boxtec
/
yacy_search_server
mirror of https://github.com/yacy/yacy_search_server
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

add call to AccessTracker to jetty security handler

Browse Source
pull/1/head
reger 12 years ago
parent 172aefaeeb
commit daebeb93aa
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File

7
source/net/yacy/http/YaCySecurityHandler.java
Unescape View File

@ -44,6 +44,7 @@ import org.eclipse.jetty.server.UserIdentity;
/** /**
* jetty security handler * jetty security handler
* demands authentication for pages with _p. inside * demands authentication for pages with _p. inside
* and updates AccessTracker
*/ */
public class YaCySecurityHandler extends SecurityHandler { public class YaCySecurityHandler extends SecurityHandler {
@ -143,11 +144,15 @@ public class YaCySecurityHandler extends SecurityHandler {
//final String adminAccountBase64MD5 = sb.getConfig(YaCyLegacyCredential.ADMIN_ACCOUNT_B64MD5, ""); //final String adminAccountBase64MD5 = sb.getConfig(YaCyLegacyCredential.ADMIN_ACCOUNT_B64MD5, "");
String refererHost; String refererHost;
// update AccessTracker
refererHost = request.getRemoteAddr();
sb.track(refererHost, pathInContext);
try { try {
refererHost = new MultiProtocolURL(request.getHeader("Referer")).getHost(); refererHost = new MultiProtocolURL(request.getHeader("Referer")).getHost();
} catch (MalformedURLException e) { } catch (MalformedURLException e) {
refererHost = null; refererHost = null;
} }
final boolean accessFromLocalhost = Domains.isLocalhost(request.getRemoteHost()) && (refererHost == null || refererHost.length() == 0 || Domains.isLocalhost(refererHost)); final boolean accessFromLocalhost = Domains.isLocalhost(request.getRemoteHost()) && (refererHost == null || refererHost.length() == 0 || Domains.isLocalhost(refererHost));
// ! note : accessFromLocalhost compares localhost ip pattern ( ! currently also any intranet host is a local host) // ! note : accessFromLocalhost compares localhost ip pattern ( ! currently also any intranet host is a local host)
final boolean grantedForLocalhost = adminAccountForLocalhost && accessFromLocalhost; final boolean grantedForLocalhost = adminAccountForLocalhost && accessFromLocalhost;

Write Preview
Loading…
Cancel
Save