//
// YaCyLoginService
// Copyright 2011 by Florian Richter
// First released 16.04.2011 at http://yacy.net
//
// $LastChangedDate$
// $LastChangedRevision$
// $LastChangedBy$
//
// This library is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public
// License as published by the Free Software Foundation; either
// version 2.1 of the License, or (at your option) any later version.
//
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with this program in the file lgpl21.txt
// If not, see .
//
package net.yacy.http;
import java.io.IOException;
import java.util.ArrayList;
import net.yacy.data.UserDB.AccessRight;
import net.yacy.data.UserDB.Entry;
import net.yacy.search.Switchboard;
import net.yacy.search.SwitchboardConstants;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.MappedLoginService;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.security.Credential;
/**
* jetty login service, provides admin and YaCy.UserDB users with role assignment
* with DIGEST auth by default Jetty uses the name of the loginSevice as realmname (which is part of all password hashes)
*/
public class YaCyLoginService extends MappedLoginService implements LoginService {
@Override
protected UserIdentity loadUser(String username) {
if (username == null || username.isEmpty()) return null; // quick exit
final Switchboard sb = Switchboard.getSwitchboard();
String adminuser = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin");
Credential credential = null;
String[] roles = null;
if (username.equals(adminuser)) {
final String adminAccountBase64MD5 = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
// in YaCy the credential hash is composed of username:pwd so the username is needed to create valid credential
// not just the password (as usually in Jetty). As the accountname for the std. adminuser is not stored a useridentity
// is created for current user (and the pwd checked against the stored username:pwd setting)
credential = YaCyLegacyCredential.getCredentialForAdmin(username, adminAccountBase64MD5);
// TODO: YaCy user:pwd hashes should longterm likely be switched to separable username + pwd-hash entries
// and/or the standard admin account username should be fix = "admin"
roles = new String[]{AccessRight.ADMIN_RIGHT.toString()};
} else {
Entry user = sb.userDB.getEntry(username);
if (user != null && user.getMD5EncodedUserPwd() != null) {
// assigning roles from userDB
ArrayList roletmp = new ArrayList();
for (final AccessRight right : AccessRight.values()) {
if (user.hasRight(right)) {
roletmp.add(right.toString());
}
}
if (roletmp.size() > 0) roles = roletmp.toArray(new String[roletmp.size()]);
credential = YaCyLegacyCredential.getCredentialForUserDB(username, user.getMD5EncodedUserPwd());
}
}
if (credential != null) {
if (roles != null) {
return putUser(username, credential, roles);
}
return putUser(username, credential); // w/o role makes not much sense, but succeeds login....
}
return null;
}
@Override
protected void loadUsers() throws IOException {
// don't load any users into MappedLoginService on startup
// we use loadUser for dynamic checking
}
}