boxtec
/
yacy_search_server
mirror of https://github.com/yacy/yacy_search_server
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

removed concept of empty passwords as "no passwords used",

Browse Source 
because we now start YaCy with a default password (yacy).
This has impact of all function that check the current state of
password-protection that included the empty password situation,
including the warnings to set a password in case that none is set (which
cannot be the case any more).
pull/603/head
Michael Peter Christen 1 year ago
parent 2c60ff14bb
commit 4308aa5415
7 changed files with 49 additions and 79 deletions
Show Stats Download Patch File Download Diff File

37
htroot/ConfigAccounts_p.html
Unescape View File

@ -8,7 +8,7 @@
#%env/templates/header.template%# #%env/templates/header.template%#
#%env/templates/submenuUseCaseAccount.template%# #%env/templates/submenuUseCaseAccount.template%#
<h2>User Administration</h2> <h2>User Administration</h2>
<!-- Page 1: Results --> <!-- Page 1: Results -->
#(text)# #(text)#
:: ::
@ -26,23 +26,28 @@
:: ::
<p class="error">Username already used (not allowed).</p> <p class="error">Username already used (not allowed).</p>
#(/error)# #(/error)#
#(passwordNotSetWarning)#::<div class="error">No password is set for the administration account. Please define a password for the admin account.</div>#(/passwordNotSetWarning)# #(changedfltpw)#::
<div class="alert alert-danger" role="alert">
<b>WARNING</b> This YaCy instance can be administered with the account "admin" and the default password "yacy".
Change the password as soon as possible!
</div>
#(/changedfltpw)#
<fieldset><legend>Admin Account</legend> <fieldset><legend>Admin Account</legend>
<form action="ConfigAccounts_p.html" method="post" accept-charset="UTF-8"> <form action="ConfigAccounts_p.html" method="post" accept-charset="UTF-8">
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/> <input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
<fieldset> <fieldset>
<legend> <legend>
<input type="radio" name="access" id="access_localhost" value="localhost"#(localhost.checked)#:: checked="checked"#(/localhost.checked)# /> <input type="radio" name="access" id="access_localhost" value="localhost"#(localhost.checked)#:: checked="checked"#(/localhost.checked)# />
<label for="access_localhost">Access from localhost without account</label> <label for="access_localhost">Access from localhost without account</label>
</legend> </legend>
Access to your peer from your own computer (localhost access) is granted with administrator rights. No need to configure an administration account. Access to your peer from your own computer (localhost access) is granted with administrator rights. No need to configure an administration account.
<div class="alert alert-warning" role="alert"> <div class="alert alert-warning" role="alert">
This setting is convenient but less secure than using a qualified admin account. This setting is convenient but less secure than using a qualified admin account.
Please use with care, notably when you browse untrusted and potentially malicious websites while running your YaCy peer on the same computer. Please use with care, notably when you browse untrusted and potentially malicious websites while running your YaCy peer on the same computer.
</div> </div>
</fieldset> </fieldset>
<fieldset> <fieldset>
<legend> <legend>
<input type="radio" name="access" id="access_account" value="account"#(account.checked)#:: checked="checked"#(/account.checked)# /> <input type="radio" name="access" id="access_account" value="account"#(account.checked)#:: checked="checked"#(/account.checked)# />
