diff --git a/apps/routerconsole/java/src/net/i2p/router/web/RouterConsoleRunner.java b/apps/routerconsole/java/src/net/i2p/router/web/RouterConsoleRunner.java
index a16f8d6ea6cfe00c5fdc4cc1c9de1ec4723342af..134b89febc215dfb8e0223e00bdb38b3469fc1d0 100644
--- a/apps/routerconsole/java/src/net/i2p/router/web/RouterConsoleRunner.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/RouterConsoleRunner.java
@@ -1,13 +1,22 @@
package net.i2p.router.web;
import java.io.IOException;
+import java.util.List;
+
+import net.i2p.router.RouterContext;
+
import org.mortbay.jetty.Server;
+import org.mortbay.jetty.servlet.WebApplicationContext;
+import org.mortbay.http.handler.SecurityHandler;
+import org.mortbay.http.HashUserRealm;
+import org.mortbay.http.HttpRequest;
+import org.mortbay.http.SecurityConstraint;
import org.mortbay.util.MultiException;
public class RouterConsoleRunner {
private Server _server;
private String _listenPort = "7657";
- private String _listenHost = "0.0.0.0";
+ private String _listenHost = "127.0.0.1";
private String _webAppsDir = "./webapps/";
public RouterConsoleRunner(String args[]) {
@@ -25,10 +34,15 @@ public class RouterConsoleRunner {
public void startConsole() {
_server = new Server();
+ WebApplicationContext contexts[] = null;
try {
_server.addListener(_listenHost + ':' + _listenPort);
_server.setRootWebApp("routerconsole");
- _server.addWebApplications(_webAppsDir);
+ contexts = _server.addWebApplications(_webAppsDir);
+ if (contexts != null) {
+ for (int i = 0; i < contexts.length; i++)
+ initialize(contexts[i]);
+ }
} catch (IOException ioe) {
ioe.printStackTrace();
}
@@ -39,6 +53,41 @@ public class RouterConsoleRunner {
}
}
+ private void initialize(WebApplicationContext context) {
+ String password = getPassword();
+ if (password != null) {
+ HashUserRealm realm = new HashUserRealm();
+ realm.put("admin", password);
+ realm.addUserToRole("admin", "routerAdmin");
+ context.setRealm(realm);
+ context.addHandler(0, new SecurityHandler());
+ SecurityConstraint constraint = new SecurityConstraint("admin", "routerAdmin");
+ constraint.setAuthenticate(true);
+ context.addSecurityConstraint("/", constraint);
+ }
+ }
+
+ private String getPassword() {
+ List contexts = RouterContext.listContexts();
+ if (contexts != null) {
+ for (int i = 0; i < contexts.size(); i++) {
+ RouterContext ctx = (RouterContext)contexts.get(i);
+ String password = ctx.getProperty("consolePassword");
+ if (password != null) {
+ password = password.trim();
+ if (password.length() > 0) {
+ return password;
+ }
+ }
+ }
+ // no password in any context
+ return null;
+ } else {
+ // no contexts?!
+ return null;
+ }
+ }
+
public void stopConsole() {
try {
_server.stop();
diff --git a/installer/java/src/router.config.template b/installer/java/src/router.config.template
index 5ddb71c78f4f2a82b9586b93e24713f845c4d40f..a2de6049c018f6f4d5a47fec957fb07a0d6c418c 100644
--- a/installer/java/src/router.config.template
+++ b/installer/java/src/router.config.template
@@ -160,6 +160,15 @@ clientApp.2.args=-nocli -e "config localhost ##_router_i2cp_port##" -e "httpclie
#clientApp.3.main=net.i2p.router.web.RouterConsoleRunner
#clientApp.3.name=webConsole
#clientApp.3.args=7657 127.0.0.1 ./webapps/
+#clientApp.3.onBoot=true
+
+# To require simple HTTP authentication for accessing any of the pages underneath the web console
+# (including any other webapps deployed), uncomment the following line and set the password
+# accordingly (the username is 'admin'). If the following is commented out, or is blank, then
+# no password will be required, and anyone will be able to access your router console (and change
+# settings, etc). This is only used for the new jetty console (started in clientApp.3.* above)
+#
+#consolePassword=fooBarBaz
# Network monitor (harvests data from the network database and stores it under
# monitorData/, and with the netviewer GUI you can browse through its results)