MightyPork
/
airsonic-custom
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Migrate from acegisecurity to spring security

Browse Source 
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
master
Andrew DeMaria 8 years ago
parent 6896538a6f
commit a3c64d2024
No known key found for this signature in database
GPG Key ID: 0A3F5E91F8364EDF
12 changed files with 147 additions and 524 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 33
      libresonic-main/pom.xml
  2. 40
      libresonic-main/src/main/java/org/libresonic/player/controller/MultiController.java
  3. 132
      libresonic-main/src/main/java/org/libresonic/player/ldap/LibresonicLdapBindAuthenticator.java
  4. 51
      libresonic-main/src/main/java/org/libresonic/player/ldap/UserDetailsServiceBasedAuthoritiesPopulator.java
  5. 6
      libresonic-main/src/main/java/org/libresonic/player/security/LibresonicApplicationEventListener.java
  6. 27
      libresonic-main/src/main/java/org/libresonic/player/security/RESTRequestParameterProcessingFilter.java
  7. 40
      libresonic-main/src/main/java/org/libresonic/player/service/SecurityService.java
  8. 303
      libresonic-main/src/main/webapp/WEB-INF/applicationContext-security.xml
  9. 6
      libresonic-main/src/main/webapp/WEB-INF/jsp/login.jsp
  10. 2
      libresonic-main/src/main/webapp/WEB-INF/jsp/top.jsp
  11. 10
      libresonic-main/src/main/webapp/WEB-INF/web.xml
  12. 17
      pom.xml

33
libresonic-main/pom.xml
Unescape View File

@ -57,27 +57,18 @@
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.acegisecurity</groupId> <groupId>org.springframework.security</groupId>
<artifactId>acegi-security</artifactId> <artifactId>spring-security-web</artifactId>
<version>1.0.5</version> </dependency>
<exclusions>
<exclusion> <dependency>
<groupId>org.springframework</groupId> <groupId>org.springframework.security</groupId>
<artifactId>spring-core</artifactId> <artifactId>spring-security-ldap</artifactId>
</exclusion> </dependency>
<exclusion>
<groupId>org.springframework</groupId> <dependency>
<artifactId>spring-remoting</artifactId> <groupId>org.springframework.security</groupId>
</exclusion> <artifactId>spring-security-config</artifactId>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-support</artifactId>
</exclusion>
</exclusions>
</dependency> </dependency>
<dependency> <dependency>

40
libresonic-main/src/main/java/org/libresonic/player/controller/MultiController.java
Unescape View File

@ -19,30 +19,19 @@
*/ */
package org.libresonic.player.controller; package org.libresonic.player.controller;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Date;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.mail.Message; import javax.mail.Message;
import javax.mail.Session; import javax.mail.Session;
import javax.mail.Transport; import javax.mail.Transport;
import javax.mail.internet.InternetAddress; import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage; import javax.mail.internet.MimeMessage;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.tanesha.recaptcha.ReCaptcha;
import net.tanesha.recaptcha.ReCaptchaFactory;
import net.tanesha.recaptcha.ReCaptchaResponse;
import org.apache.commons.lang.ObjectUtils; import org.apache.commons.lang.ObjectUtils;
import org.apache.commons.lang.RandomStringUtils; import org.apache.commons.lang.RandomStringUtils;
import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.StringUtils;
import org.springframework.web.bind.ServletRequestUtils;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.multiaction.MultiActionController;
import org.springframework.web.servlet.view.RedirectView;
import org.libresonic.player.Logger; import org.libresonic.player.Logger;
import org.libresonic.player.domain.Playlist; import org.libresonic.player.domain.Playlist;
import org.libresonic.player.domain.User; import org.libresonic.player.domain.User;
@ -51,9 +40,16 @@ import org.libresonic.player.service.PlaylistService;
import org.libresonic.player.service.SecurityService; import org.libresonic.player.service.SecurityService;
import org.libresonic.player.service.SettingsService; import org.libresonic.player.service.SettingsService;
import org.libresonic.player.util.StringUtil; import org.libresonic.player.util.StringUtil;
import net.tanesha.recaptcha.ReCaptcha; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import net.tanesha.recaptcha.ReCaptchaFactory; import org.springframework.web.bind.ServletRequestUtils;
import net.tanesha.recaptcha.ReCaptchaResponse; import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.multiaction.MultiActionController;
import org.springframework.web.servlet.view.RedirectView;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
/** /**
* Multi-controller used for simple pages. * Multi-controller used for simple pages.
@ -76,8 +72,10 @@ public class MultiController extends MultiActionController {
if (username != null && password != null) { if (username != null && password != null) {
username = StringUtil.urlEncode(username); username = StringUtil.urlEncode(username);
password = StringUtil.urlEncode(password); password = StringUtil.urlEncode(password);
return new ModelAndView(new RedirectView("j_acegi_security_check?j_username=" + username + return new ModelAndView(new RedirectView("/j_spring_security_check?"+
"&j_password=" + password + "&_acegi_security_remember_me=checked")); UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY+"=" + username +
"&"+UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY+"=" + password
));
} }
Map<String, Object> map = new HashMap<String, Object>(); Map<String, Object> map = new HashMap<String, Object>();

