Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>master
parent
6896538a6f
commit
a3c64d2024
@ -1,132 +0,0 @@ |
||||
/* |
||||
This file is part of Libresonic. |
||||
|
||||
Libresonic is free software: you can redistribute it and/or modify |
||||
it under the terms of the GNU General Public License as published by |
||||
the Free Software Foundation, either version 3 of the License, or |
||||
(at your option) any later version. |
||||
|
||||
Libresonic is distributed in the hope that it will be useful, |
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
GNU General Public License for more details. |
||||
|
||||
You should have received a copy of the GNU General Public License |
||||
along with Libresonic. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
Copyright 2016 (C) Libresonic Authors |
||||
Based upon Subsonic, Copyright 2009 (C) Sindre Mehus |
||||
*/ |
||||
package org.libresonic.player.ldap; |
||||
|
||||
import org.libresonic.player.Logger; |
||||
import org.libresonic.player.domain.User; |
||||
import org.libresonic.player.service.SecurityService; |
||||
import org.libresonic.player.service.SettingsService; |
||||
import org.acegisecurity.BadCredentialsException; |
||||
import org.acegisecurity.ldap.DefaultInitialDirContextFactory; |
||||
import org.acegisecurity.ldap.search.FilterBasedLdapUserSearch; |
||||
import org.acegisecurity.providers.ldap.LdapAuthenticator; |
||||
import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator; |
||||
import org.acegisecurity.userdetails.ldap.LdapUserDetails; |
||||
import org.apache.commons.lang.StringUtils; |
||||
|
||||
import java.util.HashMap; |
||||
import java.util.Map; |
||||
|
||||
/** |
||||
* LDAP authenticator which uses a delegate {@link BindAuthenticator}, and which |
||||
* supports dynamically changing LDAP provider URL and search filter. |
||||
* |
||||
* @author Sindre Mehus |
||||
*/ |
||||
public class LibresonicLdapBindAuthenticator implements LdapAuthenticator { |
||||
|
||||
private static final Logger LOG = Logger.getLogger(LibresonicLdapBindAuthenticator.class); |
||||
|
||||
private SecurityService securityService; |
||||
private SettingsService settingsService; |
||||
|
||||
private long authenticatorTimestamp; |
||||
private BindAuthenticator delegateAuthenticator; |
||||
|
||||
public LdapUserDetails authenticate(String username, String password) { |
||||
|
||||
// LDAP authentication must be enabled on the system.
|
||||
if (!settingsService.isLdapEnabled()) { |
||||
throw new BadCredentialsException("LDAP authentication disabled."); |
||||
} |
||||
|
||||
// User must be defined in Libresonic, unless auto-shadowing is enabled.
|
||||
User user = securityService.getUserByName(username); |
||||
if (user == null && !settingsService.isLdapAutoShadowing()) { |
||||
throw new BadCredentialsException("User does not exist."); |
||||
} |
||||
|
||||
// LDAP authentication must be enabled for the given user.
|
||||
if (user != null && !user.isLdapAuthenticated()) { |
||||
throw new BadCredentialsException("LDAP authentication disabled for user."); |
||||
} |
||||
|
||||
try { |
||||
createDelegate(); |
||||
LdapUserDetails details = delegateAuthenticator.authenticate(username, password); |
||||
if (details != null) { |
||||
LOG.info("User '" + username + "' successfully authenticated in LDAP. DN: " + details.getDn()); |
||||
|
||||
if (user == null) { |
||||
User newUser = new User(username, "", null, true, 0L, 0L, 0L); |
||||
newUser.setStreamRole(true); |
||||
newUser.setSettingsRole(true); |
||||
securityService.createUser(newUser); |
||||
LOG.info("Created local user '" + username + "' for DN " + details.getDn()); |
||||
} |
||||
} |
||||
|
||||
return details; |
||||
} catch (RuntimeException x) { |
||||
LOG.info("Failed to authenticate user '" + username + "' in LDAP.", x); |
||||
throw x; |
||||
} |
||||
} |
||||
|
||||
/** |
||||
* Creates the delegate {@link BindAuthenticator}. |
||||
*/ |
||||
private synchronized void createDelegate() { |
||||
|
||||
// Only create it if necessary.
