add call to AccessTracker to jetty security handler

pull/1/head
reger 12 years ago
parent 172aefaeeb
commit daebeb93aa

@ -44,6 +44,7 @@ import org.eclipse.jetty.server.UserIdentity;
/**
* jetty security handler
* demands authentication for pages with _p. inside
* and updates AccessTracker
*/
public class YaCySecurityHandler extends SecurityHandler {
@ -143,11 +144,15 @@ public class YaCySecurityHandler extends SecurityHandler {
//final String adminAccountBase64MD5 = sb.getConfig(YaCyLegacyCredential.ADMIN_ACCOUNT_B64MD5, "");
String refererHost;
// update AccessTracker
refererHost = request.getRemoteAddr();
sb.track(refererHost, pathInContext);
try {
refererHost = new MultiProtocolURL(request.getHeader("Referer")).getHost();
} catch (MalformedURLException e) {
refererHost = null;
}
}
final boolean accessFromLocalhost = Domains.isLocalhost(request.getRemoteHost()) && (refererHost == null || refererHost.length() == 0 || Domains.isLocalhost(refererHost));
// ! note : accessFromLocalhost compares localhost ip pattern ( ! currently also any intranet host is a local host)
final boolean grantedForLocalhost = adminAccountForLocalhost && accessFromLocalhost;

Loading…
Cancel
Save