132
libresonic-main/src/main/java/org/libresonic/player/ldap/LibresonicLdapBindAuthenticator.java
Unescape View File

@ -1,132 +0,0 @@
/*
This file is part of Libresonic.
Libresonic is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
Libresonic is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Libresonic. If not, see <http://www.gnu.org/licenses/>.
Copyright 2016 (C) Libresonic Authors
Based upon Subsonic, Copyright 2009 (C) Sindre Mehus
*/
package org.libresonic.player.ldap;
import org.libresonic.player.Logger;
import org.libresonic.player.domain.User;
import org.libresonic.player.service.SecurityService;
import org.libresonic.player.service.SettingsService;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.ldap.DefaultInitialDirContextFactory;
import org.acegisecurity.ldap.search.FilterBasedLdapUserSearch;
import org.acegisecurity.providers.ldap.LdapAuthenticator;
import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator;
import org.acegisecurity.userdetails.ldap.LdapUserDetails;
import org.apache.commons.lang.StringUtils;
import java.util.HashMap;
import java.util.Map;
/**
* LDAP authenticator which uses a delegate {@link BindAuthenticator}, and which
* supports dynamically changing LDAP provider URL and search filter.
*
* @author Sindre Mehus
*/
public class LibresonicLdapBindAuthenticator implements LdapAuthenticator {
private static final Logger LOG = Logger.getLogger(LibresonicLdapBindAuthenticator.class);
private SecurityService securityService;
private SettingsService settingsService;
private long authenticatorTimestamp;
private BindAuthenticator delegateAuthenticator;
public LdapUserDetails authenticate(String username, String password) {
// LDAP authentication must be enabled on the system.
if (!settingsService.isLdapEnabled()) {
throw new BadCredentialsException("LDAP authentication disabled.");
}
// User must be defined in Libresonic, unless auto-shadowing is enabled.
User user = securityService.getUserByName(username);
if (user == null && !settingsService.isLdapAutoShadowing()) {
throw new BadCredentialsException("User does not exist.");
}
// LDAP authentication must be enabled for the given user.
if (user != null && !user.isLdapAuthenticated()) {
throw new BadCredentialsException("LDAP authentication disabled for user.");
}
try {
createDelegate();
LdapUserDetails details = delegateAuthenticator.authenticate(username, password);
if (details != null) {
LOG.info("User '" + username + "' successfully authenticated in LDAP. DN: " + details.getDn());
if (user == null) {
User newUser = new User(username, "", null, true, 0L, 0L, 0L);
newUser.setStreamRole(true);
newUser.setSettingsRole(true);
securityService.createUser(newUser);
LOG.info("Created local user '" + username + "' for DN " + details.getDn());
}
}
return details;
} catch (RuntimeException x) {
LOG.info("Failed to authenticate user '" + username + "' in LDAP.", x);
throw x;
}
}
/**
* Creates the delegate {@link BindAuthenticator}.
*/
private synchronized void createDelegate() {
// Only create it if necessary.
if (delegateAuthenticator == null || authenticatorTimestamp < settingsService.getSettingsChanged()) {
DefaultInitialDirContextFactory contextFactory = new DefaultInitialDirContextFactory(settingsService.getLdapUrl());
String managerDn = settingsService.getLdapManagerDn();
String managerPassword = settingsService.getLdapManagerPassword();
if (StringUtils.isNotEmpty(managerDn) && StringUtils.isNotEmpty(managerPassword)) {
contextFactory.setManagerDn(managerDn);
contextFactory.setManagerPassword(managerPassword);
}
Map<String, String> extraEnvVars = new HashMap<String, String>();
extraEnvVars.put("java.naming.referral", "follow");
contextFactory.setExtraEnvVars(extraEnvVars);
FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch("", settingsService.getLdapSearchFilter(), contextFactory);
userSearch.setSearchSubtree(true);
userSearch.setDerefLinkFlag(true);
delegateAuthenticator = new BindAuthenticator(contextFactory);
delegateAuthenticator.setUserSearch(userSearch);
authenticatorTimestamp = settingsService.getSettingsChanged();
}
}
public void setSecurityService(SecurityService securityService) {
this.securityService = securityService;
}
public void setSettingsService(SettingsService settingsService) {
this.settingsService = settingsService;
}
}

