added flag to require that all web pages, even such without a "_p"

extension require authorization. (default off)

defaults/yacy.init

@@ -403,6 +403,13 @@ adminAccountUserName=admin
 # inaccessibility for installations on headless servers.
 adminAccountForLocalhost=true
 
+# adminAccountAllPages: if set to false, then all pages without the extension "_p" are
+# accessible without authorization. Some servlets may individually decide to use or request
+# administration rights. If adminAccountAllPages is set to true, then administration
+# rights are needed to access all pages without any exception. Setting adminAccountAllPages
+# to true therefore closes the YaCy web pages for everyone.
+adminAccountAllPages=false
+
 # adminRealm: a internal name (like a group name) for the login setting of the admin frontend
 # ATTENTION: changing this name will invalidate all currently password hashes
 # - With DIGEST authentication mode is this realm name of generated password hashes

source/net/yacy/http/Jetty8YaCySecurityHandler.java

@@ -65,7 +65,8 @@ public class Jetty8YaCySecurityHandler extends ConstraintSecurityHandler {
     @Override
     protected RoleInfo prepareConstraintInfo(String pathInContext, Request request) {
         final Switchboard sb = Switchboard.getSwitchboard();
-        final boolean adminAccountForLocalhost = sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false);
+        final boolean adminAccountGrantedForLocalhost = sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false);
+        final boolean adminAccountNeededForAllPages = sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_All_PAGES, false);
         //final String adminAccountBase64MD5 = sb.getConfig(YaCyLegacyCredential.ADMIN_ACCOUNT_B64MD5, "");
 
         String refererHost;
@@ -80,8 +81,8 @@ public class Jetty8YaCySecurityHandler extends ConstraintSecurityHandler {
         }                          
         final boolean accessFromLocalhost = Domains.isLocalhost(request.getRemoteHost()) && (refererHost == null || refererHost.length() == 0 || Domains.isLocalhost(refererHost));
         // ! note : accessFromLocalhost compares localhost ip pattern
-        final boolean grantedForLocalhost = adminAccountForLocalhost && accessFromLocalhost;
-        boolean protectedPage = (pathInContext.indexOf("_p.") > 0);
+        final boolean grantedForLocalhost = adminAccountGrantedForLocalhost && accessFromLocalhost;
+        boolean protectedPage = adminAccountNeededForAllPages || (pathInContext.indexOf("_p.") > 0);
         // check "/gsa" and "/solr" if not publicSearchpage
         if (!protectedPage && !sb.getConfigBool("publicSearchpage", true)) { 
             protectedPage = pathInContext.startsWith("/solr/") || pathInContext.startsWith("/gsa/");                        

source/net/yacy/search/SwitchboardConstants.java

@@ -47,6 +47,7 @@ public final class SwitchboardConstants {
     public static final String ADMIN_ACCOUNT_B64MD5         = "adminAccountBase64MD5";
     public static final String ADMIN_ACCOUNT_USER_NAME      = "adminAccountUserName"; // by default 'admin'
     public static final String ADMIN_ACCOUNT_FOR_LOCALHOST  = "adminAccountForLocalhost";
+    public static final String ADMIN_ACCOUNT_All_PAGES      = "adminAccountAllPages";
     public static final String ADMIN_REALM                  = "adminRealm";
     
     public static final int   CRAWLJOB_SYNC = 0;