* authentication implemented with own securityhandler

2024-09-19 00:01:41 +02:00 · 2011-03-16 17:39:31 +01:00 · 2011-03-16 17:39:31 +01:00 · 7cfd3762d9
commit 7cfd3762d9
parent 68ca0fbb2e
4 changed files with 109 additions and 10 deletions
--- a/source/net/yacy/http/HttpServer.java
+++ b/source/net/yacy/http/HttpServer.java
@ -59,6 +59,9 @@ public class HttpServer {
 
        resource_handler.setResourceBase("htroot/");

+        HandlerList handlers = new HandlerList();
+        handlers.setHandlers(new Handler[] {new SSIHandler(new TemplateHandler()), resource_handler, new DefaultHandler() });
+
        Constraint constraint = new Constraint();
        constraint.setName(Constraint.__BASIC_AUTH);;
        constraint.setRoles(new String[]{"admin"});
@ -66,22 +69,19 @@ public class HttpServer {

        ConstraintMapping cm = new ConstraintMapping();
        cm.setConstraint(constraint);
-        cm.setPathSpec("/*");
+        cm.setPathSpec("/authenticate_me");
        
-        ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
+        YaCySecurityHandler securityHandler = new YaCySecurityHandler();
        securityHandler.setLoginService(new YaCyLoginService());
        securityHandler.setRealmName("YaCy Admin Interface");
-        securityHandler.setConstraintMappings(new ConstraintMapping[]{cm});
-        securityHandler.setHandler(new SSIHandler(new TemplateHandler()));
+        securityHandler.setHandler(handlers);
        
        // context handler for dispatcher and security
        ContextHandler context = new ContextHandler();
        context.setContextPath("/");
        context.setHandler(securityHandler);
        
-        HandlerList handlers = new HandlerList();
-        handlers.setHandlers(new Handler[] {context, resource_handler, new DefaultHandler() });
-        server.setHandler(handlers);
+        server.setHandler(context);
 	}
 	
 	/**
--- a/source/net/yacy/http/TemplateHandler.java
+++ b/source/net/yacy/http/TemplateHandler.java
@ -40,6 +40,7 @@ import java.util.Date;
 import java.util.Enumeration;
 import java.util.concurrent.ConcurrentHashMap;

+import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@ -192,13 +193,14 @@ public class TemplateHandler extends AbstractHandler implements Handler {
    	
    	return legacyRequestHeader;
    }
-
+    
 	@Override
 	public void handle(String target, Request baseRequest, HttpServletRequest request,
 			HttpServletResponse response) throws IOException, ServletException {
    	Switchboard sb = Switchboard.getSwitchboard();
-
+    	
 		System.err.println("Page: " + target);
+		
 		String localeSelection = "default";
        File targetFile = getLocalizedFile(target, localeSelection);
        File targetClass = rewriteClassFile(new File(htDefaultPath, target));
--- a/source/net/yacy/http/YaCyLoginService.java
+++ b/source/net/yacy/http/YaCyLoginService.java
@ -1,3 +1,27 @@
+//
+//  YaCyLoginService
+//  Copyright 2011 by Florian Richter
+//  First released 16.04.2011 at http://yacy.net
+//  
+//  $LastChangedDate$
+//  $LastChangedRevision$
+//  $LastChangedBy$
+//
+//  This library is free software; you can redistribute it and/or
+//  modify it under the terms of the GNU Lesser General Public
+//  License as published by the Free Software Foundation; either
+//  version 2.1 of the License, or (at your option) any later version.
+//  
+//  This library is distributed in the hope that it will be useful,
+//  but WITHOUT ANY WARRANTY; without even the implied warranty of
+//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+//  Lesser General Public License for more details.
+//  
+//  You should have received a copy of the GNU Lesser General Public License
+//  along with this program in the file lgpl21.txt
+//  If not, see <http://www.gnu.org/licenses/>.
+//
+
 package net.yacy.http;

 import java.io.IOException;
@ -10,11 +34,16 @@ import org.eclipse.jetty.security.IdentityService;
 import org.eclipse.jetty.security.MappedLoginService;
 import org.eclipse.jetty.server.UserIdentity;

+
+/**
+ * jetty login service, provides one admin user
+ */
 public class YaCyLoginService extends MappedLoginService {

 	@Override
 	protected UserIdentity loadUser(String username) {
 		if(username.equals("admin")) {
+			// TODO: implement legacy credentials
 			Credential credential = Credential.getCredential("admin");
 			Principal userPrincipal = new MappedLoginService.KnownUser("admin", credential); 
 			Subject subject = new Subject();
@ -29,7 +58,8 @@ public class YaCyLoginService extends MappedLoginService {

 	@Override
 	protected void loadUsers() throws IOException {
-		// don't load any users into MappedLoginService on boot
+		// don't load any users into MappedLoginService on startup
+		// we use loadUser for dynamic checking
 	}

 }
--- a/source/net/yacy/http/YaCySecurityHandler.java
+++ b/source/net/yacy/http/YaCySecurityHandler.java
@ -0,0 +1,67 @@
+//
+//  YaCySecurityHandler
+//  Copyright 2011 by Florian Richter
+//  First released 16.04.2011 at http://yacy.net
+//  
+//  $LastChangedDate$
+//  $LastChangedRevision$
+//  $LastChangedBy$
+//
+//  This library is free software; you can redistribute it and/or
+//  modify it under the terms of the GNU Lesser General Public
+//  License as published by the Free Software Foundation; either
+//  version 2.1 of the License, or (at your option) any later version.
+//  
+//  This library is distributed in the hope that it will be useful,
+//  but WITHOUT ANY WARRANTY; without even the implied warranty of
+//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+//  Lesser General Public License for more details.
+//  
+//  You should have received a copy of the GNU Lesser General Public License
+//  along with this program in the file lgpl21.txt
+//  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package net.yacy.http;
+
+import java.io.IOException;
+
+import org.eclipse.jetty.security.SecurityHandler;
+import org.eclipse.jetty.server.Request;
+import org.eclipse.jetty.server.Response;
+import org.eclipse.jetty.server.UserIdentity;
+
+/**
+ * jetty security handler
+ * demands authentication for pages with _p. inside
+ */
+public class YaCySecurityHandler extends SecurityHandler {
+
+	@Override
+	protected boolean checkUserDataPermissions(String pathInContext, Request request,
+			Response response, Object constraintInfo) throws IOException {
+		// check the SecurityHandler code, denying here does not provide authentication
+		return true;
+	}
+
+	@Override
+	protected boolean checkWebResourcePermissions(String pathInContext, Request request,
+			Response response, Object constraintInfo, UserIdentity userIdentity) throws IOException {
+		// deny and request for authentication, if necessary
+		Boolean authMand = (Boolean)constraintInfo;
+		return !authMand || request.isUserInRole("admin");
+	}
+
+	@Override
+	protected boolean isAuthMandatory(Request base_request, Response base_response, Object constraintInfo) {
+		Boolean authMand = (Boolean)constraintInfo;
+		return authMand;
+	}
+
+	@Override
+	protected Object prepareConstraintInfo(String pathInContext, Request request) {
+		// authentication mandatory as simple constraint info
+		return pathInContext.contains("_p.");
+	}
+
+}