@ -62,22 +67,22 @@
</fieldset> </fieldset>
</form> </form>
</fieldset> </fieldset>
<fieldset><legend>Access Rules</legend> <fieldset><legend>Access Rules</legend>
<form action="ConfigAccounts_p.html" method="post" accept-charset="UTF-8"> <form action="ConfigAccounts_p.html" method="post" accept-charset="UTF-8">
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/> <input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
<dl class="userConfig"> <dl class="userConfig">
<dt>Protection of all pages: if set to on, access to all pages need authorization; if off, only pages with "_p" extension are protected.</dt> <dt>Protection of all pages: if set to on, access to all pages need authorization; if off, only pages with "_p" extension are protected.</dt>
<dd><input type="checkbox" name="adminAccountAllPages" data-size="small"#(adminAccountAllPages.checked)#:: checked="checked"#(/adminAccountAllPages.checked)#></dd> <dd><input type="checkbox" name="adminAccountAllPages" data-size="small"#(adminAccountAllPages.checked)#:: checked="checked"#(/adminAccountAllPages.checked)#></dd>
<script>$("[name='adminAccountAllPages']").bootstrapSwitch(); <script>$("[name='adminAccountAllPages']").bootstrapSwitch();
$("[name='adminAccountAllPages']").bootstrapSwitch('onText', 'ON'); $("[name='adminAccountAllPages']").bootstrapSwitch('onText', 'ON');
$("[name='adminAccountAllPages']").bootstrapSwitch('offText', 'OFF');</script> $("[name='adminAccountAllPages']").bootstrapSwitch('offText', 'OFF');</script>
<dt></dt> <dt></dt>
<dd><input type="submit" name="setAccess" value="Set Access Rules" class="btn btn-primary"/></dd> <dd><input type="submit" name="setAccess" value="Set Access Rules" class="btn btn-primary"/></dd>
</dl> </dl>
</form> </form>
</fieldset> </fieldset>
<fieldset><legend>User Accounts</legend> <fieldset><legend>User Accounts</legend>
<form action="ConfigAccounts_p.html" method="post" accept-charset="UTF-8"> <form action="ConfigAccounts_p.html" method="post" accept-charset="UTF-8">
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/> <input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
@ -98,7 +103,7 @@
</dl> </dl>
</fieldset> </fieldset>
</form> </form>
<form action="ConfigAccounts_p.html" method="post" accept-charset="UTF-8"> <form action="ConfigAccounts_p.html" method="post" accept-charset="UTF-8">
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/> <input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
<fieldset><legend>Edit current user: #[username]#</legend> <fieldset><legend>Edit current user: #[username]#</legend>
@ -118,11 +123,9 @@
<dt><label for="address">Address</label>:</dt> <dt><label for="address">Address</label>:</dt>
<dd><input type="text" id="address" name="address" value="#[address]#" /></dd> <dd><input type="text" id="address" name="address" value="#[address]#" /></dd>
<dt>Rights:</dt> <dt>Rights:</dt>
<dd> <dd>#{rights}#
#{rights}#
<input type="checkbox" id="#[name]#" name="#[name]#"#(set)#:: checked="checked"#(/set)# /><label for="#[name]#">#[friendlyName]# right</label><br /> <input type="checkbox" id="#[name]#" name="#[name]#"#(set)#:: checked="checked"#(/set)# /><label for="#[name]#">#[friendlyName]# right</label><br />
#{/rights}# #{/rights}#</dd>
</dd>
<dt><label for="tlimit">Timelimit</label>:</dt> <dt><label for="tlimit">Timelimit</label>:</dt>
<dd><input type="text" id="tlimit" name="timelimit" value="#[timelimit]#" /></dd> <dd><input type="text" id="tlimit" name="timelimit" value="#[timelimit]#" /></dd>
<dt><label for="tused">Time used</label>:</dt> <dt><label for="tused">Time used</label>:</dt>

31
htroot/Status_p.inc
Unescape View File

@ -14,22 +14,17 @@
<div>Processors: #[processors]#</div> <div>Processors: #[processors]#</div>
<div>Load: #[load]#</div> <div>Load: #[load]#</div>
<div>Threads: #[processesCurrentInclDaemon]#/#[processesCurrentOnlyDaemon]#, peak:#[processesPeak]#, total:#[processesTotal]#</div> <div>Threads: #[processesCurrentInclDaemon]#/#[processesCurrentOnlyDaemon]#, peak:#[processesPeak]#, total:#[processesTotal]#</div>
</dd> </dd>
<dt>Protection</dt> <dt>Protection</dt>
<dd>#(protection)# <dd>#(protection)#
<strong>Password is missing.</strong> <strong>Default password is not changed</strong>
<a href="ConfigAccounts_p.html">[Configure]</a>
:: ::
password-protected password-protected
#(/protection)# #(/protection)#
#(unrestrictedLocalAccess)#
::
<br />Unrestricted access from localhost.
#(/unrestrictedLocalAccess)#
<a href="ConfigAccounts_p.html">[Configure]</a>
</dd> </dd>
<dt>Address</dt> <dt>Address</dt>
<dd>Host: #[host]#:#[port]# #(extPortFormat)#::| (Binding to interface: #[extPort]#)#(/extPortFormat)# #(sslSupport)#::| SSL: <a href="ConfigBasic.html">enabled</a> (port <a href="Settings_p.html?page=ProxyAccess">#[sslPort]#</a>)#(/sslSupport)#<br /> <dd>Host: #[host]#:#[port]# #(extPortFormat)#::| (Binding to interface: #[extPort]#)#(/extPortFormat)# #(sslSupport)#::| SSL: <a href="ConfigBasic.html">enabled</a> (port <a href="Settings_p.html?page=ProxyAccess">#[sslPort]#</a>)#(/sslSupport)#<br />
#(peerAddress)# #(peerAddress)#
@ -38,12 +33,12 @@
Public Address: http://#[address]#<br/> Public Address: http://#[address]#<br/>
YaCy Address: http://#[peername]#.yacy YaCy Address: http://#[peername]#.yacy
#(/peerAddress)#</dd> #(/peerAddress)#</dd>
#(portForwarding)#:: #(portForwarding)#::
<dt>Port Forwarding Host</dt> <dt>Port Forwarding Host</dt>
<dd>#[host]#:#[port]# (#(status)#broken::connected#(/status)#)</dd> <dd>#[host]#:#[port]# (#(status)#broken::connected#(/status)#)</dd>
#(/portForwarding)# #(/portForwarding)#
<dt>Proxy</dt> <dt>Proxy</dt>
<dd>Transparent <a href="Settings_p.html?page=ProxyAccess">#(info_isTransparentProxy)#on::off#(/info_isTransparentProxy)#</a>&nbsp;&nbsp; <dd>Transparent <a href="Settings_p.html?page=ProxyAccess">#(info_isTransparentProxy)#on::off#(/info_isTransparentProxy)#</a>&nbsp;&nbsp;
URL <a href="Settings_p.html?page=UrlProxyAccess">#(info_proxyURL)#on::off#(/info_proxyURL)#</a></dd> URL <a href="Settings_p.html?page=UrlProxyAccess">#(info_proxyURL)#on::off#(/info_proxyURL)#</a></dd>
@ -56,7 +51,7 @@
Enabled <a href="Status.html?popup=false">[Disable]</a> Enabled <a href="Status.html?popup=false">[Disable]</a>
#(/popup)# #(/popup)#
</dd> </dd>
<dt>Tray-Icon</dt> <dt>Tray-Icon</dt>
<dd> <dd>
#(tray)# #(tray)#
@ -67,7 +62,7 @@
<a href="ConfigProperties_p.html" onclick="alert('Set\ntray.icon.force = true\n\nWARNING:\nYou do this on your own risk. If you do this without YaCy running on a desktop-pc, this will possibly break startup. In this case, you will have to edit the configuration manually in DATA/SETTINGS/yacy.conf');">Experimental</a> <a href="ConfigProperties_p.html" onclick="alert('Set\ntray.icon.force = true\n\nWARNING:\nYou do this on your own risk. If you do this without YaCy running on a desktop-pc, this will possibly break startup. In this case, you will have to edit the configuration manually in DATA/SETTINGS/yacy.conf');">Experimental</a>
#(/tray)# #(/tray)#
</dd> </dd>
<dt><a href="PerformanceMemory_p.html">Memory Usage</a></dt> <dt><a href="PerformanceMemory_p.html">Memory Usage</a></dt>
<dd><table border="0" cellspacing="0"> <dd><table border="0" cellspacing="0">
<tr><td>RAM used:</td><td align="right">#[usedMemory]#</td></tr> <tr><td>RAM used:</td><td align="right">#[usedMemory]#</td></tr>
@ -75,13 +70,13 @@
<tr><td>DISK used:</td><td align="right">(approx.) #[usedDisk]#</td></tr> <tr><td>DISK used:</td><td align="right">(approx.) #[usedDisk]#</td></tr>
<tr><td>DISK free:</td><td align="right">#[freeDisk]#</td></tr> <tr><td>DISK free:</td><td align="right">#[freeDisk]#</td></tr>
</table></dd> </table></dd>
<dt>Traffic [<a href="Status.html?ResetTraffic=">Reset</a>]</dt> <dt>Traffic [<a href="Status.html?ResetTraffic=">Reset</a>]</dt>
<dd>Proxy: #[trafficProxy]#<br/>Crawler: #[trafficCrawler]#</dd> <dd>Proxy: #[trafficProxy]#<br/>Crawler: #[trafficCrawler]#</dd>
<dt><a href="Connections_p.html">Incoming Connections</a></dt> <dt><a href="Connections_p.html">Incoming Connections</a></dt>
<dd>Active: #[connectionsActive]# | Max: <a href="PerformanceQueues_p.html#ThreadPoolSettings">#[connectionsMax]#</a></dd> <dd>Active: #[connectionsActive]# | Max: <a href="PerformanceQueues_p.html#ThreadPoolSettings">#[connectionsMax]#</a></dd>
<dt><a href="Crawler_p.html">Queues</a></dt> <dt><a href="Crawler_p.html">Queues</a></dt>
<dd> <dd>
<a href="IndexCreateLoaderQueue_p.html">Loader Queue</a>: <a href="IndexCreateLoaderQueue_p.html">Loader Queue</a>:
@ -110,7 +105,7 @@
</tr> </tr>
</table> </table>
</dd> </dd>
<dt>Seed server</dt> <dt>Seed server</dt>
<dd> <dd>
#(seedServer)# #(seedServer)#
@ -124,7 +119,7 @@
Last upload: #[lastUpload]# ago. Last upload: #[lastUpload]# ago.
#(/seedServer)# #(/seedServer)#
</dd> </dd>
</dl> </dl>
</fieldset> </fieldset>
</div> </div>

10
source/net/yacy/data/TransactionManager.java
Unescape View File

@ -63,18 +63,14 @@ public class TransactionManager {
*/ */
private static String getUserName(final RequestHeader header) { private static String getUserName(final RequestHeader header) {
String userName = header.getRemoteUser(); String userName = header.getRemoteUser();
if (userName == null) userName = "admin"; // set a default to be able to create a transaction token
Switchboard sb = Switchboard.getSwitchboard(); Switchboard sb = Switchboard.getSwitchboard();
if (sb != null) { if (sb != null) {
final String adminAccountBase64MD5 = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, ""); final String adminAccountBase64MD5 = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
final String adminAccountUserName = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin"); final String adminAccountUserName = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin");
if (adminAccountBase64MD5.equals(sb.emptyPasswordAdminAccount)) {
// admin users with empty passwords do not need to authentify, thus do not have
// this header present. We just consider the name is "admin"
userName = adminAccountUserName;
}
if (userName == null && header.accessFromLocalhost()) { if (header.accessFromLocalhost()) {
if (sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)) { if (sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)) {
/* Unauthenticated local access as administrator can be enabled */ /* Unauthenticated local access as administrator can be enabled */
@ -134,7 +130,7 @@ public class TransactionManager {
/* Check this comes from an authenticated user */ /* Check this comes from an authenticated user */
final String userName = getUserName(header); final String userName = getUserName(header);
if (userName == null) { if (userName == null) {
throw new IllegalArgumentException("User is not authenticated"); throw new IllegalArgumentException("User is not authenticated");
} }
/* Produce a token by signing a message with the server secret key : /* Produce a token by signing a message with the server secret key :

7
source/net/yacy/htroot/ConfigAccounts_p.java
Unescape View File

@ -112,9 +112,10 @@ public class ConfigAccounts_p {
} }
} }
if (env.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").isEmpty() && !env.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)) { // set a warning in case that the default password was not changed
prop.put("passwordNotSetWarning", 1); String currpw = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
} String dfltpw = SwitchboardConstants.ADMIN_ACCOUNT_B64MD5_DEFAULT;
prop.put("changedfltpw", currpw.equals(dfltpw) ? "1" : "0");
prop.put(SwitchboardConstants.ADMIN_ACCOUNT_All_PAGES + ".checked", sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_All_PAGES, false) ? 1 : 0); prop.put(SwitchboardConstants.ADMIN_ACCOUNT_All_PAGES + ".checked", sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_All_PAGES, false) ? 1 : 0);
prop.put("localhost.checked", (localhostAccess) ? 1 : 0); prop.put("localhost.checked", (localhostAccess) ? 1 : 0);

12
source/net/yacy/htroot/Status.java
Unescape View File

@ -131,14 +131,10 @@ public class Status
prop.put("privateStatusTable", ""); prop.put("privateStatusTable", "");
} }
// password protection // password protection: set a warning in case that the default password was not changed
if ( (sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").isEmpty()) String currpw = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
&& (!sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)) ) { String dfltpw = SwitchboardConstants.ADMIN_ACCOUNT_B64MD5_DEFAULT;
prop.put("protection", "0"); // not protected prop.put("protection", currpw.equals(dfltpw) ? "0" : "1");
prop.put("urgentSetPassword", "1");
} else {
prop.put("protection", "1"); // protected
}
if ( sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false) ) { if ( sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false) ) {
prop.put("unrestrictedLocalAccess", 1); prop.put("unrestrictedLocalAccess", 1);

5
source/net/yacy/http/YaCySecurityHandler.java
Unescape View File

@ -84,10 +84,6 @@ public class YaCySecurityHandler extends ConstraintSecurityHandler {
// Pages suffixed with "_p" are by the way always considered protected // Pages suffixed with "_p" are by the way always considered protected
protectedPage = protectedPage || (pathInContext.indexOf("_p.") > 0); protectedPage = protectedPage || (pathInContext.indexOf("_p.") > 0);
// ..except that the password for the admin account is empty
final String adminAccountBase64MD5 = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
protectedPage = protectedPage && !adminAccountBase64MD5.equals(sb.emptyPasswordAdminAccount);
// check "/gsa" and "/solr" if not publicSearchpage // check "/gsa" and "/solr" if not publicSearchpage
if (!protectedPage && !sb.getConfigBool(SwitchboardConstants.PUBLIC_SEARCHPAGE, true)) { if (!protectedPage && !sb.getConfigBool(SwitchboardConstants.PUBLIC_SEARCHPAGE, true)) {
protectedPage = pathInContext.startsWith("/solr/") || pathInContext.startsWith("/gsa/"); protectedPage = pathInContext.startsWith("/solr/") || pathInContext.startsWith("/gsa/");
@ -98,6 +94,7 @@ public class YaCySecurityHandler extends ConstraintSecurityHandler {
return null; return null;
} else if (accessFromLocalhost) { } else if (accessFromLocalhost) {
// last chance to authorize using the admin from localhost // last chance to authorize using the admin from localhost
final String adminAccountBase64MD5 = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
final String credentials = request.getHeader(RequestHeader.AUTHORIZATION); final String credentials = request.getHeader(RequestHeader.AUTHORIZATION);
if (credentials != null && credentials.length() < 120 && credentials.startsWith("Basic ")) { // Basic credentials are short "Basic " + b64(user:pwd) if (credentials != null && credentials.length() < 120 && credentials.startsWith("Basic ")) { // Basic credentials are short "Basic " + b64(user:pwd)
final String foruser = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin"); final String foruser = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin");