51
libresonic-main/src/main/java/org/libresonic/player/ldap/UserDetailsServiceBasedAuthoritiesPopulator.java
Unescape View File

@ -1,51 +0,0 @@
/*
This file is part of Libresonic.
Libresonic is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
Libresonic is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Libresonic. If not, see <http://www.gnu.org/licenses/>.
Copyright 2016 (C) Libresonic Authors
Based upon Subsonic, Copyright 2009 (C) Sindre Mehus
*/
package org.libresonic.player.ldap;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.ldap.LdapDataAccessException;
import org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.ldap.LdapUserDetails;
/**
* An {@link LdapAuthoritiesPopulator} that retrieves the roles from the
* database using the {@link UserDetailsService} instead of retrieving the roles
* from LDAP. An instance of this class can be configured for the
* {@link org.acegisecurity.providers.ldap.LdapAuthenticationProvider} when
* authentication should be done using LDAP and authorization using the
* information stored in the database.
*
* @author Thomas M. Hofmann
*/
public class UserDetailsServiceBasedAuthoritiesPopulator implements LdapAuthoritiesPopulator {
private UserDetailsService userDetailsService;
public GrantedAuthority[] getGrantedAuthorities(LdapUserDetails userDetails) throws LdapDataAccessException {
UserDetails details = userDetailsService.loadUserByUsername(userDetails.getUsername());
return details.getAuthorities();
}
public void setUserDetailsService(UserDetailsService userDetailsService) {
this.userDetailsService = userDetailsService;
}
}

6
libresonic-main/src/main/java/org/libresonic/player/security/LibresonicApplicationEventListener.java
Unescape View File

@ -19,11 +19,11 @@
package org.libresonic.player.security; package org.libresonic.player.security;
import org.acegisecurity.event.authentication.AbstractAuthenticationFailureEvent;
import org.acegisecurity.providers.AbstractAuthenticationToken;
import org.acegisecurity.ui.WebAuthenticationDetails;
import org.springframework.context.ApplicationEvent; import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationListener; import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
/** /**
* @author Sindre Mehus * @author Sindre Mehus

27
libresonic-main/src/main/java/org/libresonic/player/security/RESTRequestParameterProcessingFilter.java
Unescape View File

@ -19,25 +19,8 @@
*/ */
package org.libresonic.player.security; package org.libresonic.player.security;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.providers.ProviderManager;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.StringUtils;
import org.libresonic.player.Logger; import org.libresonic.player.Logger;
import org.libresonic.player.controller.JAXBWriter; import org.libresonic.player.controller.JAXBWriter;
import org.libresonic.player.controller.RESTController; import org.libresonic.player.controller.RESTController;
@ -47,6 +30,16 @@ import org.libresonic.player.domain.Version;
import org.libresonic.player.service.SecurityService; import org.libresonic.player.service.SecurityService;
import org.libresonic.player.service.SettingsService; import org.libresonic.player.service.SettingsService;
import org.libresonic.player.util.StringUtil; import org.libresonic.player.util.StringUtil;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/** /**
* Performs authentication based on credentials being present in the HTTP request parameters. Also checks * Performs authentication based on credentials being present in the HTTP request parameters. Also checks

40
libresonic-main/src/main/java/org/libresonic/player/service/SecurityService.java
Unescape View File

