Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>master
parent
6896538a6f
commit
a3c64d2024
@ -1,132 +0,0 @@ |
|||||||
/* |
|
||||||
This file is part of Libresonic. |
|
||||||
|
|
||||||
Libresonic is free software: you can redistribute it and/or modify |
|
||||||
it under the terms of the GNU General Public License as published by |
|
||||||
the Free Software Foundation, either version 3 of the License, or |
|
||||||
(at your option) any later version. |
|
||||||
|
|
||||||
Libresonic is distributed in the hope that it will be useful, |
|
||||||
but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
||||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
||||||
GNU General Public License for more details. |
|
||||||
|
|
||||||
You should have received a copy of the GNU General Public License |
|
||||||
along with Libresonic. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
Copyright 2016 (C) Libresonic Authors |
|
||||||
Based upon Subsonic, Copyright 2009 (C) Sindre Mehus |
|
||||||
*/ |
|
||||||
package org.libresonic.player.ldap; |
|
||||||
|
|
||||||
import org.libresonic.player.Logger; |
|
||||||
import org.libresonic.player.domain.User; |
|
||||||
import org.libresonic.player.service.SecurityService; |
|
||||||
import org.libresonic.player.service.SettingsService; |
|
||||||
import org.acegisecurity.BadCredentialsException; |
|
||||||
import org.acegisecurity.ldap.DefaultInitialDirContextFactory; |
|
||||||
import org.acegisecurity.ldap.search.FilterBasedLdapUserSearch; |
|
||||||
import org.acegisecurity.providers.ldap.LdapAuthenticator; |
|
||||||
import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator; |
|
||||||
import org.acegisecurity.userdetails.ldap.LdapUserDetails; |
|
||||||
import org.apache.commons.lang.StringUtils; |
|
||||||
|
|
||||||
import java.util.HashMap; |
|
||||||
import java.util.Map; |
|
||||||
|
|
||||||
/** |
|
||||||
* LDAP authenticator which uses a delegate {@link BindAuthenticator}, and which |
|
||||||
* supports dynamically changing LDAP provider URL and search filter. |
|
||||||
* |
|
||||||
* @author Sindre Mehus |
|
||||||
*/ |
|
||||||
public class LibresonicLdapBindAuthenticator implements LdapAuthenticator { |
|
||||||
|
|
||||||
private static final Logger LOG = Logger.getLogger(LibresonicLdapBindAuthenticator.class); |
|
||||||
|
|
||||||
private SecurityService securityService; |
|
||||||
private SettingsService settingsService; |
|
||||||
|
|
||||||
private long authenticatorTimestamp; |
|
||||||
private BindAuthenticator delegateAuthenticator; |
|
||||||
|
|
||||||
public LdapUserDetails authenticate(String username, String password) { |
|
||||||
|
|
||||||
// LDAP authentication must be enabled on the system.
|
|
||||||
if (!settingsService.isLdapEnabled()) { |
|
||||||
throw new BadCredentialsException("LDAP authentication disabled."); |
|
||||||
} |
|
||||||
|
|
||||||
// User must be defined in Libresonic, unless auto-shadowing is enabled.
|
|
||||||
User user = securityService.getUserByName(username); |
|
||||||
if (user == null && !settingsService.isLdapAutoShadowing()) { |
|
||||||
throw new BadCredentialsException("User does not exist."); |
|
||||||
} |
|
||||||
|
|
||||||
// LDAP authentication must be enabled for the given user.
|
|
||||||
if (user != null && !user.isLdapAuthenticated()) { |
|
||||||
throw new BadCredentialsException("LDAP authentication disabled for user."); |
|
||||||
} |
|
||||||
|
|
||||||
try { |
|
||||||
createDelegate(); |
|
||||||
LdapUserDetails details = delegateAuthenticator.authenticate(username, password); |
|
||||||
if (details != null) { |
|
||||||
LOG.info("User '" + username + "' successfully authenticated in LDAP. DN: " + details.getDn()); |
|
||||||
|
|
||||||
if (user == null) { |
|
||||||
User newUser = new User(username, "", null, true, 0L, 0L, 0L); |
|
||||||
newUser.setStreamRole(true); |
|
||||||
newUser.setSettingsRole(true); |
|
||||||
securityService.createUser(newUser); |
|
||||||
LOG.info("Created local user '" + username + "' for DN " + details.getDn()); |
|
||||||
} |
|
||||||
} |
|
||||||
|
|
||||||
return details; |
|
||||||
} catch (RuntimeException x) { |
|
||||||
LOG.info("Failed to authenticate user '" + username + "' in LDAP.", x); |
|
||||||
throw x; |
|
||||||
} |
|
||||||
} |
|
||||||
|
|
||||||
/** |
|
||||||
* Creates the delegate {@link BindAuthenticator}. |
|
||||||
*/ |
|
||||||
private synchronized void createDelegate() { |
|
||||||
|
|
||||||
// Only create it if necessary.
