/** Set up basic security constraints for the webapp. Add all users and passwords. */ static void initialize(RouterContext ctx, WebAppContext context) { SecurityHandler sec = new SecurityHandler(); List<ConstraintMapping> constraints = new ArrayList(4); ConsolePasswordManager mgr = new ConsolePasswordManager(ctx); boolean enable = ctx.getBooleanProperty(PROP_PW_ENABLE); if (enable) { Map<String, String> userpw = mgr.getMD5(PROP_CONSOLE_PW); if (userpw.isEmpty()) { enable = false; ctx.router().saveConfig(PROP_CONSOLE_PW, "false"); } else { HashUserRealm realm = new HashUserRealm(JETTY_REALM); sec.setUserRealm(realm); sec.setAuthenticator(authenticator); for (Map.Entry<String, String> e : userpw.entrySet()) { String user = e.getKey(); String pw = e.getValue(); realm.put(user, MD5.__TYPE + pw); realm.addUserToRole(user, JETTY_ROLE); Constraint constraint = new Constraint(user, JETTY_ROLE); constraint.setAuthenticate(true); ConstraintMapping cm = new ConstraintMapping(); cm.setConstraint(constraint); cm.setPathSpec("/"); constraints.add(cm); } } } // This forces a '403 Forbidden' response for TRACE and OPTIONS unless the // WAC handler handles it. // (LocaleWebAppHandler returns a '405 Method Not Allowed') // TRACE and OPTIONS aren't really security issues... // TRACE doesn't echo stuff unless you call setTrace(true) // But it might bug some people // The other strange methods - PUT, DELETE, MOVE - are disabled by default // See also: // http://old.nabble.com/Disable-HTTP-TRACE-in-Jetty-5.x-td12412607.html Constraint sc = new Constraint(); sc.setName("No trace"); ConstraintMapping cm = new ConstraintMapping(); cm.setMethod("TRACE"); cm.setConstraint(sc); cm.setPathSpec("/"); constraints.add(cm); sc = new Constraint(); sc.setName("No options"); cm = new ConstraintMapping(); cm.setMethod("OPTIONS"); cm.setConstraint(sc); cm.setPathSpec("/"); constraints.add(cm); ConstraintMapping cmarr[] = constraints.toArray(new ConstraintMapping[constraints.size()]); sec.setConstraintMappings(cmarr); context.setSecurityHandler(sec); }
private void updateSettings() { _doLog = _context.getBooleanProperty(PROP_KEEP_MESSAGE_HISTORY); _historyFile = _context.getProperty(PROP_MESSAGE_HISTORY_FILENAME, DEFAULT_MESSAGE_HISTORY_FILENAME); }
/** @since 0.9.9 */ public boolean isAdvanced() { return _context.getBooleanProperty(PROP_ADVANCED); }
/** * Is a boolean property set to true? * * @param prop must default to false * @return non-null, either "" or " checked=\"checked\" " * @since 0.9.24 consolidated from various helpers */ protected String getChecked(String prop) { if (_context.getBooleanProperty(prop)) return CHECKED; return ""; }
/** * Only called at startup via LoadRouterInfoJob and RebuildRouterInfoJob. Not called by periodic * RepublishLocalRouterInfoJob. We don't want to change the cert on the fly as it changes the * router hash. RouterInfo.isHidden() checks the capability, but RouterIdentity.isHidden() checks * the cert. There's no reason to ever add a hidden cert? * * @return the certificate for a new RouterInfo - probably a null cert. * @since 0.9.16 moved from Router */ static Certificate createCertificate(RouterContext ctx, SigningPublicKey spk) { if (spk.getType() != SigType.DSA_SHA1) return new KeyCertificate(spk); if (ctx.getBooleanProperty(Router.PROP_HIDDEN)) return new Certificate(Certificate.CERTIFICATE_TYPE_HIDDEN, null); return Certificate.NULL_CERT; }