Skip to content

Commit

Permalink
Add simple authentication to WebApp settings with clear-text password
Browse files Browse the repository at this point in the history
  • Loading branch information
katzyn committed Feb 7, 2019
1 parent a9ed455 commit 64a778c
Show file tree
Hide file tree
Showing 7 changed files with 111 additions and 26 deletions.
1 change: 1 addition & 0 deletions h2/src/docsrc/html/tutorial.html
Original file line number Diff line number Diff line change
Expand Up @@ -436,6 +436,7 @@ <h2 id="console_settings">Settings of the H2 Console</h2>
<ul><li><code>webAllowOthers</code>: allow other computers to connect.
</li><li><code>webPort</code>: the port of the H2 Console
</li><li><code>webSSL</code>: use encrypted TLS (HTTPS) connections.
</li><li><code>adminPassword</code>: password to access preferences and tools of H2 Console.
</li></ul>
<p>
In addition to those settings, the properties of the last recently used connection
Expand Down
97 changes: 75 additions & 22 deletions h2/src/main/org/h2/server/web/WebApp.java
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,14 @@ String processRequest(String file, String hostAddr) {
trace(file);
if (file.endsWith(".do")) {
file = process(file);
} else if (file.endsWith(".jsp")) {
switch (file) {
case "admin.jsp":
case "tools.jsp":
if (!checkAdmin(file)) {
file = process("adminLogin.do");
}
}
}
return file;
}
Expand Down Expand Up @@ -207,46 +215,86 @@ private static String getComboBox(String[][] elements, String selected) {
private String process(String file) {
trace("process " + file);
while (file.endsWith(".do")) {
if ("login.do".equals(file)) {
switch (file) {
case "login.do":
file = login();
} else if ("index.do".equals(file)) {
break;
case "index.do":
file = index();
} else if ("logout.do".equals(file)) {
break;
case "logout.do":
file = logout();
} else if ("settingRemove.do".equals(file)) {
break;
case "settingRemove.do":
file = settingRemove();
} else if ("settingSave.do".equals(file)) {
break;
case "settingSave.do":
file = settingSave();
} else if ("test.do".equals(file)) {
break;
case "test.do":
file = test();
} else if ("query.do".equals(file)) {
break;
case "query.do":
file = query();
} else if ("tables.do".equals(file)) {
break;
case "tables.do":
file = tables();
} else if ("editResult.do".equals(file)) {
break;
case "editResult.do":
file = editResult();
} else if ("getHistory.do".equals(file)) {
break;
case "getHistory.do":
file = getHistory();
} else if ("admin.do".equals(file)) {
file = admin();
} else if ("adminSave.do".equals(file)) {
file = adminSave();
} else if ("adminStartTranslate.do".equals(file)) {
file = adminStartTranslate();
} else if ("adminShutdown.do".equals(file)) {
file = adminShutdown();
} else if ("autoCompleteList.do".equals(file)) {
break;
case "admin.do":
file = checkAdmin(file) ? admin() : "adminLogin.do";
break;
case "adminSave.do":
file = checkAdmin(file) ? adminSave() : "adminLogin.do";
break;
case "adminStartTranslate.do":
file = checkAdmin(file) ? adminStartTranslate() : "adminLogin.do";
break;
case "adminShutdown.do":
file = checkAdmin(file) ? adminShutdown() : "adminLogin.do";
break;
case "autoCompleteList.do":
file = autoCompleteList();
} else if ("tools.do".equals(file)) {
file = tools();
} else {
break;
case "tools.do":
file = checkAdmin(file) ? tools() : "adminLogin.do";
break;
case "adminLogin.do":
file = adminLogin();
break;
default:
file = "error.jsp";
break;
}
}
trace("return " + file);
return file;
}

private boolean checkAdmin(String file) {
Boolean b = (Boolean) session.get("admin");
if (b != null && b) {
return true;
}
session.put("adminBack", file);
return false;
}

private String adminLogin() {
String password = attributes.getProperty("password");
if (password == null || password.isEmpty() || !server.checkAdminPassword(password)) {
return "adminLogin.jsp";
}
String back = (String) session.remove("adminBack");
session.put("admin", true);
return back != null ? back : "admin.do";
}

private String autoCompleteList() {
String query = (String) attributes.get("query");
boolean lowercase = false;
Expand Down Expand Up @@ -358,6 +406,10 @@ private String adminSave() {
boolean ssl = Utils.parseBoolean((String) attributes.get("ssl"), false, false);
prop.setProperty("webSSL", String.valueOf(ssl));
server.setSSL(ssl);
String adminPassword = server.getAdminPassword();
if (adminPassword != null && !adminPassword.isEmpty()) {
prop.setProperty("adminPassword", adminPassword);
}
server.saveProperties(prop);
} catch (Exception e) {
trace(e.toString());
Expand Down Expand Up @@ -983,6 +1035,7 @@ private String logout() {
} catch (Exception e) {
trace(e.toString());
}
session.remove("admin");
return "index.do";
}