|
|
||||||
if (delegateAuthenticator == null || authenticatorTimestamp < settingsService.getSettingsChanged()) { |
|
||||||
|
|
||||||
DefaultInitialDirContextFactory contextFactory = new DefaultInitialDirContextFactory(settingsService.getLdapUrl()); |
|
||||||
|
|
||||||
String managerDn = settingsService.getLdapManagerDn(); |
|
||||||
String managerPassword = settingsService.getLdapManagerPassword(); |
|
||||||
if (StringUtils.isNotEmpty(managerDn) && StringUtils.isNotEmpty(managerPassword)) { |
|
||||||
contextFactory.setManagerDn(managerDn); |
|
||||||
contextFactory.setManagerPassword(managerPassword); |
|
||||||
} |
|
||||||
|
|
||||||
Map<String, String> extraEnvVars = new HashMap<String, String>(); |
|
||||||
extraEnvVars.put("java.naming.referral", "follow"); |
|
||||||
contextFactory.setExtraEnvVars(extraEnvVars); |
|
||||||
|
|
||||||
FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch("", settingsService.getLdapSearchFilter(), contextFactory); |
|
||||||
userSearch.setSearchSubtree(true); |
|
||||||
userSearch.setDerefLinkFlag(true); |
|
||||||
|
|
||||||
delegateAuthenticator = new BindAuthenticator(contextFactory); |
|
||||||
delegateAuthenticator.setUserSearch(userSearch); |
|
||||||
|
|
||||||
authenticatorTimestamp = settingsService.getSettingsChanged(); |
|
||||||
} |
|
||||||
} |
|
||||||
|
|
||||||
public void setSecurityService(SecurityService securityService) { |
|
||||||
this.securityService = securityService; |
|
||||||
} |
|
||||||
|
|
||||||
public void setSettingsService(SettingsService settingsService) { |
|
||||||
this.settingsService = settingsService; |
|
||||||
} |
|
||||||
} |
|
@ -1,51 +0,0 @@ |
|||||||
/* |
|
||||||
This file is part of Libresonic. |
|
||||||
|
|
||||||
Libresonic is free software: you can redistribute it and/or modify |
|
||||||
it under the terms of the GNU General Public License as published by |
|
||||||
the Free Software Foundation, either version 3 of the License, or |
|
||||||
(at your option) any later version. |
|
||||||
|
|
||||||
Libresonic is distributed in the hope that it will be useful, |
|
||||||
but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
||||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
||||||
GNU General Public License for more details. |
|
||||||
|
|
||||||
You should have received a copy of the GNU General Public License |
|
||||||
along with Libresonic. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
Copyright 2016 (C) Libresonic Authors |
|
||||||
Based upon Subsonic, Copyright 2009 (C) Sindre Mehus |
|
||||||
*/ |
|
||||||
package org.libresonic.player.ldap; |
|
||||||
|
|
||||||
import org.acegisecurity.GrantedAuthority; |
|
||||||
import org.acegisecurity.ldap.LdapDataAccessException; |
|
||||||
import org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator; |
|
||||||
import org.acegisecurity.userdetails.UserDetailsService; |
|
||||||
import org.acegisecurity.userdetails.UserDetails; |
|
||||||
import org.acegisecurity.userdetails.ldap.LdapUserDetails; |
|
||||||
|
|
||||||
/** |
|
||||||
* An {@link LdapAuthoritiesPopulator} that retrieves the roles from the |
|
||||||
* database using the {@link UserDetailsService} instead of retrieving the roles |
|
||||||
* from LDAP. An instance of this class can be configured for the |
|
||||||
* {@link org.acegisecurity.providers.ldap.LdapAuthenticationProvider} when |
|
||||||
* authentication should be done using LDAP and authorization using the |
|
||||||
* information stored in the database. |
|
||||||
* |
|
||||||
* @author Thomas M. Hofmann |
|
||||||
*/ |
|
||||||
public class UserDetailsServiceBasedAuthoritiesPopulator implements LdapAuthoritiesPopulator { |
|
||||||
|
|
||||||
private UserDetailsService userDetailsService; |
|
||||||
|
|
||||||
public GrantedAuthority[] getGrantedAuthorities(LdapUserDetails userDetails) throws LdapDataAccessException { |
|
||||||
