提交 64a778cc authored 作者: Evgenij Ryazanov's avatar Evgenij Ryazanov

Add simple authentication to WebApp settings with clear-text password

上级 a9ed4558
...@@ -436,6 +436,7 @@ Supported settings are: ...@@ -436,6 +436,7 @@ Supported settings are:
<ul><li><code>webAllowOthers</code>: allow other computers to connect. <ul><li><code>webAllowOthers</code>: allow other computers to connect.
</li><li><code>webPort</code>: the port of the H2 Console </li><li><code>webPort</code>: the port of the H2 Console
</li><li><code>webSSL</code>: use encrypted TLS (HTTPS) connections. </li><li><code>webSSL</code>: use encrypted TLS (HTTPS) connections.
</li><li><code>adminPassword</code>: password to access preferences and tools of H2 Console.
</li></ul> </li></ul>
<p> <p>
In addition to those settings, the properties of the last recently used connection In addition to those settings, the properties of the last recently used connection
......
...@@ -168,6 +168,14 @@ public class WebApp { ...@@ -168,6 +168,14 @@ public class WebApp {
trace(file); trace(file);
if (file.endsWith(".do")) { if (file.endsWith(".do")) {
file = process(file); file = process(file);
} else if (file.endsWith(".jsp")) {
switch (file) {
case "admin.jsp":
case "tools.jsp":
if (!checkAdmin(file)) {
file = process("adminLogin.do");
}
}
} }
return file; return file;
} }
...@@ -207,46 +215,86 @@ public class WebApp { ...@@ -207,46 +215,86 @@ public class WebApp {
private String process(String file) { private String process(String file) {
trace("process " + file); trace("process " + file);
while (file.endsWith(".do")) { while (file.endsWith(".do")) {
if ("login.do".equals(file)) { switch (file) {
case "login.do":
file = login(); file = login();
} else if ("index.do".equals(file)) { break;
case "index.do":
file = index(); file = index();
} else if ("logout.do".equals(file)) { break;
case "logout.do":
file = logout(); file = logout();
} else if ("settingRemove.do".equals(file)) { break;
case "settingRemove.do":
file = settingRemove(); file = settingRemove();
} else if ("settingSave.do".equals(file)) { break;
case "settingSave.do":
file = settingSave(); file = settingSave();
} else if ("test.do".equals(file)) { break;
case "test.do":
file = test(); file = test();
} else if ("query.do".equals(file)) { break;
case "query.do":
file = query(); file = query();
} else if ("tables.do".equals(file)) { break;
case "tables.do":
file = tables(); file = tables();
} else if ("editResult.do".equals(file)) { break;
case "editResult.do":
file = editResult(); file = editResult();
} else if ("getHistory.do".equals(file)) { break;
case "getHistory.do":
file = getHistory(); file = getHistory();
} else if ("admin.do".equals(file)) { break;
file = admin(); case "admin.do":
} else if ("adminSave.do".equals(file)) { file = checkAdmin(file) ? admin() : "adminLogin.do";
file = adminSave(); break;
} else if ("adminStartTranslate.do".equals(file)) { case "adminSave.do":
file = adminStartTranslate(); file = checkAdmin(file) ? adminSave() : "adminLogin.do";
} else if ("adminShutdown.do".equals(file)) { break;
file = adminShutdown(); case "adminStartTranslate.do":
} else if ("autoCompleteList.do".equals(file)) { file = checkAdmin(file) ? adminStartTranslate() : "adminLogin.do";
break;
case "adminShutdown.do":
file = checkAdmin(file) ? adminShutdown() : "adminLogin.do";
break;
case "autoCompleteList.do":
file = autoCompleteList(); file = autoCompleteList();
} else if ("tools.do".equals(file)) { break;
file = tools(); case "tools.do":
} else { file = checkAdmin(file) ? tools() : "adminLogin.do";
break;
case "adminLogin.do":
file = adminLogin();
break;
default:
file = "error.jsp"; file = "error.jsp";
break;
} }
} }
trace("return " + file); trace("return " + file);
return file; return file;
} }
private boolean checkAdmin(String file) {
Boolean b = (Boolean) session.get("admin");
if (b != null && b) {
return true;
}
session.put("adminBack", file);
return false;
}
private String adminLogin() {
String password = attributes.getProperty("password");
if (password == null || password.isEmpty() || !server.checkAdminPassword(password)) {
return "adminLogin.jsp";
}
String back = (String) session.remove("adminBack");
session.put("admin", true);
return back != null ? back : "admin.do";
}
private String autoCompleteList() { private String autoCompleteList() {
String query = (String) attributes.get("query"); String query = (String) attributes.get("query");
boolean lowercase = false; boolean lowercase = false;
...@@ -358,6 +406,10 @@ public class WebApp { ...@@ -358,6 +406,10 @@ public class WebApp {
boolean ssl = Utils.parseBoolean((String) attributes.get("ssl"), false, false); boolean ssl = Utils.parseBoolean((String) attributes.get("ssl"), false, false);
prop.setProperty("webSSL", String.valueOf(ssl)); prop.setProperty("webSSL", String.valueOf(ssl));
server.setSSL(ssl); server.setSSL(ssl);
String adminPassword = server.getAdminPassword();
if (adminPassword != null && !adminPassword.isEmpty()) {
prop.setProperty("adminPassword", adminPassword);
}
server.saveProperties(prop); server.saveProperties(prop);
} catch (Exception e) { } catch (Exception e) {
trace(e.toString()); trace(e.toString());
...@@ -983,6 +1035,7 @@ public class WebApp { ...@@ -983,6 +1035,7 @@ public class WebApp {
} catch (Exception e) { } catch (Exception e) {
trace(e.toString()); trace(e.toString());
} }
session.remove("admin");
return "index.do"; return "index.do";
} }
......
