improved addressFilter, switched to helma embedded md5-function
This commit is contained in:
stefanp
parent
cc36746efb
commit
6374ce94fc
1 changed files with 32 additions and 8 deletions
|
|
@ -10,19 +10,39 @@ function scheduler() {
|
|||
|
||||
|
||||
/**
|
||||
* initializes requestStat storage on startup
|
||||
* initializes app.requestStat storage on startup,
|
||||
* creates app.addressFilter
|
||||
*/
|
||||
function onStart() {
|
||||
app.requestStat = new HopObject();
|
||||
app.addressFilter = new Packages.helma.util.InetAddressFilter();
|
||||
app.addressFilter = createAddressFilter();
|
||||
}
|
||||
|
||||
/**
|
||||
* initializes addressFilter from app.properties,
|
||||
* hostnames are converted, wildcards are only allowed in ip-addresses
|
||||
* (so, no network-names, sorry)
|
||||
*/
|
||||
function createAddressFilter() {
|
||||
var filter = new Packages.helma.util.InetAddressFilter();
|
||||
var str = root.getProperty("allowadmin");
|
||||
if ( str!=null && str!="" ) {
|
||||
var arr = str.split(",");
|
||||
for ( var i in arr ) {
|
||||
var str = new java.lang.String(arr[i]);
|
||||
app.addressFilter.addAddress(str.trim());
|
||||
var result = tryEval("filter.addAddress(str.trim());");
|
||||
if ( result.error!=null ) {
|
||||
var str = java.net.InetAddress.getByName(str.trim()).getHostAddress();
|
||||
var result = tryEval("filter.addAddress(str);");
|
||||
}
|
||||
if ( result.error==null ) {
|
||||
app.__app__.logEvent( "allowed address for app manage: " + str );
|
||||
}
|
||||
}
|
||||
} else {
|
||||
app.__app__.logEvent("no addresses allowed for app manage, all access will be denied");
|
||||
}
|
||||
return filter;
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -92,8 +112,10 @@ function checkAuth(appObj) {
|
|||
var rootUsername = root.getProperty("adminusername");
|
||||
var rootPassword = root.getProperty("adminpassword");
|
||||
|
||||
if ( rootUsername==null || rootUsername=="" || rootPassword==null || rootPassword=="" )
|
||||
if ( rootUsername==null || rootUsername=="" || rootPassword==null || rootPassword=="" ) {
|
||||
app.__app__.logEvent("adminUsername or adminPassword not set in server.properties!");
|
||||
return forceStealth();
|
||||
}
|
||||
|
||||
var uname = req.getUsername();
|
||||
var pwd = req.getPassword();
|
||||
|
|
@ -101,8 +123,8 @@ function checkAuth(appObj) {
|
|||
if ( uname==null || uname=="" || pwd==null || pwd=="" )
|
||||
return forceAuth();
|
||||
|
||||
var md5username = calcMD5(uname);
|
||||
var md5password = calcMD5(pwd);
|
||||
var md5username = Packages.helma.util.MD5Encoder.encode(uname);
|
||||
var md5password = Packages.helma.util.MD5Encoder.encode(pwd);
|
||||
|
||||
if ( md5username==rootUsername && md5password==rootPassword )
|
||||
return true;
|
||||
|
|
@ -124,10 +146,12 @@ function checkAuth(appObj) {
|
|||
* check access to the base-app by ip-addresses
|
||||
*/
|
||||
function checkAddress() {
|
||||
if ( !app.addressFilter.matches(java.net.InetAddress.getByName(req.data.http_remotehost)) )
|
||||
if ( !app.addressFilter.matches(java.net.InetAddress.getByName(req.data.http_remotehost)) ) {
|
||||
app.__app__.logEvent("denied request from " + req.data.http_remotehost );
|
||||
return forceStealth();
|
||||
else
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue