提交 64a778cc authored 作者: Evgenij Ryazanov's avatar Evgenij Ryazanov

Add simple authentication to WebApp settings with clear-text password

上级 a9ed4558
......@@ -436,6 +436,7 @@ Supported settings are:
<ul><li><code>webAllowOthers</code>: allow other computers to connect.
</li><li><code>webPort</code>: the port of the H2 Console
</li><li><code>webSSL</code>: use encrypted TLS (HTTPS) connections.
</li><li><code>adminPassword</code>: password to access preferences and tools of H2 Console.
</li></ul>
<p>
In addition to those settings, the properties of the last recently used connection
......
......@@ -168,6 +168,14 @@ public class WebApp {
trace(file);
if (file.endsWith(".do")) {
file = process(file);
} else if (file.endsWith(".jsp")) {
switch (file) {
case "admin.jsp":
case "tools.jsp":
if (!checkAdmin(file)) {
file = process("adminLogin.do");
}
}
}
return file;
}
......@@ -207,46 +215,86 @@ public class WebApp {
private String process(String file) {
trace("process " + file);
while (file.endsWith(".do")) {
if ("login.do".equals(file)) {
switch (file) {
case "login.do":
file = login();
} else if ("index.do".equals(file)) {
break;
case "index.do":
file = index();
} else if ("logout.do".equals(file)) {
break;
case "logout.do":
file = logout();
} else if ("settingRemove.do".equals(file)) {
break;
case "settingRemove.do":
file = settingRemove();
} else if ("settingSave.do".equals(file)) {
break;
case "settingSave.do":
file = settingSave();
} else if ("test.do".equals(file)) {
break;
case "test.do":
file = test();
} else if ("query.do".equals(file)) {
break;
case "query.do":
file = query();
} else if ("tables.do".equals(file)) {
break;
case "tables.do":
file = tables();
} else if ("editResult.do".equals(file)) {
break;
case "editResult.do":
file = editResult();
} else if ("getHistory.do".equals(file)) {
break;
case "getHistory.do":
file = getHistory();
} else if ("admin.do".equals(file)) {
file = admin();
} else if ("adminSave.do".equals(file)) {
file = adminSave();
} else if ("adminStartTranslate.do".equals(file)) {
file = adminStartTranslate();
} else if ("adminShutdown.do".equals(file)) {
file = adminShutdown();
} else if ("autoCompleteList.do".equals(file)) {
break;
case "admin.do":
file = checkAdmin(file) ? admin() : "adminLogin.do";
break;
case "adminSave.do":
file = checkAdmin(file) ? adminSave() : "adminLogin.do";
break;
case "adminStartTranslate.do":
file = checkAdmin(file) ? adminStartTranslate() : "adminLogin.do";
break;
case "adminShutdown.do":
file = checkAdmin(file) ? adminShutdown() : "adminLogin.do";
break;
case "autoCompleteList.do":
file = autoCompleteList();
} else if ("tools.do".equals(file)) {
file = tools();
} else {
break;
case "tools.do":
file = checkAdmin(file) ? tools() : "adminLogin.do";
break;
case "adminLogin.do":
file = adminLogin();
break;
default:
file = "error.jsp";
break;
}
}
trace("return " + file);
return file;
}
private boolean checkAdmin(String file) {
Boolean b = (Boolean) session.get("admin");
if (b != null && b) {
return true;
}
session.put("adminBack", file);
return false;
}
private String adminLogin() {
String password = attributes.getProperty("password");
if (password == null || password.isEmpty() || !server.checkAdminPassword(password)) {
return "adminLogin.jsp";
}
String back = (String) session.remove("adminBack");
session.put("admin", true);
return back != null ? back : "admin.do";
}
private String autoCompleteList() {
String query = (String) attributes.get("query");
boolean lowercase = false;
......@@ -358,6 +406,10 @@ public class WebApp {
boolean ssl = Utils.parseBoolean((String) attributes.get("ssl"), false, false);
prop.setProperty("webSSL", String.valueOf(ssl));
server.setSSL(ssl);
String adminPassword = server.getAdminPassword();
if (adminPassword != null && !adminPassword.isEmpty()) {
prop.setProperty("adminPassword", adminPassword);
}
server.saveProperties(prop);
} catch (Exception e) {
trace(e.toString());
......@@ -983,6 +1035,7 @@ public class WebApp {
} catch (Exception e) {
trace(e.toString());
}
session.remove("admin");
return "index.do";
}
......
