simplified editing of server authentication.
as changes to server.properties are now immediately read and accessible from the manage-application we just have a md5-encoding utility and leave it to the admin to add the values to the server.properties file. this makes sure that nothing can be changed via the web. changes to allowadmin are effective immediately too.
This commit is contained in:
stefanp
parent
cd8ebdd41b
commit
7bd5803a33
4 changed files with 24 additions and 36 deletions
|
|
@ -15,6 +15,7 @@ function scheduler() {
|
||||||
*/
|
*/
|
||||||
function onStart() {
|
function onStart() {
|
||||||
app.data.addressFilter = createAddressFilter();
|
app.data.addressFilter = createAddressFilter();
|
||||||
|
app.data.addressString = root.getProperty ("allowadmin");
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -75,9 +76,9 @@ function appStat () {
|
||||||
* utility function to sort object-arrays by name
|
* utility function to sort object-arrays by name
|
||||||
*/
|
*/
|
||||||
function sortByName(a,b) {
|
function sortByName(a,b) {
|
||||||
if ( a.getName () > b.getName ())
|
if (a.name > b.name)
|
||||||
return 1;
|
return 1;
|
||||||
else if (a.getName () == b.getName ())
|
else if (a.name == b.name)
|
||||||
return 0;
|
return 0;
|
||||||
else
|
else
|
||||||
return -1;
|
return -1;
|
||||||
|
|
@ -141,6 +142,12 @@ function checkAuth(appObj) {
|
||||||
* check access to the manage-app by ip-addresses
|
* check access to the manage-app by ip-addresses
|
||||||
*/
|
*/
|
||||||
function checkAddress() {
|
function checkAddress() {
|
||||||
|
// if allowadmin value in server.properties has changed,
|
||||||
|
// re-construct the addressFilter
|
||||||
|
if (app.data.addressString != root.getProperty ("allowadmin")){
|
||||||
|
app.data.addressFilter = createAddressFilter();
|
||||||
|
app.data.addressString = root.getProperty ("allowadmin");
|
||||||
|
}
|
||||||
if ( !app.data.addressFilter.matches(java.net.InetAddress.getByName(req.data.http_remotehost)) ) {
|
if ( !app.data.addressFilter.matches(java.net.InetAddress.getByName(req.data.http_remotehost)) ) {
|
||||||
app.log("denied request from " + req.data.http_remotehost );
|
app.log("denied request from " + req.data.http_remotehost );
|
||||||
// forceStealth seems a bit like overkill here.
|
// forceStealth seems a bit like overkill here.
|
||||||
|
|
@ -181,32 +188,21 @@ function createAuth() {
|
||||||
}
|
}
|
||||||
var obj = new Object();
|
var obj = new Object();
|
||||||
obj.msg = "";
|
obj.msg = "";
|
||||||
|
if (req.data.username!=null && req.data.password!=null) {
|
||||||
if ( req.data.username!=null && req.data.password!=null && req.data.password2!=null ) {
|
|
||||||
// we have input from webform
|
// we have input from webform
|
||||||
if ( req.data.username=="" )
|
if ( req.data.username=="" )
|
||||||
obj.msg += "username can't be left empty!<br>";
|
obj.msg += "username can't be left empty!<br>";
|
||||||
if ( req.data.password=="" )
|
if ( req.data.password=="" )
|
||||||
obj.msg += "password can't be left empty!<br>";
|
obj.msg += "password can't be left empty!<br>";
|
||||||
else if ( req.data.password!=req.data.password2 )
|
|
||||||
obj.msg += "password and re-typed password don't match!<br>";
|
|
||||||
if ( obj.msg!="" ) {
|
if ( obj.msg!="" ) {
|
||||||
obj.username = req.data.username;
|
obj.username = req.data.username;
|
||||||
res.reset();
|
res.reset();
|
||||||
renderSkin("pwdform",obj);
|
renderSkin("pwdform",obj);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
var f = new File(root.getHopHome().toString, "server.properties");
|
var str = "adminUsername=" + Packages.helma.util.MD5Encoder.encode(req.data.username) + "<br>\n";
|
||||||
var str = f.readAll();
|
str += "adminPassword=" + Packages.helma.util.MD5Encoder.encode(req.data.password) + "<br>";
|
||||||
var sep = java.lang.System.getProperty("line.separator");
|
res.write ("<pre>" + str + "</pre>");
