echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* Console: Fix Jetty digest auth bug causing repeated password requests

Browse Source 
I2P fixes for out-of-order nonce counts.
   Based on DigestAuthenticator in Jetty 7.6.10.
   Includes the nonce count verification code from Tomcat 7.0.35.
   ref: http://jira.codehaus.org/browse/JETTY-1468 which was closed not-a-bug.
   ref: https://bugs.eclipse.org/bugs/show_bug.cgi?id=336443 in which the
   Jetty implementation was introduced.
This commit is contained in:
zzz
2013-04-23 18:22:48 +00:00
parent 4358d11191
commit 22025b0c3a
3 changed files with 97 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
apps/routerconsole/java/src/net/i2p/router/web/RouterConsoleRunner.java
View File

@ -29,6 +29,7 @@ import static net.i2p.app.ClientAppState.*;
import net.i2p.apps.systray.SysTray;
import net.i2p.data.Base32;
import net.i2p.data.DataHelper;
import net.i2p.jetty.I2PDigestAuthenticator;
import net.i2p.jetty.I2PLogger;
import net.i2p.router.RouterContext;
import net.i2p.router.update.ConsoleUpdateManager;
@ -105,7 +106,11 @@ public class RouterConsoleRunner implements RouterApp {
private static final String DEFAULT_WEBAPP_CONFIG_FILENAME = "webapps.config";
// Jetty Auth
private static final DigestAuthenticator authenticator = new DigestAuthenticator();
private static final DigestAuthenticator authenticator = new I2PDigestAuthenticator();
static {
// default changed from 0 (forever) in Jetty 6 to 60*1000 ms in Jetty 7
authenticator.setMaxNonceAge(7*24*60*60*1000L);
}
public static final String JETTY_REALM = "i2prouter";
private static final String JETTY_ROLE = "routerAdmin";
public static final String PROP_CONSOLE_PW = "routerconsole.auth." + JETTY_REALM;