26
source/net/yacy/search/Switchboard.java
Unescape View File

@ -316,7 +316,6 @@ public final class Switchboard extends serverSwitch {
private boolean startupAction = true; // this is set to false after the first event private boolean startupAction = true; // this is set to false after the first event
private static Switchboard sb; private static Switchboard sb;
public HashMap<String, Object[]> crawlJobsStatus = new HashMap<>(); public HashMap<String, Object[]> crawlJobsStatus = new HashMap<>();
public String emptyPasswordAdminAccount;
public Switchboard(final File dataPath, final File appPath, final String initPath, final String configPath) { public Switchboard(final File dataPath, final File appPath, final String initPath, final String configPath) {
super(dataPath, appPath, initPath, configPath); super(dataPath, appPath, initPath, configPath);
@ -449,9 +448,6 @@ public final class Switchboard extends serverSwitch {
} }
}.start(); }.start();
// define the "non-password password"
this.emptyPasswordAdminAccount = this.encodeDigestAuth(this.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME,"admin"), "");
// init the language detector // init the language detector
this.log.config("Loading language profiles"); this.log.config("Loading language profiles");
try { try {
@ -3907,13 +3903,10 @@ public final class Switchboard extends serverSwitch {
/** /**
* check authentication status for request access shall be granted if return value >= 2; these are the * check authentication status for request access shall be granted if return value >= 2; these are the
* cases where an access is granted to protected pages: * cases where an access is granted to protected pages:
* - a password is not configured: auth-level 2
* - access from localhost is granted and access comes from localhost: auth-level 3 * - access from localhost is granted and access comes from localhost: auth-level 3
* - a password is configured and access comes from localhost and the realm-value * - access comes from localhost and the realm-value
* of a http-authentify String is equal to the stored base64MD5: auth-level 3 * of a http-authentify String is equal to the stored base64MD5: auth-level 3
* - an empty password is configured an access comes from anywhere: auth-level 3 * - access comes with matching http-authentify: auth-level 4
* This may be used in cluster installations where the cluster has an outside protection but inside is none needed.
* - a password is configured and access comes with matching http-authentify: auth-level 4
* *
* @param requestHeader * @param requestHeader
* - requestHeader.AUTHORIZATION = B64encode("adminname:password") or = B64encode("adminname:valueOf_Base64MD5cft") * - requestHeader.AUTHORIZATION = B64encode("adminname:password") or = B64encode("adminname:valueOf_Base64MD5cft")
@ -3931,19 +3924,6 @@ public final class Switchboard extends serverSwitch {
return 4; // hard-authenticated, quick return return 4; // hard-authenticated, quick return
} }
// authorization in case that there is no account stored
final String adminAccountUserName = this.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin");
final String adminAccountBase64MD5 = this.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
if ( adminAccountBase64MD5.isEmpty() ) {
this.adminAuthenticationLastAccess = System.currentTimeMillis();
return 2; // no password stored; this should not happen for older peers
}
// authorization in case that administrators have stored an empty password; this authorizes all users as admin regardless of the give auth
if (adminAccountBase64MD5.equals(this.emptyPasswordAdminAccount)) {
return 3; // everyone is admin from everywhere
}
// authorization for localhost, only if flag is set to grant localhost access as admin // authorization for localhost, only if flag is set to grant localhost access as admin
final boolean accessFromLocalhost = requestHeader.accessFromLocalhost(); final boolean accessFromLocalhost = requestHeader.accessFromLocalhost();
if (accessFromLocalhost && this.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)) { if (accessFromLocalhost && this.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)) {
@ -3980,6 +3960,8 @@ public final class Switchboard extends serverSwitch {
} }
// authorization by encoded password, only for localhost access // authorization by encoded password, only for localhost access
final String adminAccountUserName = this.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin");
final String adminAccountBase64MD5 = this.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
final String pass = Base64Order.standardCoder.encodeString(adminAccountUserName + ":" + adminAccountBase64MD5); final String pass = Base64Order.standardCoder.encodeString(adminAccountUserName + ":" + adminAccountBase64MD5);
if ( accessFromLocalhost && (pass.equals(realmValue)) ) { // assume realmValue as is in cfg if ( accessFromLocalhost && (pass.equals(realmValue)) ) { // assume realmValue as is in cfg
this.adminAuthenticationLastAccess = System.currentTimeMillis(); this.adminAuthenticationLastAccess = System.currentTimeMillis();

Write Preview
Loading…
Cancel
Save