|
||||||
str += sep + "adminUsername=" + Packages.helma.util.MD5Encoder.encode(req.data.username) + sep;
|
|
||||||
str += "adminPassword=" + Packages.helma.util.MD5Encoder.encode(req.data.password) + sep;
|
|
||||||
f.remove();
|
|
||||||
f.open();
|
|
||||||
f.write(str);
|
|
||||||
f.close();
|
|
||||||
app.log( req.data.http_remotehost + " saved new adminUsername/adminPassword to server.properties");
|
|
||||||
res.redirect ( root.href("main") );
|
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
// no input from webform, so print it
|
// no input from webform, so print it
|
||||||
|
|
|
||||||
|
|
@ -24,3 +24,7 @@
|
||||||
<li><a href="http://adele.helma.org/source/cvsweb.cgi/?cvsroot=hop">cvs</a><br/>
|
<li><a href="http://adele.helma.org/source/cvsweb.cgi/?cvsroot=hop">cvs</a><br/>
|
||||||
<li><a href="http://helma.org/download/">download</a><br/>
|
<li><a href="http://helma.org/download/">download</a><br/>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<li><a href="<% root.href action="makekey" %>">generate server password</a>
|
||||||
|
</p>
|
||||||
|
|
@ -1,26 +1,21 @@
|
||||||
<body bgcolor="white">
|
<body bgcolor="white">
|
||||||
|
|
||||||
<table width="500" border="0" cellspacing="1" cellpadding="5" bgcolor="#000000">
|
<table width="500" border="0" cellspacing="0" cellpadding="5" bgcolor="#000000">
|
||||||
<tr>
|
<tr>
|
||||||
<td width="500" align="left" valign="top" bgcolor="#ffffff">
|
<td width="500" align="left" valign="top" bgcolor="#ffffff">
|
||||||
|
|
||||||
<big>Username and password for helma's manager:</big><br>
|
<big>Username and password for helma's manager:</big><br>
|
||||||
|
|
||||||
<p>Please choose an username and password combination to access the
|
<p>Please choose an username and password combination to access the
|
||||||
manage application of this server. They will be appended md5-encoded
|
manage application of this server. They will be printed md5-encoded
|
||||||
to the server.properties file. You can change the settings manually
|
in a format that you've got to copy/paste into the server.properties
|
||||||
by editing the server.properties file or through this webinterface
|
file.</p>
|
||||||
in manage/makekey (from localhost only!).</p>
|
|
||||||
<p>This is a stupid script and doesn't check wheter these properties
|
|
||||||
are already set in this file. So if you've already set username and
|
|
||||||
password you need to delete the old values manually.</p>
|
|
||||||
|
|
||||||
<font color="red"><% param.msg %></font>
|
<font color="red"><% param.msg %></font>
|
||||||
<form method="post">
|
<form method="post">
|
||||||
<input class="formEl" name="username" size="25" value="<% param.username %>"> (username)<br>
|
<input class="formEl" name="username" size="25" value="<% param.username %>"> (username)<br>
|
||||||
<input class="formEl" type="password" name="password" size="25"> (password)<br>
|
<input class="formEl" name="password" size="25"> (password)<br>
|
||||||
<input class="formEl" type="password" name="password2" size="25"> (password retyped)<br><br>
|
<input class="formEl" type="submit" value="md5 encode"><br>
|
||||||
<input class="formEl" type="submit" value="save to server.properties"><br>
|
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
<p><b>Warning:</b> The used http-authorization transmits username and password
|
<p><b>Warning:</b> The used http-authorization transmits username and password
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,3 @@
|
||||||
|
|
||||||
//// strictly limit access to localhost:
|
|
||||||
//if ( req.data.http_remotehost!="localhost" && req.data.http_remotehost!="127.0.0.1" ) {
|
|
||||||
// app.logEvent( req.data.http_remotehost + " tried to access makekey");
|
|
||||||
// return;
|
|
||||||
//}
|
|
||||||
|
|
||||||
if ( checkAuth()==false )
|
if ( checkAuth()==false )
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue