mirror of
https://github.com/yacy/yacy_search_server.git
synced 2024-09-21 00:00:13 +02:00
cb6d0c2113
- taking out customized SecurityHandler code as the original/default seems to just work fine - with this individual sec. constraints can be applied via web.xml (using legacy role names)
105 lines
4.3 KiB
Java
105 lines
4.3 KiB
Java
//
|
|
// YaCyLoginService
|
|
// Copyright 2011 by Florian Richter
|
|
// First released 16.04.2011 at http://yacy.net
|
|
//
|
|
// $LastChangedDate$
|
|
// $LastChangedRevision$
|
|
// $LastChangedBy$
|
|
//
|
|
// This library is free software; you can redistribute it and/or
|
|
// modify it under the terms of the GNU Lesser General Public
|
|
// License as published by the Free Software Foundation; either
|
|
// version 2.1 of the License, or (at your option) any later version.
|
|
//
|
|
// This library is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
// Lesser General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Lesser General Public License
|
|
// along with this program in the file lgpl21.txt
|
|
// If not, see <http://www.gnu.org/licenses/>.
|
|
//
|
|
|
|
package net.yacy.http;
|
|
|
|
import java.io.IOException;
|
|
import java.security.Principal;
|
|
|
|
import javax.security.auth.Subject;
|
|
|
|
import net.yacy.data.UserDB.AccessRight;
|
|
import net.yacy.data.UserDB.Entry;
|
|
import net.yacy.search.Switchboard;
|
|
import net.yacy.search.SwitchboardConstants;
|
|
|
|
import org.eclipse.jetty.security.IdentityService;
|
|
import org.eclipse.jetty.security.LoginService;
|
|
import org.eclipse.jetty.security.MappedLoginService;
|
|
import org.eclipse.jetty.server.UserIdentity;
|
|
import org.eclipse.jetty.util.security.Credential;
|
|
|
|
/**
|
|
* jetty login service, provides one admin user
|
|
*/
|
|
public class YaCyLoginService extends MappedLoginService implements LoginService {
|
|
|
|
@Override
|
|
public String getName() {
|
|
return "YaCy 'admin' Account (reset your password with bin/passwd.sh <new password>)";
|
|
}
|
|
|
|
@Override
|
|
protected UserIdentity loadUser(String username) {
|
|
|
|
final Switchboard sb = Switchboard.getSwitchboard();
|
|
String adminuser = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin");
|
|
if (username.equals(adminuser)) {
|
|
final String adminAccountBase64MD5 = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
|
|
// in YaCy the credential hash is composed of username:pwd so the username is needed to create valid credential
|
|
// not just the password (as usually in Jetty). As the accountname for the std. adminuser is not stored a useridentity
|
|
// is created for current user (and the pwd checked against the stored username:pwd setting)
|
|
Credential credential = YaCyLegacyCredential.getCredentialsFromConfig(username, adminAccountBase64MD5);
|
|
// TODO: YaCy user:pwd hashes should longterm likely be switched to separable username + pwd-hash entries
|
|
// and/or the standard admin account username shuld be fix = "admin"
|
|
|
|
Principal userPrincipal = new MappedLoginService.KnownUser(username, credential);
|
|
Subject subject = new Subject();
|
|
subject.getPrincipals().add(userPrincipal);
|
|
subject.getPrivateCredentials().add(credential);
|
|
subject.setReadOnly();
|
|
IdentityService is = getIdentityService();
|
|
return is.newUserIdentity(subject, userPrincipal, new String[]{AccessRight.ADMIN_RIGHT.toString()});
|
|
}
|
|
Entry user = sb.userDB.getEntry(username);
|
|
if (user != null) {
|
|
// assigning roles from userDB
|
|
String[] role = new String[AccessRight.values().length];
|
|
int i = 0;
|
|
for (final AccessRight right : AccessRight.values()) {
|
|
if (user.hasRight(right)) {
|
|
role[i] = right.toString();
|
|
i++;
|
|
}
|
|
}
|
|
Credential credential = YaCyLegacyCredential.getCredentials(username, user.getMD5EncodedUserPwd());
|
|
Principal userPrincipal = new MappedLoginService.KnownUser(username, credential);
|
|
Subject subject = new Subject();
|
|
subject.getPrincipals().add(userPrincipal);
|
|
subject.getPrivateCredentials().add(credential);
|
|
subject.setReadOnly();
|
|
IdentityService is = getIdentityService();
|
|
return is.newUserIdentity(subject, userPrincipal, role);
|
|
}
|
|
return null;
|
|
}
|
|
|
|
@Override
|
|
protected void loadUsers() throws IOException {
|
|
// don't load any users into MappedLoginService on startup
|
|
// we use loadUser for dynamic checking
|
|
}
|
|
|
|
}
|