From 99062c0c9e2112bd46ebf50a3275c41922297991 Mon Sep 17 00:00:00 2001
From: theli <theli@6c8d7289-2bf4-0310-a012-ef5d649a1542>
Date: Sat, 9 Jun 2007 15:49:04 +0000
Subject: [PATCH] *) SOAP should support authentication against the user-DB now
 (requested by KoH)

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@3846 6c8d7289-2bf4-0310-a012-ef5d649a1542
---
 source/de/anomic/soap/AbstractService.java | 26 +++++++++++++++++-----
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/source/de/anomic/soap/AbstractService.java b/source/de/anomic/soap/AbstractService.java
index 9643643ac..a9bb37393 100644
--- a/source/de/anomic/soap/AbstractService.java
+++ b/source/de/anomic/soap/AbstractService.java
@@ -59,8 +59,10 @@ import org.apache.axis.message.SOAPHeaderElement;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
+import de.anomic.data.userDB;
 import de.anomic.http.httpHeader;
 import de.anomic.http.httpd;
+import de.anomic.plasma.plasmaSwitchboard;
 import de.anomic.server.serverSwitch;
 
 public abstract class AbstractService {
@@ -111,15 +113,27 @@ public abstract class AbstractService {
         
         // getting the proper soap header containing the authorization field
         SOAPHeaderElement authElement = envelope.getHeaderByName(httpdSoapHandler.serviceHeaderNamespace, "Authorization");
-        if (authElement != null) {        
+        if (authElement != null) {     
+            String adminAccountBase64MD5 = this.switchboard.getConfig(httpd.ADMIN_ACCOUNT_B64MD5,"");        	
+        	
             // the base64 encoded and md5 hashed authentication string 
             String authString = authElement.getValue();
+            if (authString.length() == 0) throw new AxisFault("log-in required");
+
+            // validate MD5 hash against the user-DB
+            SOAPHeaderElement userElement = envelope.getHeaderByName(httpdSoapHandler.serviceHeaderNamespace, "Username");
+            if (userElement != null) {
+            	String userName = userElement.getValue();
+            	userDB.Entry userEntry = ((plasmaSwitchboard)this.switchboard).userDB.md5Auth(userName,authString);
+            	if (userEntry.hasRight(userDB.Entry.SOAP_RIGHT))
+            		// we need to return the ADMIN_ACCOUNT_B64MD5 here because some servlets also do 
+            		// user/admin authentication
+            		return adminAccountBase64MD5;
+            }
             
-            String adminAccountBase64MD5 = this.switchboard.getConfig(httpd.ADMIN_ACCOUNT_B64MD5,"");
-            if (authString.length() == 0) {
-                throw new AxisFault("log-in required");
-            } else if (!(adminAccountBase64MD5.equals(authString))) {
-                throw new AxisFault("log-in required");
+            // validate MD5 hash against the static-admin account
+            if (!(adminAccountBase64MD5.equals(authString))) {
+            	throw new AxisFault("log-in required");
             }
             return adminAccountBase64MD5;
         }