Marown/yacy_search_server
1
0
Fork 0
mirror of https://github.com/yacy/yacy_search_server.git synced 2024-09-19 00:01:41 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
209a7374bd
yacy_search_server/source/net/yacy/http/YaCyLoginService.java
Michael Peter Christen 57ce7eeff3 fixed localhost authorization and replaced the adminRealm with an info 
string which is visible in the browser. That makes it possible that the
browser instructs the user how to change a forgotten admin password
(during runtime).
2014-09-02 13:15:19 +02:00

92 lines
4.0 KiB
Java
Raw Blame History

//
// YaCyLoginService
// Copyright 2011 by Florian Richter
// First released 16.04.2011 at http://yacy.net
//
// $LastChangedDate$
// $LastChangedRevision$
// $LastChangedBy$
//
// This library is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public
// License as published by the Free Software Foundation; either
// version 2.1 of the License, or (at your option) any later version.
//
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with this program in the file lgpl21.txt
// If not, see <http://www.gnu.org/licenses/>.
//
package net.yacy.http;
import java.io.IOException;
import java.util.ArrayList;
import net.yacy.data.UserDB.AccessRight;
import net.yacy.data.UserDB.Entry;
import net.yacy.search.Switchboard;
import net.yacy.search.SwitchboardConstants;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.MappedLoginService;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.security.Credential;
/**
* jetty login service, provides admin and YaCy.UserDB users with role assignment
* with DIGEST auth by default Jetty uses the name of the loginSevice as realmname (which is part of all password hashes)
*/
public class YaCyLoginService extends MappedLoginService implements LoginService {
@Override
protected UserIdentity loadUser(String username) {
if (username == null || username.isEmpty()) return null; // quick exit
final Switchboard sb = Switchboard.getSwitchboard();
String adminuser = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin");
Credential credential = null;
String[] roles = null;
if (username.equals(adminuser)) {
final String adminAccountBase64MD5 = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
// in YaCy the credential hash is composed of username:pwd so the username is needed to create valid credential
// not just the password (as usually in Jetty). As the accountname for the std. adminuser is not stored a useridentity
// is created for current user (and the pwd checked against the stored username:pwd setting)
credential = YaCyLegacyCredential.getCredentialForAdmin(username, adminAccountBase64MD5);
// TODO: YaCy user:pwd hashes should longterm likely be switched to separable username + pwd-hash entries
// and/or the standard admin account username should be fix = "admin"
roles = new String[]{AccessRight.ADMIN_RIGHT.toString()};
} else {
Entry user = sb.userDB.getEntry(username);
if (user != null && user.getMD5EncodedUserPwd() != null) {
// assigning roles from userDB
ArrayList<String> roletmp = new ArrayList<String>();
for (final AccessRight right : AccessRight.values()) {
if (user.hasRight(right)) {
roletmp.add(right.toString());
}
}
if (roletmp.size() > 0) roles = roletmp.toArray(new String[roletmp.size()]);
credential = YaCyLegacyCredential.getCredentialForUserDB(username, user.getMD5EncodedUserPwd());
}
}
if (credential != null) {
if (roles != null) {
return putUser(username, credential, roles);
}
return putUser(username, credential); // w/o role makes not much sense, but succeeds login....
}
return null;
}
@Override
protected void loadUsers() throws IOException {
// don't load any users into MappedLoginService on startup
// we use loadUser for dynamic checking
}
}
Reference in New Issue View Git Blame Copy Permalink