UserDetails details = userDetailsService.loadUserByUsername(userDetails.getUsername()); |
|
||||||
return details.getAuthorities(); |
|
||||||
} |
|
||||||
|
|
||||||
public void setUserDetailsService(UserDetailsService userDetailsService) { |
|
||||||
this.userDetailsService = userDetailsService; |
|
||||||
} |
|
||||||
} |
|
@ -1,246 +1,65 @@ |
|||||||
<?xml version="1.0" encoding="ISO-8859-1"?> |
<?xml version="1.0" encoding="ISO-8859-1"?> |
||||||
|
|
||||||
<beans xmlns="http://www.springframework.org/schema/beans" |
<beans xmlns="http://www.springframework.org/schema/beans" |
||||||
|
xmlns:security="http://www.springframework.org/schema/security" |
||||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
||||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd"> |
xsi:schemaLocation="http://www.springframework.org/schema/beans |
||||||
|
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd |
||||||
<bean id="loginFailureLogger" class="org.libresonic.player.security.LoginFailureLogger"/> |
http://www.springframework.org/schema/security |
||||||
|
http://www.springframework.org/schema/security/spring-security-3.2.xsd"> |
||||||
<bean class="org.libresonic.player.security.LibresonicApplicationEventListener"> |
|
||||||
<property name="loginFailureLogger" ref="loginFailureLogger"/> |
<security:http auto-config='true'> |
||||||
</bean> |
<!-- IS_AUTHENTICATED_ANONYMOUSLY --> |
||||||
|
<security:intercept-url pattern="/login.*" access="IS_AUTHENTICATED_ANONYMOUSLY"/> |
||||||
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy"> |
<security:intercept-url pattern="/recover.view" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||||
<property name="filterInvocationDefinitionSource"> |
<security:intercept-url pattern="/accessDenied.view" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||||
<value> |
<security:intercept-url pattern="/coverArt.view" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||||
PATTERN_TYPE_APACHE_ANT |
<security:intercept-url pattern="/hls/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||||
/wap**=httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,basicExceptionTranslationFilter,filterInvocationInterceptor |
<security:intercept-url pattern="/stream/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||||
/podcastChannel**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor |
<security:intercept-url pattern="/ws/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||||
/podcast**=httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,basicExceptionTranslationFilter,filterInvocationInterceptor |
<security:intercept-url pattern="/share/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||||
/rest/**=httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,restRequestParameterProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,basicExceptionTranslationFilter,filterInvocationInterceptor |
<security:intercept-url pattern="/style/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||||
/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor |
<security:intercept-url pattern="/icons/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||||
</value> |
<security:intercept-url pattern="/flash/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||||
</property> |
<security:intercept-url pattern="/script/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||||
</bean> |
<security:intercept-url pattern="/sonos/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||||
|
<security:intercept-url pattern="/crossdomain.xml" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||||
<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/> |
|
||||||
|
<!-- ROLE_SETTINGS --> |
||||||
<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter"> |
<security:intercept-url pattern="/personalSettings.view" access="ROLE_SETTINGS" /> |
||||||
<constructor-arg value="/login.view?logout"/> |
<security:intercept-url pattern="/passwordSettings.view" access="ROLE_SETTINGS" /> |