......@@ -154,6 +154,7 @@ public class WebServer implements Service {
private final Set<WebThread> running =
Collections.synchronizedSet(new HashSet<WebThread>());
private boolean ssl;
private String adminPassword;
private final HashMap<String, ConnectionInfo> connInfoMap = new HashMap<>();
private long lastTimeoutCheck;
......@@ -278,6 +279,7 @@ public class WebServer implements Service {
"webSSL", false);
allowOthers = SortedProperties.getBooleanProperty(prop,
"webAllowOthers", false);
adminPassword = SortedProperties.getStringProperty(prop, "adminPassword", null);
commandHistoryString = prop.getProperty(COMMAND_HISTORY);
for (int i = 0; args != null && i < args.length; i++) {
String a = args[i];
......@@ -296,6 +298,8 @@ public class WebServer implements Service {
ifExists = true;
} else if (Tool.isOption(a, "-ifNotExists")) {
ifExists = false;
} else if (Tool.isOption(a, "-adminPassword")) {
adminPassword = args[++i];
} else if (Tool.isOption(a, "-properties")) {
// already set
i++;
......@@ -679,6 +683,9 @@ public class WebServer implements Service {
Boolean.toString(SortedProperties.getBooleanProperty(old, "webAllowOthers", allowOthers)));
prop.setProperty("webSSL",
Boolean.toString(SortedProperties.getBooleanProperty(old, "webSSL", ssl)));
if (adminPassword != null && !adminPassword.isEmpty()) {
prop.setProperty("adminPassword", adminPassword);
}
if (commandHistoryString != null) {
prop.setProperty(COMMAND_HISTORY, commandHistoryString);
}
......@@ -848,4 +855,15 @@ public class WebServer implements Service {
return allowChunked;
}
String getAdminPassword() {
return adminPassword;
}
boolean checkAdminPassword(String password) {
if (adminPassword == null) {
return false;
}
return adminPassword.equals(password);
}
}
......@@ -98,9 +98,10 @@ class WebSession {
* Remove a session attribute from the map.
*
* @param key the key
* @return value that was associated with the key, or null
*/
void remove(String key) {
map.remove(key);
Object remove(String key) {
return map.remove(key);
}
/**
......
......@@ -15,7 +15,7 @@ Initial Developer: H2 Group
${text.adminTitle}
</h1>
<p>
<a href="index.do?jsessionid=${sessionId}">${text.adminLogout}</a>
<a href="logout.do?jsessionid=${sessionId}">${text.adminLogout}</a>
</p>
<hr />
<form name="admin" method="post" action="adminSave.do?jsessionid=${sessionId}">
......
......@@ -10,7 +10,7 @@ Initial Developer: H2 Group
<link rel="stylesheet" type="text/css" href="stylesheet.css" />
</head>
<body style="margin: 20px">
<form name="adminLogin" method="post" action="admin.do?jsessionid=${sessionId}">
<form name="adminLogin" method="post" action="adminLogin.do?jsessionid=${sessionId}">
<table class="login" cellspacing="0" cellpadding="0">
<tr class="login">
<th class="login">${text.adminLogin}</th>
......
......@@ -78,6 +78,18 @@ public class SortedProperties extends Properties {
}
}
/**
* Get a string property value from a properties object.
*
* @param prop the properties object
* @param key the key
* @param def the default value
* @return the value if set, or the default value if not
*/
public static String getStringProperty(Properties prop, String key, String def) {
return prop.getProperty(key, def);
}
/**
* Load a properties object from a file.
*
......
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论