2011-03-16 17:39:31 +01:00
|
|
|
//
|
|
|
|
// YaCyLoginService
|
|
|
|
// Copyright 2011 by Florian Richter
|
|
|
|
// First released 16.04.2011 at http://yacy.net
|
|
|
|
//
|
|
|
|
// $LastChangedDate$
|
|
|
|
// $LastChangedRevision$
|
|
|
|
// $LastChangedBy$
|
|
|
|
//
|
|
|
|
// This library is free software; you can redistribute it and/or
|
|
|
|
// modify it under the terms of the GNU Lesser General Public
|
|
|
|
// License as published by the Free Software Foundation; either
|
|
|
|
// version 2.1 of the License, or (at your option) any later version.
|
|
|
|
//
|
|
|
|
// This library is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
// Lesser General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU Lesser General Public License
|
|
|
|
// along with this program in the file lgpl21.txt
|
|
|
|
// If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
//
|
|
|
|
|
2011-03-15 00:33:36 +01:00
|
|
|
package net.yacy.http;
|
|
|
|
|
|
|
|
import java.io.IOException;
|
|
|
|
import java.security.Principal;
|
|
|
|
|
|
|
|
import javax.security.auth.Subject;
|
|
|
|
|
2012-06-29 21:16:20 +02:00
|
|
|
import net.yacy.search.Switchboard;
|
2013-12-27 02:59:19 +01:00
|
|
|
import net.yacy.search.SwitchboardConstants;
|
2012-06-29 21:16:20 +02:00
|
|
|
|
2011-03-15 00:33:36 +01:00
|
|
|
import org.eclipse.jetty.security.IdentityService;
|
|
|
|
import org.eclipse.jetty.security.MappedLoginService;
|
|
|
|
import org.eclipse.jetty.server.UserIdentity;
|
2013-09-14 20:49:05 +02:00
|
|
|
import org.eclipse.jetty.util.security.Credential;
|
2011-03-15 00:33:36 +01:00
|
|
|
|
2011-03-16 17:39:31 +01:00
|
|
|
/**
|
|
|
|
* jetty login service, provides one admin user
|
|
|
|
*/
|
2011-03-15 00:33:36 +01:00
|
|
|
public class YaCyLoginService extends MappedLoginService {
|
|
|
|
|
|
|
|
@Override
|
|
|
|
protected UserIdentity loadUser(String username) {
|
2013-12-27 02:59:19 +01:00
|
|
|
/*if(username.equals("admin"))*/ {
|
2011-03-16 17:39:31 +01:00
|
|
|
// TODO: implement legacy credentials
|
2011-03-17 20:40:05 +01:00
|
|
|
final Switchboard sb = Switchboard.getSwitchboard();
|
2013-12-27 02:59:19 +01:00
|
|
|
final String adminAccountBase64MD5 = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
|
|
|
|
// in YaCy the credential hash is composed of username:pwd so the username is needed to create valid credential
|
|
|
|
// not just the password (as usually in Jetty). As the accountname for the std. adminuser is not stored a useridentity
|
|
|
|
// is created for current user (and the pwd checked against the stored username:pwd setting)
|
|
|
|
Credential credential = YaCyLegacyCredential.getCredentialsFromConfig(username, adminAccountBase64MD5);
|
|
|
|
// TODO: YaCy user:pwd hashes should longterm likely be switched to separable username + pwd-hash entries
|
|
|
|
// and/or the standard admin account username shuld be fix = "admin"
|
|
|
|
|
|
|
|
Principal userPrincipal = new MappedLoginService.KnownUser(username, credential);
|
2011-03-15 00:33:36 +01:00
|
|
|
Subject subject = new Subject();
|
|
|
|
subject.getPrincipals().add(userPrincipal);
|
|
|
|
subject.getPrivateCredentials().add(credential);
|
|
|
|
subject.setReadOnly();
|
|
|
|
IdentityService is = getIdentityService();
|
|
|
|
return is.newUserIdentity(subject, userPrincipal, new String[]{"admin"});
|
|
|
|
}
|
2013-12-27 02:59:19 +01:00
|
|
|
// return null;
|
2011-03-15 00:33:36 +01:00
|
|
|
}
|
2011-03-17 20:40:05 +01:00
|
|
|
|
2011-03-15 00:33:36 +01:00
|
|
|
@Override
|
|
|
|
protected void loadUsers() throws IOException {
|
2011-03-16 17:39:31 +01:00
|
|
|
// don't load any users into MappedLoginService on startup
|
|
|
|
// we use loadUser for dynamic checking
|
2011-03-15 00:33:36 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
}
|