||||||
<!-- URL redirected to after logout --> |
<security:intercept-url pattern="/playerSettings.view" access="ROLE_SETTINGS" /> |
||||||
<constructor-arg> |
<security:intercept-url pattern="/shareSettings.view" access="ROLE_SETTINGS" /> |
||||||
<list> |
|
||||||
<ref bean="rememberMeServices"/> |
<!-- ROLE_ADMIN --> |
||||||
<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/> |
<security:intercept-url pattern="/generalSettings.view" access="ROLE_ADMIN" /> |
||||||
</list> |
<security:intercept-url pattern="/advancedSettings.view" access="ROLE_ADMIN" /> |
||||||
</constructor-arg> |
<security:intercept-url pattern="/userSettings.view" access="ROLE_ADMIN" /> |
||||||
</bean> |
<security:intercept-url pattern="/musicFolderSettings.view" access="ROLE_ADMIN" /> |
||||||
|
<security:intercept-url pattern="/networkSettings.view" access="ROLE_ADMIN" /> |
||||||
<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> |
<security:intercept-url pattern="/dlnaSettings.view" access="ROLE_ADMIN" /> |
||||||
<property name="authenticationManager" ref="authenticationManager"/> |
<security:intercept-url pattern="/sonosSettings.view" access="ROLE_ADMIN" /> |
||||||
<property name="authenticationFailureUrl" value="/login.view?error"/> |
<security:intercept-url pattern="/transcodingSettings.view" access="ROLE_ADMIN" /> |
||||||
<property name="defaultTargetUrl" value="/"/> |
<security:intercept-url pattern="/internetRadioSettings.view" access="ROLE_ADMIN" /> |
||||||
<property name="alwaysUseDefaultTargetUrl" value="true"/> |
<security:intercept-url pattern="/podcastSettings.view" access="ROLE_ADMIN" /> |
||||||
<property name="filterProcessesUrl" value="/j_acegi_security_check"/> |
<security:intercept-url pattern="/db.view" access="ROLE_ADMIN" /> |
||||||
<property name="rememberMeServices" ref="rememberMeServices"/> |
|
||||||
</bean> |
<!-- MISC --> |
||||||
|
<security:intercept-url pattern="/deletePlaylist.view" access="ROLE_PLAYLIST" /> |
||||||
<bean id="basicProcessingFilter" class="org.acegisecurity.ui.basicauth.BasicProcessingFilter"> |
<security:intercept-url pattern="/savePlaylist.view" access="ROLE_PLAYLIST" /> |
||||||
<property name="authenticationManager" ref="authenticationManager"/> |
<security:intercept-url pattern="/download.view" access="ROLE_DOWNLOAD" /> |
||||||
<property name="authenticationEntryPoint" ref="basicProcessingFilterEntryPoint"/> |
<security:intercept-url pattern="/upload.view" access="ROLE_UPLOAD" /> |
||||||
</bean> |
<security:intercept-url pattern="/createShare.view" access="ROLE_SHARE" /> |
||||||
|
<security:intercept-url pattern="/changeCoverArt.view" access="ROLE_COVERART" /> |
||||||
<bean id="restRequestParameterProcessingFilter" class="org.libresonic.player.security.RESTRequestParameterProcessingFilter"> |
<security:intercept-url pattern="/editTags.view" access="ROLE_COVERART" /> |
||||||
<property name="authenticationManager" ref="authenticationManager"/> |
<security:intercept-url pattern="/setMusicFileInfo.view" access="ROLE_COMMENT" /> |
||||||
<property name="settingsService" ref="settingsService"/> |
<security:intercept-url pattern="/podcastReceiverAdmin.view" access="ROLE_PODCAST" /> |
||||||
<property name="securityService" ref="securityService"/> |
|
||||||
<property name="loginFailureLogger" ref="loginFailureLogger"/> |
<!-- ROLE_USER --> |
||||||
</bean> |
<security:intercept-url pattern="/**" access="ROLE_USER" /> |
||||||
|
<security:form-login login-page="/login.view" default-target-url="/home.view" /> |
||||||
<bean id="basicProcessingFilterEntryPoint" class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint"> |
</security:http> |
||||||
<property name="realmName" value="Libresonic"/> |
|
||||||
</bean> |
<security:authentication-manager> |
||||||
|
<security:authentication-provider user-service-ref="securityService" /> |
||||||
<bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/> |