@ -19,20 +19,6 @@
*/ */
package org.libresonic.player.service; package org.libresonic.player.service;
import java.io.File;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.acegisecurity.wrapper.SecurityContextHolderAwareRequestWrapper;
import org.springframework.dao.DataAccessException;
import net.sf.ehcache.Ehcache; import net.sf.ehcache.Ehcache;
import org.libresonic.player.Logger; import org.libresonic.player.Logger;
import org.libresonic.player.dao.UserDao; import org.libresonic.player.dao.UserDao;
@ -40,6 +26,18 @@ import org.libresonic.player.domain.MediaFile;
import org.libresonic.player.domain.MusicFolder; import org.libresonic.player.domain.MusicFolder;
import org.libresonic.player.domain.User; import org.libresonic.player.domain.User;
import org.libresonic.player.util.FileUtil; import org.libresonic.player.util.FileUtil;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper;
import javax.servlet.http.HttpServletRequest;
import java.io.File;
import java.util.ArrayList;
import java.util.List;
/** /**
* Provides security-related services for authentication and authorization. * Provides security-related services for authentication and authorization.
@ -57,7 +55,7 @@ public class SecurityService implements UserDetailsService {
/** /**
* Locates the user based on the username. * Locates the user based on the username.
* *
* @param username The username presented to the {@link DaoAuthenticationProvider} * @param username The username
* @return A fully populated user record (never <code>null</code>) * @return A fully populated user record (never <code>null</code>)
* @throws UsernameNotFoundException if the user could not be found or the user has no GrantedAuthority. * @throws UsernameNotFoundException if the user could not be found or the user has no GrantedAuthority.
* @throws DataAccessException If user could not be found for a repository-specific reason. * @throws DataAccessException If user could not be found for a repository-specific reason.
@ -69,16 +67,14 @@ public class SecurityService implements UserDetailsService {
} }
String[] roles = userDao.getRolesForUser(username); String[] roles = userDao.getRolesForUser(username);
GrantedAuthority[] authorities = new GrantedAuthority[roles.length]; List<GrantedAuthority> authorities = new ArrayList<>();
authorities.add(new SimpleGrantedAuthority("IS_AUTHENTICATED_ANONYMOUSLY"));
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
for (int i = 0; i < roles.length; i++) { for (int i = 0; i < roles.length; i++) {
authorities[i] = new GrantedAuthorityImpl("ROLE_" + roles[i].toUpperCase()); authorities.add(new SimpleGrantedAuthority("ROLE_" + roles[i].toUpperCase()));
} }
// If user is LDAP authenticated, disable user. The proper authentication should in that case return new org.springframework.security.core.userdetails.User(username, user.getPassword(), authorities);
// be done by LibresonicLdapBindAuthenticator.
boolean enabled = !user.isLdapAuthenticated();
return new org.acegisecurity.userdetails.User(username, user.getPassword(), enabled, true, true, true, authorities);
} }
/** /**

303
libresonic-main/src/main/webapp/WEB-INF/applicationContext-security.xml
Unescape View File

