From 351c2be68d31e89ace397e04fb3e8f81e25189b9 Mon Sep 17 00:00:00 2001
From: reger <reger18@arcor.de>
Date: Wed, 5 Mar 2014 02:59:27 +0100
Subject: [PATCH] fix: make sure adminAccount changes made via ConfigAccounts_p
 are effective immediately force to remove current credentials from knownuser
 cache

---
 htroot/ConfigAccounts_p.java                  |  8 +++++-
 .../net/yacy/http/Jetty8HttpServerImpl.java   | 26 +++++++++++++++++++
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/htroot/ConfigAccounts_p.java b/htroot/ConfigAccounts_p.java
index 5e3090e90..ab69bd2e5 100644
--- a/htroot/ConfigAccounts_p.java
+++ b/htroot/ConfigAccounts_p.java
@@ -38,6 +38,7 @@ import net.yacy.cora.protocol.RequestHeader;
 import net.yacy.cora.util.ConcurrentLog;
 import net.yacy.data.UserDB;
 import net.yacy.data.UserDB.AccessRight;
+import net.yacy.http.Jetty8HttpServerImpl;
 import net.yacy.search.Switchboard;
 import net.yacy.search.SwitchboardConstants;
 import net.yacy.server.serverObjects;
@@ -61,11 +62,16 @@ public class ConfigAccounts_p {
             int inputerror=0;
             // may be overwritten if new password is given
             if (user.length() > 0 && pw1.length() > 3 && pw1.equals(pw2)) {
+                String oldusername = env.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME,user);
                 // check passed. set account:
                 // old: // env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, Digest.encodeMD5Hex(Base64Order.standardCoder.encodeString(user + ":" + pw1)));
                 env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "MD5:"+Digest.encodeMD5Hex(user + ":" + sb.getConfig(SwitchboardConstants.ADMIN_REALM,"YaCy")+":"+ pw1));
                 env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT, "");
-                env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME,user);                
+                env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME,user);
+                // make sure server accepts new credentials
+                Jetty8HttpServerImpl jhttpserver = (Jetty8HttpServerImpl)sb.getHttpServer();
+                if (!user.equals(oldusername)) jhttpserver.removeUser(oldusername);
+                jhttpserver.resetUser(user);
             } else {
                 if (!localhostAccess) {
                     if (user.isEmpty()) {
diff --git a/source/net/yacy/http/Jetty8HttpServerImpl.java b/source/net/yacy/http/Jetty8HttpServerImpl.java
index 4d7c86842..e4894d630 100644
--- a/source/net/yacy/http/Jetty8HttpServerImpl.java
+++ b/source/net/yacy/http/Jetty8HttpServerImpl.java
@@ -48,6 +48,7 @@ import net.yacy.http.servlets.YaCyProxyServlet;
 import net.yacy.search.Switchboard;
 import net.yacy.search.SwitchboardConstants;
 import net.yacy.utils.PKCS12Tool;
+import org.eclipse.jetty.security.MappedLoginService;
 
 import org.eclipse.jetty.server.Connector;
 import org.eclipse.jetty.server.Handler;
@@ -316,6 +317,31 @@ public class Jetty8HttpServerImpl implements YaCyHttpServer {
         }.start();
     }
 
+    /**
+     * forces loginservice to reload user credentials
+     * (used after setting new pwd in cfg file/db)
+     * @param username
+     */
+    public void resetUser(String username) {
+        Jetty8YaCySecurityHandler hx = this.server.getChildHandlerByClass(Jetty8YaCySecurityHandler.class);
+        if (hx != null) {
+            YaCyLoginService loginservice = (YaCyLoginService) hx.getLoginService();
+            loginservice.loadUser(username);
+        }
+    }
+
+    /**
+     * removes user from knowuser cache of loginservice
+     * @param username
+     */
+    public void removeUser(String username) {
+        Jetty8YaCySecurityHandler hx = this.server.getChildHandlerByClass(Jetty8YaCySecurityHandler.class);
+        if (hx != null) {
+            YaCyLoginService loginservice = (YaCyLoginService) hx.getLoginService();
+            loginservice.removeUser(username);
+        }
+    }
+
     @Override
     public InetSocketAddress generateSocketAddress(String extendedPortString) throws SocketException {
         // parsing the port configuration