</security:authentication-manager> |
||||||
|
</beans> |
||||||
<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter"> |
|
||||||
<property name="authenticationManager" ref="authenticationManager"/> |
|
||||||
<property name="rememberMeServices" ref="rememberMeServices"/> |
|
||||||
</bean> |
|
||||||
|
|
||||||
<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter"> |
|
||||||
<property name="key" value="libresonic"/> |
|
||||||
<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/> |
|
||||||
</bean> |
|
||||||
|
|
||||||
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> |
|
||||||
<property name="authenticationEntryPoint"> |
|
||||||
<bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> |
|
||||||
<property name="loginFormUrl" value="/login.view?"/> |
|
||||||
<property name="forceHttps" value="false"/> |
|
||||||
</bean> |
|
||||||
</property> |
|
||||||
<property name="accessDeniedHandler"> |
|
||||||
<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl"> |
|
||||||
<property name="errorPage" value="/accessDenied.view"/> |
|
||||||
</bean> |
|
||||||
</property> |
|
||||||
</bean> |
|
||||||
|
|
||||||
<bean id="basicExceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> |
|
||||||
<property name="authenticationEntryPoint"> |
|
||||||
<bean class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint"> |
|
||||||
<property name="realmName" value="Libresonic"/> |
|
||||||
</bean> |
|
||||||
</property> |
|
||||||
</bean> |
|
||||||
|
|
||||||
<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> |
|
||||||
<property name="authenticationManager" ref="authenticationManager"/> |
|
||||||
<property name="alwaysReauthenticate" value="true"/> |
|
||||||
<property name="accessDecisionManager" ref="accessDecisionManager"/> |
|
||||||
<property name="objectDefinitionSource"> |
|
||||||
<value> |
|
||||||
PATTERN_TYPE_APACHE_ANT |
|
||||||
|
|
||||||
/login.view=IS_AUTHENTICATED_ANONYMOUSLY |
|
||||||
/recover.view=IS_AUTHENTICATED_ANONYMOUSLY |
|
||||||
/accessDenied.view=IS_AUTHENTICATED_ANONYMOUSLY |
|
||||||
/coverArt.view=IS_AUTHENTICATED_ANONYMOUSLY |
|
||||||
/hls/**=IS_AUTHENTICATED_ANONYMOUSLY |
|
||||||
/stream/**=IS_AUTHENTICATED_ANONYMOUSLY |
|
||||||
/ws/**=IS_AUTHENTICATED_ANONYMOUSLY |
|
||||||
/share/**=IS_AUTHENTICATED_ANONYMOUSLY |
|
||||||
/style/**=IS_AUTHENTICATED_ANONYMOUSLY |
|
||||||
/icons/**=IS_AUTHENTICATED_ANONYMOUSLY |
|
||||||
/flash/**=IS_AUTHENTICATED_ANONYMOUSLY |
|
||||||
/script/**=IS_AUTHENTICATED_ANONYMOUSLY |
|
||||||
/sonos/**=IS_AUTHENTICATED_ANONYMOUSLY |
|
||||||
/crossdomain.xml=IS_AUTHENTICATED_ANONYMOUSLY |
|
||||||
|
|
||||||
/personalSettings.view=ROLE_SETTINGS |
|
||||||
/passwordSettings.view=ROLE_SETTINGS |
|
||||||
/playerSettings.view=ROLE_SETTINGS |
|
||||||
/shareSettings.view=ROLE_SETTINGS |
|
||||||
|
|
||||||
/generalSettings.view=ROLE_ADMIN |
|
||||||
/advancedSettings.view=ROLE_ADMIN |
|
||||||
/userSettings.view=ROLE_ADMIN |
|
||||||
/musicFolderSettings.view=ROLE_ADMIN |
|
||||||
/networkSettings.view=ROLE_ADMIN |
|
||||||
/dlnaSettings.view=ROLE_ADMIN |
|
||||||
/sonosSettings.view=ROLE_ADMIN |
|
||||||
/transcodingSettings.view=ROLE_ADMIN |
|
||||||
/internetRadioSettings.view=ROLE_ADMIN |
|
||||||
/podcastSettings.view=ROLE_ADMIN |
|
||||||
/db.view=ROLE_ADMIN |
|
||||||
|
|
||||||
/deletePlaylist.view=ROLE_PLAYLIST |
|
||||||
/savePlaylist.view=ROLE_PLAYLIST |
|
||||||
|
|
||||||
/download.view=ROLE_DOWNLOAD |
|
||||||
|
|
||||||
/upload.view=ROLE_UPLOAD |
|
||||||
|
|
||||||
/createShare.view=ROLE_SHARE |
|
||||||
|
|
||||||
/changeCoverArt.view=ROLE_COVERART |
|
||||||
/editTags.view=ROLE_COVERART |
|
||||||
|
|
||||||
/setMusicFileInfo.view=ROLE_COMMENT |
|
||||||
|
|
||||||
/podcastReceiverAdmin.view=ROLE_PODCAST |
|
||||||
|
|
||||||
/**=IS_AUTHENTICATED_REMEMBERED |
|
||||||
</value> |
|
||||||
</property> |
|
||||||
</bean> |
|
||||||
|
|
||||||
<bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased"> |
