diff --git a/pom.xml b/pom.xml
index 7b91984963..7522498e1b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -426,6 +426,11 @@
configuration-impl
1.0.0
+
+ com.hp.autonomy.frontend.configuration
+ configuration-authentication
+ 0.1.0
+
com.hp.autonomy.frontend
logging
diff --git a/src/main/java/com/hp/autonomy/frontend/find/authentication/DefaultLoginAuthenticationProvider.java b/src/main/java/com/hp/autonomy/frontend/find/authentication/DefaultLoginAuthenticationProvider.java
deleted file mode 100644
index bf0834dfda..0000000000
--- a/src/main/java/com/hp/autonomy/frontend/find/authentication/DefaultLoginAuthenticationProvider.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright 2014-2015 Hewlett-Packard Development Company, L.P.
- * Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
- */
-
-package com.hp.autonomy.frontend.find.authentication;
-
-import com.hp.autonomy.frontend.configuration.AuthenticationConfig;
-import com.hp.autonomy.frontend.configuration.ConfigService;
-import com.hp.autonomy.frontend.configuration.LoginTypes;
-import com.hp.autonomy.frontend.configuration.UsernameAndPassword;
-import java.util.Arrays;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.AuthenticationProvider;
-import org.springframework.security.authentication.BadCredentialsException;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.stereotype.Service;
-
-@Service
-public class DefaultLoginAuthenticationProvider implements AuthenticationProvider {
-
- @Autowired
- private ConfigService> configService;
-
- @Override
- public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
- final com.hp.autonomy.frontend.configuration.Authentication authenticationConfig = configService.getConfig().getAuthentication();
-
- if(!LoginTypes.DEFAULT.equalsIgnoreCase(authenticationConfig.getMethod())) {
- return null;
- }
-
- final UsernameAndPassword defaultLogin = authenticationConfig.getDefaultLogin();
-
- final String username = authentication.getName();
- final String password = authentication.getCredentials().toString();
-
- if(defaultLogin.getUsername().equals(username) && defaultLogin.getPassword().equals(password)) {
- return new UsernamePasswordAuthenticationToken(username, password, Arrays.asList(new SimpleGrantedAuthority("ROLE_DEFAULT")));
- }
- else {
- throw new BadCredentialsException("Access is denied");
- }
- }
-
- @Override
- public boolean supports(final Class authentication) {
- return UsernamePasswordAuthenticationToken.class == authentication;
- }
-}
diff --git a/src/main/java/com/hp/autonomy/frontend/find/authentication/FindAccessDeniedHandler.java b/src/main/java/com/hp/autonomy/frontend/find/authentication/FindAccessDeniedHandler.java
deleted file mode 100644
index 89ba0a2491..0000000000
--- a/src/main/java/com/hp/autonomy/frontend/find/authentication/FindAccessDeniedHandler.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright 2014-2015 Hewlett-Packard Development Company, L.P.
- * Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
- */
-
-package com.hp.autonomy.frontend.find.authentication;
-
-import java.io.IOException;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import org.springframework.security.access.AccessDeniedException;
-import org.springframework.security.web.access.AccessDeniedHandler;
-import org.springframework.stereotype.Service;
-
-@Service
-public class FindAccessDeniedHandler implements AccessDeniedHandler {
- @Override
- public void handle(final HttpServletRequest request, final HttpServletResponse response, final AccessDeniedException e) throws IOException, ServletException {
- // if AJAX, add 403 to the response, otherwise redirect to the given page
- if("XMLHttpRequest".equalsIgnoreCase(request.getHeader("X-Requested-With"))) {
- response.sendError(HttpServletResponse.SC_FORBIDDEN, "Blocked by " + this.getClass().getName());
- }
- else {
- // TODO parameterize this
- response.sendRedirect(request.getContextPath() + "/loginPage");
- }
- }
-}
diff --git a/src/main/java/com/hp/autonomy/frontend/find/authentication/LoginSuccessHandler.java b/src/main/java/com/hp/autonomy/frontend/find/authentication/LoginSuccessHandler.java
deleted file mode 100644
index 8839896471..0000000000
--- a/src/main/java/com/hp/autonomy/frontend/find/authentication/LoginSuccessHandler.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * Copyright 2014-2015 Hewlett-Packard Development Company, L.P.
- * Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
- */
-
-package com.hp.autonomy.frontend.find.authentication;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
-import org.springframework.stereotype.Service;
-
-@Service
-public class LoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
-
- @Override
- protected String determineTargetUrl(final HttpServletRequest request, final HttpServletResponse response) {
- final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-
- for(final GrantedAuthority grantedAuthority : authentication.getAuthorities()) {
- if("ROLE_DEFAULT".equalsIgnoreCase(grantedAuthority.getAuthority())) {
- return "/config/";
- }
- }
-
- return "/p/";
- }
-}
\ No newline at end of file
diff --git a/src/main/java/com/hp/autonomy/frontend/find/authentication/SingleUserAuthenticationProvider.java b/src/main/java/com/hp/autonomy/frontend/find/authentication/SingleUserAuthenticationProvider.java
deleted file mode 100644
index f195a19dcd..0000000000
--- a/src/main/java/com/hp/autonomy/frontend/find/authentication/SingleUserAuthenticationProvider.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright 2014-2015 Hewlett-Packard Development Company, L.P.
- * Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
- */
-
-package com.hp.autonomy.frontend.find.authentication;
-
-import com.hp.autonomy.frontend.configuration.AuthenticationConfig;
-import com.hp.autonomy.frontend.configuration.BCryptUsernameAndPassword;
-import com.hp.autonomy.frontend.configuration.ConfigService;
-import com.hp.autonomy.frontend.configuration.SingleUserAuthentication;
-import java.util.Arrays;
-import org.mindrot.jbcrypt.BCrypt;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.AuthenticationProvider;
-import org.springframework.security.authentication.BadCredentialsException;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.stereotype.Service;
-
-@Service
-public class SingleUserAuthenticationProvider implements AuthenticationProvider {
-
- @Autowired
- private ConfigService> configService;
-
- @Override
- public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
- final com.hp.autonomy.frontend.configuration.Authentication configAuthentication = configService.getConfig().getAuthentication();
-
- if(!(configAuthentication instanceof SingleUserAuthentication)) {
- return null;
- }
-
- final SingleUserAuthentication singleUserAuthentication = (SingleUserAuthentication) configAuthentication;
- final BCryptUsernameAndPassword singleUser = singleUserAuthentication.getSingleUser();
-
- final String username = singleUser.getUsername();
- final String hashedPassword = singleUser.getHashedPassword();
- final String providedPassword = authentication.getCredentials().toString();
-
- if(authentication.getName().equals(username) && BCrypt.checkpw(providedPassword, hashedPassword)) {
- return new UsernamePasswordAuthenticationToken(username, providedPassword, Arrays.asList(new SimpleGrantedAuthority("ROLE_ADMIN")));
- }
- else {
- throw new BadCredentialsException("Bad credentials");
- }
- }
-
- @Override
- public boolean supports(final Class authentication) {
- return authentication == UsernamePasswordAuthenticationToken.class;
- }
-}
diff --git a/src/main/webapp/WEB-INF/applicationContext.xml b/src/main/webapp/WEB-INF/applicationContext.xml
index 6b45401af7..9a7c98a4ad 100644
--- a/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/src/main/webapp/WEB-INF/applicationContext.xml
@@ -43,6 +43,26 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+