@ -1,246 +1,65 @@
<?xml version="1.0" encoding="ISO-8859-1"?> <?xml version="1.0" encoding="ISO-8859-1"?>
<beans xmlns="http://www.springframework.org/schema/beans" <beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd"> xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
<bean id="loginFailureLogger" class="org.libresonic.player.security.LoginFailureLogger"/> http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<bean class="org.libresonic.player.security.LibresonicApplicationEventListener">
<property name="loginFailureLogger" ref="loginFailureLogger"/> <security:http auto-config='true'>
</bean> <!-- IS_AUTHENTICATED_ANONYMOUSLY -->
<security:intercept-url pattern="/login.*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy"> <security:intercept-url pattern="/recover.view" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<property name="filterInvocationDefinitionSource"> <security:intercept-url pattern="/accessDenied.view" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<value> <security:intercept-url pattern="/coverArt.view" access="IS_AUTHENTICATED_ANONYMOUSLY" />
PATTERN_TYPE_APACHE_ANT <security:intercept-url pattern="/hls/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
/wap**=httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,basicExceptionTranslationFilter,filterInvocationInterceptor <security:intercept-url pattern="/stream/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
/podcastChannel**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor <security:intercept-url pattern="/ws/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
/podcast**=httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,basicExceptionTranslationFilter,filterInvocationInterceptor <security:intercept-url pattern="/share/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
/rest/**=httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,restRequestParameterProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,basicExceptionTranslationFilter,filterInvocationInterceptor <security:intercept-url pattern="/style/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor <security:intercept-url pattern="/icons/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
</value> <security:intercept-url pattern="/flash/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
</property> <security:intercept-url pattern="/script/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
</bean> <security:intercept-url pattern="/sonos/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/crossdomain.xml" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
<!-- ROLE_SETTINGS -->
<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter"> <security:intercept-url pattern="/personalSettings.view" access="ROLE_SETTINGS" />
<constructor-arg value="/login.view?logout"/> <security:intercept-url pattern="/passwordSettings.view" access="ROLE_SETTINGS" />
<!-- URL redirected to after logout --> <security:intercept-url pattern="/playerSettings.view" access="ROLE_SETTINGS" />
<constructor-arg> <security:intercept-url pattern="/shareSettings.view" access="ROLE_SETTINGS" />
<list>
<ref bean="rememberMeServices"/> <!-- ROLE_ADMIN -->
<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/> <security:intercept-url pattern="/generalSettings.view" access="ROLE_ADMIN" />
</list> <security:intercept-url pattern="/advancedSettings.view" access="ROLE_ADMIN" />
</constructor-arg> <security:intercept-url pattern="/userSettings.view" access="ROLE_ADMIN" />
</bean> <security:intercept-url pattern="/musicFolderSettings.view" access="ROLE_ADMIN" />
<security:intercept-url pattern="/networkSettings.view" access="ROLE_ADMIN" />
<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> <security:intercept-url pattern="/dlnaSettings.view" access="ROLE_ADMIN" />
<property name="authenticationManager" ref="authenticationManager"/> <security:intercept-url pattern="/sonosSettings.view" access="ROLE_ADMIN" />
<property name="authenticationFailureUrl" value="/login.view?error"/> <security:intercept-url pattern="/transcodingSettings.view" access="ROLE_ADMIN" />
<property name="defaultTargetUrl" value="/"/> <security:intercept-url pattern="/internetRadioSettings.view" access="ROLE_ADMIN" />
<property name="alwaysUseDefaultTargetUrl" value="true"/> <security:intercept-url pattern="/podcastSettings.view" access="ROLE_ADMIN" />
<property name="filterProcessesUrl" value="/j_acegi_security_check"/> <security:intercept-url pattern="/db.view" access="ROLE_ADMIN" />
<property name="rememberMeServices" ref="rememberMeServices"/>
</bean> <!-- MISC -->
<security:intercept-url pattern="/deletePlaylist.view" access="ROLE_PLAYLIST" />
<bean id="basicProcessingFilter" class="org.acegisecurity.ui.basicauth.BasicProcessingFilter"> <security:intercept-url pattern="/savePlaylist.view" access="ROLE_PLAYLIST" />
<property name="authenticationManager" ref="authenticationManager"/> <security:intercept-url pattern="/download.view" access="ROLE_DOWNLOAD" />
<property name="authenticationEntryPoint" ref="basicProcessingFilterEntryPoint"/> <security:intercept-url pattern="/upload.view" access="ROLE_UPLOAD" />
</bean> <security:intercept-url pattern="/createShare.view" access="ROLE_SHARE" />
<security:intercept-url pattern="/changeCoverArt.view" access="ROLE_COVERART" />
<bean id="restRequestParameterProcessingFilter" class="org.libresonic.player.security.RESTRequestParameterProcessingFilter"> <security:intercept-url pattern="/editTags.view" access="ROLE_COVERART" />
<property name="authenticationManager" ref="authenticationManager"/> <security:intercept-url pattern="/setMusicFileInfo.view" access="ROLE_COMMENT" />
