package org.libresonic.player.controller; import org.libresonic.player.Logger; import org.libresonic.player.domain.User; import org.libresonic.player.service.SecurityService; import org.libresonic.player.service.SettingsService; import org.libresonic.player.util.StringUtil; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.view.RedirectView; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.HashMap; import java.util.Map; /** * Spring MVC Controller that serves the login page. */ @Controller public class LoginController { private static final Logger LOG = Logger.getLogger(LoginController.class); @Autowired private SecurityService securityService; @Autowired private SettingsService settingsService; @RequestMapping(value = "/login", method = RequestMethod.GET) public ModelAndView login(HttpServletRequest request, HttpServletResponse response) throws Exception { // Auto-login if "user" and "password" parameters are given. String username = request.getParameter("user"); String password = request.getParameter("password"); if (username != null && password != null) { username = StringUtil.urlEncode(username); password = StringUtil.urlEncode(password); return new ModelAndView(new RedirectView("/login?"+ UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY+"=" + username + "&"+UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY+"=" + password )); } Map<String, Object> map = new HashMap<String, Object>(); map.put("logout", request.getParameter("logout") != null); map.put("error", request.getParameter("error") != null); map.put("brand", settingsService.getBrand()); map.put("loginMessage", settingsService.getLoginMessage()); User admin = securityService.getUserByName(User.USERNAME_ADMIN); if (User.USERNAME_ADMIN.equals(admin.getPassword())) { map.put("insecure", true); } return new ModelAndView("login", "model", map); } }