...@@ -154,6 +154,7 @@ public class WebServer implements Service { ...@@ -154,6 +154,7 @@ public class WebServer implements Service {
private final Set<WebThread> running = private final Set<WebThread> running =
Collections.synchronizedSet(new HashSet<WebThread>()); Collections.synchronizedSet(new HashSet<WebThread>());
private boolean ssl; private boolean ssl;
private String adminPassword;
private final HashMap<String, ConnectionInfo> connInfoMap = new HashMap<>(); private final HashMap<String, ConnectionInfo> connInfoMap = new HashMap<>();
private long lastTimeoutCheck; private long lastTimeoutCheck;
...@@ -278,6 +279,7 @@ public class WebServer implements Service { ...@@ -278,6 +279,7 @@ public class WebServer implements Service {
"webSSL", false); "webSSL", false);
allowOthers = SortedProperties.getBooleanProperty(prop, allowOthers = SortedProperties.getBooleanProperty(prop,
"webAllowOthers", false); "webAllowOthers", false);
adminPassword = SortedProperties.getStringProperty(prop, "adminPassword", null);
commandHistoryString = prop.getProperty(COMMAND_HISTORY); commandHistoryString = prop.getProperty(COMMAND_HISTORY);
for (int i = 0; args != null && i < args.length; i++) { for (int i = 0; args != null && i < args.length; i++) {
String a = args[i]; String a = args[i];
...@@ -296,6 +298,8 @@ public class WebServer implements Service { ...@@ -296,6 +298,8 @@ public class WebServer implements Service {
ifExists = true; ifExists = true;
} else if (Tool.isOption(a, "-ifNotExists")) { } else if (Tool.isOption(a, "-ifNotExists")) {
ifExists = false; ifExists = false;
} else if (Tool.isOption(a, "-adminPassword")) {
adminPassword = args[++i];
} else if (Tool.isOption(a, "-properties")) { } else if (Tool.isOption(a, "-properties")) {
// already set // already set
i++; i++;
...@@ -679,6 +683,9 @@ public class WebServer implements Service { ...@@ -679,6 +683,9 @@ public class WebServer implements Service {
Boolean.toString(SortedProperties.getBooleanProperty(old, "webAllowOthers", allowOthers))); Boolean.toString(SortedProperties.getBooleanProperty(old, "webAllowOthers", allowOthers)));
prop.setProperty("webSSL", prop.setProperty("webSSL",
Boolean.toString(SortedProperties.getBooleanProperty(old, "webSSL", ssl))); Boolean.toString(SortedProperties.getBooleanProperty(old, "webSSL", ssl)));
if (adminPassword != null && !adminPassword.isEmpty()) {
prop.setProperty("adminPassword", adminPassword);
}
if (commandHistoryString != null) { if (commandHistoryString != null) {
prop.setProperty(COMMAND_HISTORY, commandHistoryString); prop.setProperty(COMMAND_HISTORY, commandHistoryString);
} }
...@@ -848,4 +855,15 @@ public class WebServer implements Service { ...@@ -848,4 +855,15 @@ public class WebServer implements Service {
return allowChunked; return allowChunked;
} }
String getAdminPassword() {
return adminPassword;
}
boolean checkAdminPassword(String password) {
if (adminPassword == null) {
return false;
}
return adminPassword.equals(password);
}
} }
...@@ -98,9 +98,10 @@ class WebSession { ...@@ -98,9 +98,10 @@ class WebSession {
* Remove a session attribute from the map. * Remove a session attribute from the map.
* *
* @param key the key * @param key the key
* @return value that was associated with the key, or null
*/ */
void remove(String key) { Object remove(String key) {
map.remove(key); return map.remove(key);
} }
/** /**
......
...@@ -15,7 +15,7 @@ Initial Developer: H2 Group ...@@ -15,7 +15,7 @@ Initial Developer: H2 Group
${text.adminTitle} ${text.adminTitle}
</h1> </h1>
<p> <p>
<a href="index.do?jsessionid=${sessionId}">${text.adminLogout}</a> <a href="logout.do?jsessionid=${sessionId}">${text.adminLogout}</a>
</p> </p>
<hr /> <hr />
<form name="admin" method="post" action="adminSave.do?jsessionid=${sessionId}"> <form name="admin" method="post" action="adminSave.do?jsessionid=${sessionId}">
......
...@@ -10,7 +10,7 @@ Initial Developer: H2 Group ...@@ -10,7 +10,7 @@ Initial Developer: H2 Group
<link rel="stylesheet" type="text/css" href="stylesheet.css" /> <link rel="stylesheet" type="text/css" href="stylesheet.css" />
</head> </head>
<body style="margin: 20px"> <body style="margin: 20px">
<form name="adminLogin" method="post" action="admin.do?jsessionid=${sessionId}"> <form name="adminLogin" method="post" action="adminLogin.do?jsessionid=${sessionId}">
<table class="login" cellspacing="0" cellpadding="0"> <table class="login" cellspacing="0" cellpadding="0">
<tr class="login"> <tr class="login">
<th class="login">${text.adminLogin}</th> <th class="login">${text.adminLogin}</th>
......
...@@ -78,6 +78,18 @@ public class SortedProperties extends Properties { ...@@ -78,6 +78,18 @@ public class SortedProperties extends Properties {
} }
} }
/**
* Get a string property value from a properties object.
*
* @param prop the properties object
* @param key the key
* @param def the default value
* @return the value if set, or the default value if not
*/
public static String getStringProperty(Properties prop, String key, String def) {
return prop.getProperty(key, def);
}
/** /**
* Load a properties object from a file. * Load a properties object from a file.
* *
......
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论