|
||||
if (delegateAuthenticator == null || authenticatorTimestamp < settingsService.getSettingsChanged()) { |
||||
|
||||
DefaultInitialDirContextFactory contextFactory = new DefaultInitialDirContextFactory(settingsService.getLdapUrl()); |
||||
|
||||
String managerDn = settingsService.getLdapManagerDn(); |
||||
String managerPassword = settingsService.getLdapManagerPassword(); |
||||
if (StringUtils.isNotEmpty(managerDn) && StringUtils.isNotEmpty(managerPassword)) { |
||||
contextFactory.setManagerDn(managerDn); |
||||
contextFactory.setManagerPassword(managerPassword); |
||||
} |
||||
|
||||
Map<String, String> extraEnvVars = new HashMap<String, String>(); |
||||
extraEnvVars.put("java.naming.referral", "follow"); |
||||
contextFactory.setExtraEnvVars(extraEnvVars); |
||||
|
||||
FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch("", settingsService.getLdapSearchFilter(), contextFactory); |
||||
userSearch.setSearchSubtree(true); |
||||
userSearch.setDerefLinkFlag(true); |
||||
|
||||
delegateAuthenticator = new BindAuthenticator(contextFactory); |
||||
delegateAuthenticator.setUserSearch(userSearch); |
||||
|
||||
authenticatorTimestamp = settingsService.getSettingsChanged(); |
||||
} |
||||
} |
||||
|
||||
public void setSecurityService(SecurityService securityService) { |
||||
this.securityService = securityService; |
||||
} |
||||
|
||||
public void setSettingsService(SettingsService settingsService) { |
||||
this.settingsService = settingsService; |
||||
} |
||||
} |
@ -1,51 +0,0 @@ |
||||
/* |
||||
This file is part of Libresonic. |
||||
|
||||
Libresonic is free software: you can redistribute it and/or modify |
||||
it under the terms of the GNU General Public License as published by |
||||
the Free Software Foundation, either version 3 of the License, or |
||||
(at your option) any later version. |
||||
|
||||
Libresonic is distributed in the hope that it will be useful, |
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
GNU General Public License for more details. |
||||
|
||||
You should have received a copy of the GNU General Public License |
||||
along with Libresonic. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
Copyright 2016 (C) Libresonic Authors |
||||
Based upon Subsonic, Copyright 2009 (C) Sindre Mehus |
||||
*/ |
||||
package org.libresonic.player.ldap; |
||||
|
||||
import org.acegisecurity.GrantedAuthority; |
||||
import org.acegisecurity.ldap.LdapDataAccessException; |
||||
import org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator; |
||||
import org.acegisecurity.userdetails.UserDetailsService; |
||||
import org.acegisecurity.userdetails.UserDetails; |
||||
import org.acegisecurity.userdetails.ldap.LdapUserDetails; |
||||
|
||||
/** |
||||
* An {@link LdapAuthoritiesPopulator} that retrieves the roles from the |
||||
* database using the {@link UserDetailsService} instead of retrieving the roles |
||||
* from LDAP. An instance of this class can be configured for the |
||||
* {@link org.acegisecurity.providers.ldap.LdapAuthenticationProvider} when |
||||
* authentication should be done using LDAP and authorization using the |
||||
* information stored in the database. |
||||
* |
||||
* @author Thomas M. Hofmann |
||||
*/ |
||||
public class UserDetailsServiceBasedAuthoritiesPopulator implements LdapAuthoritiesPopulator { |
||||
|
||||
private UserDetailsService userDetailsService; |
||||
|
||||
public GrantedAuthority[] getGrantedAuthorities(LdapUserDetails userDetails) throws LdapDataAccessException { |
||||
UserDetails details = userDetailsService.loadUserByUsername(userDetails.getUsername()); |
||||
return details.getAuthorities(); |
||||
} |
||||
|
||||
