 85a35243..4cfd9010 100644 --- a/pom.xml +++ b/pom.xml @@ -18,6 +18,7 @@ iso-8859-1 2.4.2 3.2.17.RELEASE + 3.2.9.RELEASE @@ -109,6 +110,22 @@ spring-web ${spring.version} + + org.springframework.security + spring-security-web + ${spring.security.version} + + + org.springframework.security + spring-security-ldap + ${spring.security.version} + + + org.springframework.security + spring-security-config + ${spring.security.version} + jar + org.springframework spring-jdbc