Expand Down
18 changes: 18 additions & 0 deletions h2/src/main/org/h2/server/web/WebServer.java
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,7 @@ public class WebServer implements Service {
private final Set<WebThread> running =
Collections.synchronizedSet(new HashSet<WebThread>());
private boolean ssl;
private String adminPassword;
private final HashMap<String, ConnectionInfo> connInfoMap = new HashMap<>();

private long lastTimeoutCheck;
Expand Down Expand Up @@ -278,6 +279,7 @@ public void init(String... args) {
"webSSL", false);
allowOthers = SortedProperties.getBooleanProperty(prop,
"webAllowOthers", false);
adminPassword = SortedProperties.getStringProperty(prop, "adminPassword", null);
commandHistoryString = prop.getProperty(COMMAND_HISTORY);
for (int i = 0; args != null && i < args.length; i++) {
String a = args[i];
Expand All @@ -296,6 +298,8 @@ public void init(String... args) {
ifExists = true;
} else if (Tool.isOption(a, "-ifNotExists")) {
ifExists = false;
} else if (Tool.isOption(a, "-adminPassword")) {
adminPassword = args[++i];
} else if (Tool.isOption(a, "-properties")) {
// already set
i++;
Expand Down Expand Up @@ -679,6 +683,9 @@ synchronized void saveProperties(Properties prop) {
Boolean.toString(SortedProperties.getBooleanProperty(old, "webAllowOthers", allowOthers)));
prop.setProperty("webSSL",
Boolean.toString(SortedProperties.getBooleanProperty(old, "webSSL", ssl)));
if (adminPassword != null && !adminPassword.isEmpty()) {
prop.setProperty("adminPassword", adminPassword);
}
if (commandHistoryString != null) {
prop.setProperty(COMMAND_HISTORY, commandHistoryString);
}
Expand Down Expand Up @@ -848,4 +855,15 @@ boolean getAllowChunked() {
return allowChunked;
}

String getAdminPassword() {
return adminPassword;
}

boolean checkAdminPassword(String password) {
if (adminPassword == null) {
return false;
}
return adminPassword.equals(password);
}

}
5 changes: 3 additions & 2 deletions h2/src/main/org/h2/server/web/WebSession.java
Original file line number Diff line number Diff line change
Expand Up @@ -98,9 +98,10 @@ Object get(String key) {
* Remove a session attribute from the map.
*
* @param key the key
* @return value that was associated with the key, or null
*/
void remove(String key) {
map.remove(key);
Object remove(String key) {
return map.remove(key);
}

/**
Expand Down
2 changes: 1 addition & 1 deletion h2/src/main/org/h2/server/web/res/admin.jsp
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ Initial Developer: H2 Group
${text.adminTitle}
</h1>
<p>
<a href="index.do?jsessionid=${sessionId}">${text.adminLogout}</a>
<a href="logout.do?jsessionid=${sessionId}">${text.adminLogout}</a>
</p>
<hr />
<form name="admin" method="post" action="adminSave.do?jsessionid=${sessionId}">
Expand Down
2 changes: 1 addition & 1 deletion h2/src/main/org/h2/server/web/res/adminLogin.jsp
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ Initial Developer: H2 Group
<link rel="stylesheet" type="text/css" href="stylesheet.css" />
</head>
<body style="margin: 20px">
<form name="adminLogin" method="post" action="admin.do?jsessionid=${sessionId}">
<form name="adminLogin" method="post" action="adminLogin.do?jsessionid=${sessionId}">
<table class="login" cellspacing="0" cellpadding="0">
<tr class="login">
<th class="login">${text.adminLogin}</th>
Expand Down
12 changes: 12 additions & 0 deletions h2/src/main/org/h2/util/SortedProperties.java
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,18 @@ public static int getIntProperty(Properties prop, String key, int def) {
}
}

/**
* Get a string property value from a properties object.
*
* @param prop the properties object
* @param key the key
* @param def the default value
* @return the value if set, or the default value if not
*/
public static String getStringProperty(Properties prop, String key, String def) {
return prop.getProperty(key, def);
}

/**
* Load a properties object from a file.
*
Expand Down

0 comments on commit 64a778c

Please sign in to comment.