public void setUserDetailsService(UserDetailsService userDetailsService) { |
||||
this.userDetailsService = userDetailsService; |
||||
} |
||||
} |
@ -1,246 +1,65 @@ |
||||
<?xml version="1.0" encoding="ISO-8859-1"?> |
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans" |
||||
xmlns:security="http://www.springframework.org/schema/security" |
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd"> |
||||
|
||||
<bean id="loginFailureLogger" class="org.libresonic.player.security.LoginFailureLogger"/> |
||||
|
||||
<bean class="org.libresonic.player.security.LibresonicApplicationEventListener"> |
||||
<property name="loginFailureLogger" ref="loginFailureLogger"/> |
||||
</bean> |
||||
|
||||
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy"> |
||||
<property name="filterInvocationDefinitionSource"> |
||||
<value> |
||||
PATTERN_TYPE_APACHE_ANT |
||||
/wap**=httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,basicExceptionTranslationFilter,filterInvocationInterceptor |
||||
/podcastChannel**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor |
||||
/podcast**=httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,basicExceptionTranslationFilter,filterInvocationInterceptor |
||||
/rest/**=httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,restRequestParameterProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,basicExceptionTranslationFilter,filterInvocationInterceptor |
||||
/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor |
||||
</value> |
||||
</property> |
||||
</bean> |
||||
|
||||
<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/> |
||||
|
||||
<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter"> |
||||
<constructor-arg value="/login.view?logout"/> |
||||
<!-- URL redirected to after logout --> |
||||
<constructor-arg> |
||||
<list> |
||||
<ref bean="rememberMeServices"/> |
||||
<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/> |
||||
</list> |
||||
</constructor-arg> |
||||
</bean> |
||||
|
||||
<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> |
||||
<property name="authenticationManager" ref="authenticationManager"/> |
||||
<property name="authenticationFailureUrl" value="/login.view?error"/> |
||||
<property name="defaultTargetUrl" value="/"/> |
||||
<property name="alwaysUseDefaultTargetUrl" value="true"/> |
||||
<property name="filterProcessesUrl" value="/j_acegi_security_check"/> |
||||
<property name="rememberMeServices" ref="rememberMeServices"/> |
||||
</bean> |
||||
|
||||
<bean id="basicProcessingFilter" class="org.acegisecurity.ui.basicauth.BasicProcessingFilter"> |
||||
<property name="authenticationManager" ref="authenticationManager"/> |
||||
<property name="authenticationEntryPoint" ref="basicProcessingFilterEntryPoint"/> |
||||
</bean> |
||||
|
||||
<bean id="restRequestParameterProcessingFilter" class="org.libresonic.player.security.RESTRequestParameterProcessingFilter"> |
||||
<property name="authenticationManager" ref="authenticationManager"/> |
||||
<property name="settingsService" ref="settingsService"/> |
||||
<property name="securityService" ref="securityService"/> |
||||
<property name="loginFailureLogger" ref="loginFailureLogger"/> |
||||
</bean> |
||||
|
||||
<bean id="basicProcessingFilterEntryPoint" class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint"> |
||||
<property name="realmName" value="Libresonic"/> |
||||
</bean> |
||||
|
||||
<bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/> |
||||
|
||||
<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter"> |
||||
<property name="authenticationManager" ref="authenticationManager"/> |
||||
<property name="rememberMeServices" ref="rememberMeServices"/> |
||||
</bean> |
||||
|
||||