<property name="settingsService" ref="settingsService"/> <security:intercept-url pattern="/podcastReceiverAdmin.view" access="ROLE_PODCAST" />
<property name="securityService" ref="securityService"/>
<property name="loginFailureLogger" ref="loginFailureLogger"/> <!-- ROLE_USER -->
</bean> <security:intercept-url pattern="/**" access="ROLE_USER" />
<security:form-login login-page="/login.view" default-target-url="/home.view" />
<bean id="basicProcessingFilterEntryPoint" class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint"> </security:http>
<property name="realmName" value="Libresonic"/>
</bean> <security:authentication-manager>
<security:authentication-provider user-service-ref="securityService" />
<bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/> </security:authentication-manager>
<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="rememberMeServices" ref="rememberMeServices"/>
</bean>
<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
<property name="key" value="libresonic"/>
<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
</bean>
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/login.view?"/>
<property name="forceHttps" value="false"/>
</bean>
</property>
<property name="accessDeniedHandler">
<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.view"/>
</bean>
</property>
</bean>
<bean id="basicExceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
<property name="realmName" value="Libresonic"/>
</bean>
</property>
</bean>
<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="alwaysReauthenticate" value="true"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
/login.view=IS_AUTHENTICATED_ANONYMOUSLY
/recover.view=IS_AUTHENTICATED_ANONYMOUSLY
/accessDenied.view=IS_AUTHENTICATED_ANONYMOUSLY
/coverArt.view=IS_AUTHENTICATED_ANONYMOUSLY
/hls/**=IS_AUTHENTICATED_ANONYMOUSLY
/stream/**=IS_AUTHENTICATED_ANONYMOUSLY
/ws/**=IS_AUTHENTICATED_ANONYMOUSLY
/share/**=IS_AUTHENTICATED_ANONYMOUSLY
/style/**=IS_AUTHENTICATED_ANONYMOUSLY
/icons/**=IS_AUTHENTICATED_ANONYMOUSLY
/flash/**=IS_AUTHENTICATED_ANONYMOUSLY
/script/**=IS_AUTHENTICATED_ANONYMOUSLY
/sonos/**=IS_AUTHENTICATED_ANONYMOUSLY
/crossdomain.xml=IS_AUTHENTICATED_ANONYMOUSLY
/personalSettings.view=ROLE_SETTINGS
/passwordSettings.view=ROLE_SETTINGS
/playerSettings.view=ROLE_SETTINGS
/shareSettings.view=ROLE_SETTINGS
/generalSettings.view=ROLE_ADMIN
/advancedSettings.view=ROLE_ADMIN
/userSettings.view=ROLE_ADMIN
/musicFolderSettings.view=ROLE_ADMIN
/networkSettings.view=ROLE_ADMIN
/dlnaSettings.view=ROLE_ADMIN
/sonosSettings.view=ROLE_ADMIN
/transcodingSettings.view=ROLE_ADMIN
/internetRadioSettings.view=ROLE_ADMIN
/podcastSettings.view=ROLE_ADMIN
/db.view=ROLE_ADMIN
/deletePlaylist.view=ROLE_PLAYLIST
/savePlaylist.view=ROLE_PLAYLIST
/download.view=ROLE_DOWNLOAD
/upload.view=ROLE_UPLOAD
/createShare.view=ROLE_SHARE
/changeCoverArt.view=ROLE_COVERART
/editTags.view=ROLE_COVERART
/setMusicFileInfo.view=ROLE_COMMENT
/podcastReceiverAdmin.view=ROLE_PODCAST
/**=IS_AUTHENTICATED_REMEMBERED
</value>
</property>
</bean>
<bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false"/>
<property name="decisionVoters">
<list>
<bean class="org.acegisecurity.vote.RoleVoter"/>
<bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
</list>
</property>
</bean>
<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
<property name="userDetailsService" ref="securityService"/>
<property name="tokenValiditySeconds" value="31536000"/>
<!-- One year -->
<property name="key" value="libresonic"/>
</bean>
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
<ref local="ldapAuthenticationProvider"/>
<bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key" value="libresonic"/>
</bean>
<bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
<property name="key" value="libresonic"/>
</bean>
</list>
</property>
</bean>
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="securityService"/>
<property name="userCache" ref="userCacheWrapper"/>
</bean>
<bean id="userCacheWrapper" class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
<property name="cache" ref="userCache"/>
</bean>
<bean id="ldapAuthenticationProvider" class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
<constructor-arg ref="bindAuthenticator"/>
<constructor-arg ref="userDetailsServiceBasedAuthoritiesPopulator"/>
<property name="userCache" ref="userCacheWrapper"/>
</bean>
<bean id="bindAuthenticator" class="org.libresonic.player.ldap.LibresonicLdapBindAuthenticator">
<property name="securityService" ref="securityService"/>
<property name="settingsService" ref="settingsService"/>
</bean>
<bean id="userDetailsServiceBasedAuthoritiesPopulator"
class="org.libresonic.player.ldap.UserDetailsServiceBasedAuthoritiesPopulator">
<property name="userDetailsService" ref="securityService"/>
</bean>
<!-- Authorization of AJAX services. -->
<bean id="ajaxServiceInterceptor" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value>
org.libresonic.player.ajax.TagService.setTags=ROLE_COVERART
org.libresonic.player.ajax.TransferService.getUploadInfo=ROLE_UPLOAD
</value>
</property>
</bean>
<bean id="ajaxTagServiceSecure" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="target" ref="ajaxTagService"/>
<property name="interceptorNames">
<list>
<idref local="ajaxServiceInterceptor"/>
</list>
</property>
</bean>
<bean id="ajaxTransferServiceSecure" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="target" ref="ajaxTransferService"/>
<property name="interceptorNames">
<list>
<idref local="ajaxServiceInterceptor"/>
</list>
</property>
</bean>
</beans> </beans>

