*) SOAP should support authentication against the user-DB now (requested by KoH)

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@3846 6c8d7289-2bf4-0310-a012-ef5d649a1542
18 years ago · 99062c0c9e
parent 339153d40e
commit 99062c0c9e
1 changed files with 20 additions and 6 deletions
--- a/source/de/anomic/soap/AbstractService.java
+++ b/source/de/anomic/soap/AbstractService.java
@ -59,8 +59,10 @@ import org.apache.axis.message.SOAPHeaderElement;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;

+import de.anomic.data.userDB;
 import de.anomic.http.httpHeader;
 import de.anomic.http.httpd;
+import de.anomic.plasma.plasmaSwitchboard;
 import de.anomic.server.serverSwitch;

 public abstract class AbstractService {
@ -111,15 +113,27 @@ public abstract class AbstractService {
        
        // getting the proper soap header containing the authorization field
        SOAPHeaderElement authElement = envelope.getHeaderByName(httpdSoapHandler.serviceHeaderNamespace, "Authorization");
-        if (authElement != null) {        
+        if (authElement != null) {     
+            String adminAccountBase64MD5 = this.switchboard.getConfig(httpd.ADMIN_ACCOUNT_B64MD5,"");        	
+        	
            // the base64 encoded and md5 hashed authentication string 
            String authString = authElement.getValue();
+            if (authString.length() == 0) throw new AxisFault("log-in required");
+
+            // validate MD5 hash against the user-DB
+            SOAPHeaderElement userElement = envelope.getHeaderByName(httpdSoapHandler.serviceHeaderNamespace, "Username");
+            if (userElement != null) {
+            	String userName = userElement.getValue();
+            	userDB.Entry userEntry = ((plasmaSwitchboard)this.switchboard).userDB.md5Auth(userName,authString);
+            	if (userEntry.hasRight(userDB.Entry.SOAP_RIGHT))
+            		// we need to return the ADMIN_ACCOUNT_B64MD5 here because some servlets also do 
+            		// user/admin authentication
+            		return adminAccountBase64MD5;
+            }
            
-            String adminAccountBase64MD5 = this.switchboard.getConfig(httpd.ADMIN_ACCOUNT_B64MD5,"");
-            if (authString.length() == 0) {
-                throw new AxisFault("log-in required");
-            } else if (!(adminAccountBase64MD5.equals(authString))) {
-                throw new AxisFault("log-in required");
+            // validate MD5 hash against the static-admin account
+            if (!(adminAccountBase64MD5.equals(authString))) {
+            	throw new AxisFault("log-in required");
            }
            return adminAccountBase64MD5;
        }