<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter"> |
||||
<property name="key" value="libresonic"/> |
||||
<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/> |
||||
</bean> |
||||
|
||||
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> |
||||
<property name="authenticationEntryPoint"> |
||||
<bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> |
||||
<property name="loginFormUrl" value="/login.view?"/> |
||||
<property name="forceHttps" value="false"/> |
||||
</bean> |
||||
</property> |
||||
<property name="accessDeniedHandler"> |
||||
<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl"> |
||||
<property name="errorPage" value="/accessDenied.view"/> |
||||
</bean> |
||||
</property> |
||||
</bean> |
||||
|
||||
<bean id="basicExceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> |
||||
<property name="authenticationEntryPoint"> |
||||
<bean class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint"> |
||||
<property name="realmName" value="Libresonic"/> |
||||
</bean> |
||||
</property> |
||||
</bean> |
||||
|
||||
<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> |
||||
<property name="authenticationManager" ref="authenticationManager"/> |
||||
<property name="alwaysReauthenticate" value="true"/> |
||||
<property name="accessDecisionManager" ref="accessDecisionManager"/> |
||||
<property name="objectDefinitionSource"> |
||||
<value> |
||||
PATTERN_TYPE_APACHE_ANT |
||||
|
||||
/login.view=IS_AUTHENTICATED_ANONYMOUSLY |
||||
/recover.view=IS_AUTHENTICATED_ANONYMOUSLY |
||||
/accessDenied.view=IS_AUTHENTICATED_ANONYMOUSLY |
||||
/coverArt.view=IS_AUTHENTICATED_ANONYMOUSLY |
||||
/hls/**=IS_AUTHENTICATED_ANONYMOUSLY |
||||
/stream/**=IS_AUTHENTICATED_ANONYMOUSLY |
||||
/ws/**=IS_AUTHENTICATED_ANONYMOUSLY |
||||
/share/**=IS_AUTHENTICATED_ANONYMOUSLY |
||||
/style/**=IS_AUTHENTICATED_ANONYMOUSLY |
||||
/icons/**=IS_AUTHENTICATED_ANONYMOUSLY |
||||
/flash/**=IS_AUTHENTICATED_ANONYMOUSLY |
||||
/script/**=IS_AUTHENTICATED_ANONYMOUSLY |
||||
/sonos/**=IS_AUTHENTICATED_ANONYMOUSLY |
||||
/crossdomain.xml=IS_AUTHENTICATED_ANONYMOUSLY |
||||
|
||||
/personalSettings.view=ROLE_SETTINGS |
||||
/passwordSettings.view=ROLE_SETTINGS |
||||
/playerSettings.view=ROLE_SETTINGS |
||||
/shareSettings.view=ROLE_SETTINGS |
||||
|
||||
/generalSettings.view=ROLE_ADMIN |
||||
/advancedSettings.view=ROLE_ADMIN |
||||
/userSettings.view=ROLE_ADMIN |
||||
/musicFolderSettings.view=ROLE_ADMIN |
||||
/networkSettings.view=ROLE_ADMIN |
||||
/dlnaSettings.view=ROLE_ADMIN |
||||
/sonosSettings.view=ROLE_ADMIN |
||||
/transcodingSettings.view=ROLE_ADMIN |
||||
/internetRadioSettings.view=ROLE_ADMIN |
||||
/podcastSettings.view=ROLE_ADMIN |
||||
/db.view=ROLE_ADMIN |
||||
|
||||
/deletePlaylist.view=ROLE_PLAYLIST |
||||
/savePlaylist.view=ROLE_PLAYLIST |
||||
|
||||
/download.view=ROLE_DOWNLOAD |
||||
|
||||
/upload.view=ROLE_UPLOAD |
||||
|
||||
/createShare.view=ROLE_SHARE |
||||
|
||||
/changeCoverArt.view=ROLE_COVERART |
||||
/editTags.view=ROLE_COVERART |
||||
|
||||
/setMusicFileInfo.view=ROLE_COMMENT |
||||
|
||||
/podcastReceiverAdmin.view=ROLE_PODCAST |
||||
|
||||
/**=IS_AUTHENTICATED_REMEMBERED |
||||
</value> |
||||
</property> |
||||
</bean> |
||||
|
||||
<bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased"> |
||||
<property name="allowIfAllAbstainDecisions" value="false"/> |
||||
<property name="decisionVoters"> |
||||
<list> |
||||
<bean class="org.acegisecurity.vote.RoleVoter"/> |
||||
<bean class="org.acegisecurity.vote.AuthenticatedVoter"/> |
||||
</list> |
||||
</property> |
||||
</bean> |
||||
|
||||
<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices"> |
||||
<property name="userDetailsService" ref="securityService"/> |