|
||||||
<property name="allowIfAllAbstainDecisions" value="false"/> |
|
||||||
<property name="decisionVoters"> |
|
||||||
<list> |
|
||||||
<bean class="org.acegisecurity.vote.RoleVoter"/> |
|
||||||
<bean class="org.acegisecurity.vote.AuthenticatedVoter"/> |
|
||||||
</list> |
|
||||||
</property> |
|
||||||
</bean> |
|
||||||
|
|
||||||
<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices"> |
|
||||||
<property name="userDetailsService" ref="securityService"/> |
|
||||||
<property name="tokenValiditySeconds" value="31536000"/> |
|
||||||
<!-- One year --> |
|
||||||
<property name="key" value="libresonic"/> |
|
||||||
</bean> |
|
||||||
|
|
||||||
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"> |
|
||||||
<property name="providers"> |
|
||||||
<list> |
|
||||||
<ref local="daoAuthenticationProvider"/> |
|
||||||
<ref local="ldapAuthenticationProvider"/> |
|
||||||
<bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider"> |
|
||||||
<property name="key" value="libresonic"/> |
|
||||||
</bean> |
|
||||||
<bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider"> |
|
||||||
<property name="key" value="libresonic"/> |
|
||||||
</bean> |
|
||||||
</list> |
|
||||||
</property> |
|
||||||
</bean> |
|
||||||
|
|
||||||
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider"> |
|
||||||
<property name="userDetailsService" ref="securityService"/> |
|
||||||
<property name="userCache" ref="userCacheWrapper"/> |
|
||||||
</bean> |
|
||||||
|
|
||||||
<bean id="userCacheWrapper" class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache"> |
|
||||||
<property name="cache" ref="userCache"/> |
|
||||||
</bean> |
|
||||||
|
|
||||||
<bean id="ldapAuthenticationProvider" class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider"> |
|
||||||
<constructor-arg ref="bindAuthenticator"/> |
|
||||||
<constructor-arg ref="userDetailsServiceBasedAuthoritiesPopulator"/> |
|
||||||
<property name="userCache" ref="userCacheWrapper"/> |
|
||||||
</bean> |
|
||||||
|
|
||||||
<bean id="bindAuthenticator" class="org.libresonic.player.ldap.LibresonicLdapBindAuthenticator"> |
|
||||||
<property name="securityService" ref="securityService"/> |
|
||||||
<property name="settingsService" ref="settingsService"/> |
|
||||||
</bean> |
|
||||||
|
|
||||||
<bean id="userDetailsServiceBasedAuthoritiesPopulator" |
|
||||||
class="org.libresonic.player.ldap.UserDetailsServiceBasedAuthoritiesPopulator"> |
|
||||||
<property name="userDetailsService" ref="securityService"/> |
|
||||||
</bean> |
|
||||||
|
|
||||||
<!-- Authorization of AJAX services. --> |
|
||||||
<bean id="ajaxServiceInterceptor" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> |
|
||||||
<property name="authenticationManager" ref="authenticationManager"/> |
|
||||||
<property name="accessDecisionManager" ref="accessDecisionManager"/> |
|
||||||
<property name="objectDefinitionSource"> |
|
||||||
<value> |
|
||||||
org.libresonic.player.ajax.TagService.setTags=ROLE_COVERART |
|
||||||
org.libresonic.player.ajax.TransferService.getUploadInfo=ROLE_UPLOAD |
|
||||||
</value> |
|
||||||
</property> |
|
||||||
</bean> |
|
||||||
|
|
||||||
<bean id="ajaxTagServiceSecure" class="org.springframework.aop.framework.ProxyFactoryBean"> |
|
||||||
<property name="target" ref="ajaxTagService"/> |
|
||||||
<property name="interceptorNames"> |
|
||||||
<list> |
|
||||||
<idref local="ajaxServiceInterceptor"/> |
|
||||||
</list> |
|
||||||
</property> |
|
||||||
</bean> |
|
||||||
|
|
||||||
<bean id="ajaxTransferServiceSecure" class="org.springframework.aop.framework.ProxyFactoryBean"> |
|
||||||
<property name="target" ref="ajaxTransferService"/> |
|
||||||
<property name="interceptorNames"> |
|
||||||
<list> |
|
||||||
<idref local="ajaxServiceInterceptor"/> |
|
||||||
</list> |
|
||||||
</property> |
|
||||||
</bean> |
|
||||||
|
|
||||||
</beans> |
|
||||||
|
Loading…
Reference in new issue