provide a virtuell Headerfield IS_ADMIN.

This allows Serverlets to check Admin Status. http://www.yacy-forum.de/viewtopic.php?t=1003 git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@566 6c8d7289-2bf4-0310-a012-ef5d649a1542
20 years ago · 41aa3ae72e
parent 4cb382decb
commit 41aa3ae72e
1 changed files with 10 additions and 1 deletions
--- a/source/de/anomic/http/httpdFileHandler.java
+++ b/source/de/anomic/http/httpdFileHandler.java
@ -245,6 +245,15 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http
        // check permission/granted access
        String authorization = (String) requestHeader.get(httpHeader.AUTHORIZATION);
        String adminAccountBase64MD5 = switchboard.getConfig("adminAccountBase64MD5", "");
+		if( authorization != null && adminAccountBase64MD5.equals(serverCodings.standardCoder.encodeMD5Hex(authorization.trim().substring(6))) ){
+            requestHeader.put("IS_ADMIN", "true");
+		}else{
+			//WARNING: This Line ist very Important, do not remove!
+			//It resetzt the virtuel header to false, so nobody can provide
+			//a real header IS_ADMIN: true to gain adminrights
+            requestHeader.put("IS_ADMIN", "false");
+        }
+
        if ((path.endsWith("_p.html")) && (adminAccountBase64MD5.length() != 0)) {
            // authentication required
            if (authorization == null) {
@ -253,7 +262,7 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http
                headers.put(httpHeader.WWW_AUTHENTICATE,"Basic realm=\"admin log-in\"");
                httpd.sendRespondHeader(conProp,out,httpVersion,401,headers);
                return;
-            } else if (adminAccountBase64MD5.equals(serverCodings.standardCoder.encodeMD5Hex(authorization.trim().substring(6)))) {
+            } else if (requestHeader.get("IS_ADMIN", "false") == "true") {
                // remove brute-force flag
                serverCore.bfHost.remove(conProp.getProperty("CLIENTIP"));
            } else {