||||
<property name="tokenValiditySeconds" value="31536000"/> |
||||
<!-- One year --> |
||||
<property name="key" value="libresonic"/> |
||||
</bean> |
||||
|
||||
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"> |
||||
<property name="providers"> |
||||
<list> |
||||
<ref local="daoAuthenticationProvider"/> |
||||
<ref local="ldapAuthenticationProvider"/> |
||||
<bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider"> |
||||
<property name="key" value="libresonic"/> |
||||
</bean> |
||||
<bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider"> |
||||
<property name="key" value="libresonic"/> |
||||
</bean> |
||||
</list> |
||||
</property> |
||||
</bean> |
||||
|
||||
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider"> |
||||
<property name="userDetailsService" ref="securityService"/> |
||||
<property name="userCache" ref="userCacheWrapper"/> |
||||
</bean> |
||||
|
||||
<bean id="userCacheWrapper" class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache"> |
||||
<property name="cache" ref="userCache"/> |
||||
</bean> |
||||
|
||||
<bean id="ldapAuthenticationProvider" class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider"> |
||||
<constructor-arg ref="bindAuthenticator"/> |
||||
<constructor-arg ref="userDetailsServiceBasedAuthoritiesPopulator"/> |
||||
<property name="userCache" ref="userCacheWrapper"/> |
||||
</bean> |
||||
|
||||
<bean id="bindAuthenticator" class="org.libresonic.player.ldap.LibresonicLdapBindAuthenticator"> |
||||
<property name="securityService" ref="securityService"/> |
||||
<property name="settingsService" ref="settingsService"/> |
||||
</bean> |
||||
|
||||
<bean id="userDetailsServiceBasedAuthoritiesPopulator" |
||||
class="org.libresonic.player.ldap.UserDetailsServiceBasedAuthoritiesPopulator"> |
||||
<property name="userDetailsService" ref="securityService"/> |
||||
</bean> |
||||
|
||||
<!-- Authorization of AJAX services. --> |
||||
<bean id="ajaxServiceInterceptor" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> |
||||
<property name="authenticationManager" ref="authenticationManager"/> |
||||
<property name="accessDecisionManager" ref="accessDecisionManager"/> |
||||
<property name="objectDefinitionSource"> |
||||
<value> |
||||
org.libresonic.player.ajax.TagService.setTags=ROLE_COVERART |
||||
org.libresonic.player.ajax.TransferService.getUploadInfo=ROLE_UPLOAD |
||||
</value> |
||||
</property> |
||||
</bean> |
||||
|
||||
<bean id="ajaxTagServiceSecure" class="org.springframework.aop.framework.ProxyFactoryBean"> |
||||
<property name="target" ref="ajaxTagService"/> |
||||
<property name="interceptorNames"> |
||||
<list> |
||||
<idref local="ajaxServiceInterceptor"/> |
||||
</list> |
||||
</property> |
||||
</bean> |
||||
|
||||
<bean id="ajaxTransferServiceSecure" class="org.springframework.aop.framework.ProxyFactoryBean"> |
||||
<property name="target" ref="ajaxTransferService"/> |
||||
<property name="interceptorNames"> |
||||
<list> |
||||
<idref local="ajaxServiceInterceptor"/> |
||||
</list> |
||||
</property> |
||||
</bean> |
||||
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans |
||||
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd |
||||
http://www.springframework.org/schema/security |
||||
http://www.springframework.org/schema/security/spring-security-3.2.xsd"> |
||||
|
||||
<security:http auto-config='true'> |
||||
<!-- IS_AUTHENTICATED_ANONYMOUSLY --> |
||||
<security:intercept-url pattern="/login.*" access="IS_AUTHENTICATED_ANONYMOUSLY"/> |
||||
<security:intercept-url pattern="/recover.view" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||
<security:intercept-url pattern="/accessDenied.view" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||
