From 41aa3ae72ef511eeb39473e71ad92a7842b098b1 Mon Sep 17 00:00:00 2001
From: allo <allo@6c8d7289-2bf4-0310-a012-ef5d649a1542>
Date: Sat, 20 Aug 2005 21:22:05 +0000
Subject: [PATCH] provide a virtuell Headerfield IS_ADMIN. This allows
 Serverlets to check Admin Status.
 http://www.yacy-forum.de/viewtopic.php?t=1003

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@566 6c8d7289-2bf4-0310-a012-ef5d649a1542
---
 source/de/anomic/http/httpdFileHandler.java | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/source/de/anomic/http/httpdFileHandler.java b/source/de/anomic/http/httpdFileHandler.java
index 827f31a8f..3918d5da4 100644
--- a/source/de/anomic/http/httpdFileHandler.java
+++ b/source/de/anomic/http/httpdFileHandler.java
@@ -245,6 +245,15 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http
         // check permission/granted access
         String authorization = (String) requestHeader.get(httpHeader.AUTHORIZATION);
         String adminAccountBase64MD5 = switchboard.getConfig("adminAccountBase64MD5", "");
+		if( authorization != null && adminAccountBase64MD5.equals(serverCodings.standardCoder.encodeMD5Hex(authorization.trim().substring(6))) ){
+            requestHeader.put("IS_ADMIN", "true");
+		}else{
+			//WARNING: This Line ist very Important, do not remove!
+			//It resetzt the virtuel header to false, so nobody can provide
+			//a real header IS_ADMIN: true to gain adminrights
+            requestHeader.put("IS_ADMIN", "false");
+        }
+
         if ((path.endsWith("_p.html")) && (adminAccountBase64MD5.length() != 0)) {
             // authentication required
             if (authorization == null) {
@@ -253,7 +262,7 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http
                 headers.put(httpHeader.WWW_AUTHENTICATE,"Basic realm=\"admin log-in\"");
                 httpd.sendRespondHeader(conProp,out,httpVersion,401,headers);
                 return;
-            } else if (adminAccountBase64MD5.equals(serverCodings.standardCoder.encodeMD5Hex(authorization.trim().substring(6)))) {
+            } else if (requestHeader.get("IS_ADMIN", "false") == "true") {
                 // remove brute-force flag
                 serverCore.bfHost.remove(conProp.getProperty("CLIENTIP"));
             } else {