6
libresonic-main/src/main/webapp/WEB-INF/jsp/login.jsp
Unescape View File

@ -12,7 +12,7 @@
</head> </head>
<body class="mainframe bgcolor1" onload="document.getElementById('j_username').focus()"> <body class="mainframe bgcolor1" onload="document.getElementById('j_username').focus()">
<form action="<c:url value="/j_acegi_security_check"/>" method="POST"> <form action="<c:url value="/j_spring_security_check"/>" method="POST">
<div class="bgcolor2 shadow" align="center" style="padding:20px 50px 20px 50px; margin-top:100px;margin-left:50px;margin-right:50px"> <div class="bgcolor2 shadow" align="center" style="padding:20px 50px 20px 50px; margin-top:100px;margin-left:50px;margin-right:50px">
<div style="margin-bottom:1em;max-width:50em;text-align:left;"><sub:wiki text="${model.loginMessage}"/></div> <div style="margin-bottom:1em;max-width:50em;text-align:left;"><sub:wiki text="${model.loginMessage}"/></div>
@ -35,10 +35,6 @@
<tr> <tr>
<td align="left"><input name="submit" type="submit" value="<fmt:message key="login.login"/>" tabindex="4"></td> <td align="left"><input name="submit" type="submit" value="<fmt:message key="login.login"/>" tabindex="4"></td>
<td align="left" class="detail">
<input type="checkbox" name="_acegi_security_remember_me" id="remember" class="checkbox" tabindex="3">
<label for="remember"><fmt:message key="login.remember"/></label>
</td>
</tr> </tr>
<tr> <tr>
<td></td> <td></td>

2
libresonic-main/src/main/webapp/WEB-INF/jsp/top.jsp
Unescape View File

@ -138,7 +138,7 @@
<div class="detail"> <div class="detail">
<fmt:message key="top.logout" var="logout"><fmt:param value="${model.user.username}"/></fmt:message> <fmt:message key="top.logout" var="logout"><fmt:param value="${model.user.username}"/></fmt:message>
<a href="j_acegi_logout" target="_top">${fn:escapeXml(logout)}</a> <a href="j_spring_security_logout" target="_top">${fn:escapeXml(logout)}</a>
</div> </div>
</td> </td>

10
libresonic-main/src/main/webapp/WEB-INF/web.xml
Unescape View File

@ -208,16 +208,12 @@
</filter-mapping> </filter-mapping>
<filter> <filter>
<filter-name>AcegiFilter</filter-name> <filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>org.acegisecurity.util.FilterChainProxy</param-value>
</init-param>
</filter> </filter>
<filter-mapping> <filter-mapping>
<filter-name>AcegiFilter</filter-name> <filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern> <url-pattern>/*</url-pattern>
</filter-mapping> </filter-mapping>

17
pom.xml
Unescape View File

@ -18,6 +18,7 @@
<project.build.sourceEncoding>iso-8859-1</project.build.sourceEncoding> <project.build.sourceEncoding>iso-8859-1</project.build.sourceEncoding>
<cxf.version>2.4.2</cxf.version> <cxf.version>2.4.2</cxf.version>
<spring.version>3.2.17.RELEASE</spring.version> <spring.version>3.2.17.RELEASE</spring.version>
<spring.security.version>3.2.9.RELEASE</spring.security.version>
</properties> </properties>
<repositories> <repositories>
@ -109,6 +110,22 @@
<artifactId>spring-web</artifactId> <artifactId>spring-web</artifactId>
<version>${spring.version}</version> <version>${spring.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
<type>jar</type>
</dependency>
<dependency> <dependency>
<groupId>org.springframework</groupId> <groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId> <artifactId>spring-jdbc</artifactId>

Write Preview
Loading…
Cancel
Save