<security:intercept-url pattern="/coverArt.view" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||
<security:intercept-url pattern="/hls/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||
<security:intercept-url pattern="/stream/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||
<security:intercept-url pattern="/ws/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||
<security:intercept-url pattern="/share/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||
<security:intercept-url pattern="/style/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||
<security:intercept-url pattern="/icons/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||
<security:intercept-url pattern="/flash/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||
<security:intercept-url pattern="/script/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||
<security:intercept-url pattern="/sonos/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||
<security:intercept-url pattern="/crossdomain.xml" access="IS_AUTHENTICATED_ANONYMOUSLY" /> |
||||
|
||||
<!-- ROLE_SETTINGS --> |
||||
<security:intercept-url pattern="/personalSettings.view" access="ROLE_SETTINGS" /> |
||||
<security:intercept-url pattern="/passwordSettings.view" access="ROLE_SETTINGS" /> |
||||
<security:intercept-url pattern="/playerSettings.view" access="ROLE_SETTINGS" /> |
||||
<security:intercept-url pattern="/shareSettings.view" access="ROLE_SETTINGS" /> |
||||
|
||||
<!-- ROLE_ADMIN --> |
||||
<security:intercept-url pattern="/generalSettings.view" access="ROLE_ADMIN" /> |
||||
<security:intercept-url pattern="/advancedSettings.view" access="ROLE_ADMIN" /> |
||||
<security:intercept-url pattern="/userSettings.view" access="ROLE_ADMIN" /> |
||||
<security:intercept-url pattern="/musicFolderSettings.view" access="ROLE_ADMIN" /> |
||||
<security:intercept-url pattern="/networkSettings.view" access="ROLE_ADMIN" /> |
||||
<security:intercept-url pattern="/dlnaSettings.view" access="ROLE_ADMIN" /> |
||||
<security:intercept-url pattern="/sonosSettings.view" access="ROLE_ADMIN" /> |
||||
<security:intercept-url pattern="/transcodingSettings.view" access="ROLE_ADMIN" /> |
||||
<security:intercept-url pattern="/internetRadioSettings.view" access="ROLE_ADMIN" /> |
||||
<security:intercept-url pattern="/podcastSettings.view" access="ROLE_ADMIN" /> |
||||
<security:intercept-url pattern="/db.view" access="ROLE_ADMIN" /> |
||||
|
||||
<!-- MISC --> |
||||
<security:intercept-url pattern="/deletePlaylist.view" access="ROLE_PLAYLIST" /> |
||||
<security:intercept-url pattern="/savePlaylist.view" access="ROLE_PLAYLIST" /> |
||||
<security:intercept-url pattern="/download.view" access="ROLE_DOWNLOAD" /> |
||||
<security:intercept-url pattern="/upload.view" access="ROLE_UPLOAD" /> |
||||
<security:intercept-url pattern="/createShare.view" access="ROLE_SHARE" /> |
||||
<security:intercept-url pattern="/changeCoverArt.view" access="ROLE_COVERART" /> |
||||
<security:intercept-url pattern="/editTags.view" access="ROLE_COVERART" /> |
||||
<security:intercept-url pattern="/setMusicFileInfo.view" access="ROLE_COMMENT" /> |
||||
<security:intercept-url pattern="/podcastReceiverAdmin.view" access="ROLE_PODCAST" /> |
||||
|
||||
<!-- ROLE_USER --> |
||||
<security:intercept-url pattern="/**" access="ROLE_USER" /> |
||||
<security:form-login login-page="/login.view" default-target-url="/home.view" /> |
||||
</security:http> |
||||
|
||||
<security:authentication-manager> |
||||
<security:authentication-provider user-service-ref="securityService" /> |
||||
</security:authentication-manager> |
||||
</beans> |
Loading…
Reference in new issue