diff --git a/source/net/yacy/http/YaCyLegacyCredential.java b/source/net/yacy/http/YaCyLegacyCredential.java
index 39d14e570..6128d701a 100644
--- a/source/net/yacy/http/YaCyLegacyCredential.java
+++ b/source/net/yacy/http/YaCyLegacyCredential.java
@@ -26,7 +26,6 @@ package net.yacy.http;
import net.yacy.cora.order.Base64Order;
import net.yacy.cora.order.Digest;
-import net.yacy.kelondro.util.MapTools;
import org.eclipse.jetty.util.security.Credential;
@@ -38,28 +37,22 @@ public class YaCyLegacyCredential extends Credential {
private static final long serialVersionUID = -3527894085562480001L;
private String hash;
-
- /**
- * public static final String ADMIN_ACCOUNT_B64MD5 = "adminAccountBase64MD5"
- * Name of the setting holding the authentication hash for the static admin-account. It is calculated
- * by first encoding username:password as Base64 and hashing it using {@link MapTools#encodeMD5Hex(String)}.
- */
- public static final String ADMIN_ACCOUNT_B64MD5 = "adminAccountBase64MD5";
-
+ private String foruser; // remember the user as YaCy credential is username:pwd (not just pwd)
+
/**
* internal hash function
* @param clear password
* @return hash string
*/
private static String calcHash(String pw) {
- return Digest.encodeMD5Hex(Base64Order.standardCoder.encodeString("admin:" + pw));
+ return Digest.encodeMD5Hex(Base64Order.standardCoder.encodeString(pw));
}
@Override
public boolean check(Object credentials) {
if(credentials instanceof String) {
final String pw = (String) credentials;
- return calcHash(pw).equals(this.hash);
+ return calcHash(foruser+":"+pw).equals(this.hash);
}
throw new UnsupportedOperationException();
}
@@ -69,8 +62,9 @@ public class YaCyLegacyCredential extends Credential {
* @param configHash hash as in config file
* @return
*/
- public static Credential getCredentialsFromConfig(String configHash) {
+ public static Credential getCredentialsFromConfig(String user, String configHash) {
YaCyLegacyCredential c = new YaCyLegacyCredential();
+ c.foruser=user;
c.hash = configHash;
return c;
}
@@ -80,9 +74,10 @@ public class YaCyLegacyCredential extends Credential {
* @param password
* @return
*/
- public static Credential getCredentials(String password) {
+ public static Credential getCredentials(String user, String password) {
YaCyLegacyCredential c = new YaCyLegacyCredential();
- c.hash = calcHash(password);
+ c.foruser=user;
+ c.hash = calcHash(user + ":" + password);
return c;
}
diff --git a/source/net/yacy/http/YaCyLoginService.java b/source/net/yacy/http/YaCyLoginService.java
index d4a4faf01..d44b58cf0 100644
--- a/source/net/yacy/http/YaCyLoginService.java
+++ b/source/net/yacy/http/YaCyLoginService.java
@@ -30,6 +30,7 @@ import java.security.Principal;
import javax.security.auth.Subject;
import net.yacy.search.Switchboard;
+import net.yacy.search.SwitchboardConstants;
import org.eclipse.jetty.security.IdentityService;
import org.eclipse.jetty.security.MappedLoginService;
@@ -43,12 +44,18 @@ public class YaCyLoginService extends MappedLoginService {
@Override
protected UserIdentity loadUser(String username) {
- if(username.equals("admin")) {
+ /*if(username.equals("admin"))*/ {
// TODO: implement legacy credentials
final Switchboard sb = Switchboard.getSwitchboard();
- final String adminAccountBase64MD5 = sb.getConfig(YaCyLegacyCredential.ADMIN_ACCOUNT_B64MD5, "");
- Credential credential = YaCyLegacyCredential.getCredentialsFromConfig(adminAccountBase64MD5);
- Principal userPrincipal = new MappedLoginService.KnownUser("admin", credential);
+ final String adminAccountBase64MD5 = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
+ // in YaCy the credential hash is composed of username:pwd so the username is needed to create valid credential
+ // not just the password (as usually in Jetty). As the accountname for the std. adminuser is not stored a useridentity
+ // is created for current user (and the pwd checked against the stored username:pwd setting)
+ Credential credential = YaCyLegacyCredential.getCredentialsFromConfig(username, adminAccountBase64MD5);
+ // TODO: YaCy user:pwd hashes should longterm likely be switched to separable username + pwd-hash entries
+ // and/or the standard admin account username shuld be fix = "admin"
+
+ Principal userPrincipal = new MappedLoginService.KnownUser(username, credential);
Subject subject = new Subject();
subject.getPrincipals().add(userPrincipal);
subject.getPrivateCredentials().add(credential);
@@ -56,7 +63,7 @@ public class YaCyLoginService extends MappedLoginService {
IdentityService is = getIdentityService();
return is.newUserIdentity(subject, userPrincipal, new String[]{"admin"});
}
- return null;
+ // return null;
}
@Override
diff --git a/source/net/yacy/yacy.java b/source/net/yacy/yacy.java
index 571e0691a..90fd9abc3 100644
--- a/source/net/yacy/yacy.java
+++ b/source/net/yacy/yacy.java
@@ -358,7 +358,7 @@ public final class yacy {
final String browserPopUpPage = sb.getConfig(SwitchboardConstants.BROWSER_POP_UP_PAGE, "ConfigBasic.html");
//boolean properPW = (sb.getConfig("adminAccount", "").isEmpty()) && (sb.getConfig(httpd.ADMIN_ACCOUNT_B64MD5, "").length() > 0);
//if (!properPW) browserPopUpPage = "ConfigBasic.html";
- Browser.openBrowser((httpServer.withSSL()?"https://localhost:"+httpServer.getSslPort():"http://localhost:"+port) + "/" + browserPopUpPage);
+ Browser.openBrowser(("http://localhost:"+port) + "/" + browserPopUpPage);
// Browser.openBrowser((server.withSSL()?"https":"http") + "://localhost:" + serverCore.getPortNr(port) + "/" + browserPopUpPage);
} catch (final Throwable e) {
// cannot open browser. This may be normal in headless environments