Revision 663063626562 () - Diff

Link to this snippet: https://friendpaste.com/1J8edQNtYJWeJpIa2hxoaV
Embed:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
diff --git a/src/main/java/com/github/rnewson/couchdb/lucene/CouchDBUserRealm.java b/src/main/java/com/github/rnewson/couchdb/lucene/CouchDBUserRealm.java
new file mode 100644
index 0000000..f691b9c
--- /dev/null
+++ b/src/main/java/com/github/rnewson/couchdb/lucene/CouchDBUserRealm.java
@@ -0,0 +1,56 @@
+package com.github.rnewson.couchdb.lucene;
+
+import java.security.Principal;
+
+import org.mortbay.jetty.Request;
+import org.mortbay.jetty.security.UserRealm;
+
+import com.github.rnewson.couchdb.lucene.util.ErrorPreservingResponseHandler;
+
+final class CouchDBUserRealm implements UserRealm {
+
+    private final Config config;
+    
+    public CouchDBUserRealm(final Config config) {
+        this.config = config;
+    }
+
+    public Principal authenticate(final String username,
+            final Object credentials, final Request request) {
+        final HttpGet get = new HttpGet(config.)
+        return httpClient.execute(request, new ErrorPreservingResponseHandler());
+        throw new UnsupportedOperationException("authenticate not supported!");
+    }
+
+    public void disassociate(final Principal user) {
+    }
+
+    public String getName() {
+        return "CouchDB-Lucene";
+    }
+
+    public Principal getPrincipal(final String username) {
+        throw new UnsupportedOperationException("getPrincipal not supported!");
+    }
+
+    public boolean isUserInRole(final Principal user, final String role) {
+        throw new UnsupportedOperationException("isUserInRole not supported!");
+    }
+
+    public void logout(final Principal user) {
+        throw new UnsupportedOperationException("logout not supported!");
+    }
+
+    public Principal popRole(final Principal user) {
+        throw new UnsupportedOperationException("popRole not supported!");
+    }
+
+    public Principal pushRole(final Principal user, final String role) {
+        throw new UnsupportedOperationException("pushRole not supported!");
+    }
+
+    public boolean reauthenticate(final Principal user) {
+        throw new UnsupportedOperationException("reauthenticate not supported!");
+    }
+
+}
diff --git a/src/main/java/com/github/rnewson/couchdb/lucene/Main.java b/src/main/java/com/github/rnewson/couchdb/lucene/Main.java
index b209b9d..55b1fe3 100644
--- a/src/main/java/com/github/rnewson/couchdb/lucene/Main.java
+++ b/src/main/java/com/github/rnewson/couchdb/lucene/Main.java
@@ -23,6 +23,10 @@ import org.mortbay.jetty.Connector;
 import org.mortbay.jetty.Handler;
 import org.mortbay.jetty.Server;
 import org.mortbay.jetty.nio.SelectChannelConnector;
+import org.mortbay.jetty.security.Constraint;
+import org.mortbay.jetty.security.ConstraintMapping;
+import org.mortbay.jetty.security.SecurityHandler;
+import org.mortbay.jetty.security.UserRealm;
 import org.mortbay.jetty.servlet.Context;
 import org.mortbay.jetty.servlet.FilterHolder;
 import org.mortbay.jetty.servlet.ServletHolder;
@@ -52,11 +56,25 @@ public class Main {
 
         final LuceneServlet servlet = new LuceneServlet(config.getClient(), dir, config.getConfiguration());
 
-        final Context context = new Context(server, "/", Context.NO_SESSIONS | Context.NO_SECURITY);
+        final Context context = new Context(server, "/");
         context.addServlet(new ServletHolder(servlet), "/*");
         context.addFilter(new FilterHolder(new GzipFilter()), "/*", Handler.DEFAULT);
         context.setErrorHandler(new JSONErrorHandler());
         server.setHandler(context);
+        
+        final Constraint constraint = new Constraint();
+        constraint.setName(Constraint.__BASIC_AUTH);;
+        constraint.setRoles(new String[]{"user","admin","moderator"});
+        constraint.setAuthenticate(true);
+         
+        final ConstraintMapping constraintMapping = new ConstraintMapping();
+        constraintMapping.setConstraint(constraint);
+        constraintMapping.setPathSpec("/*");
+        
+        final SecurityHandler securityHandler = new SecurityHandler();
+        securityHandler.setUserRealm(new CouchDBUserRealm(config));
+        securityHandler.setConstraintMappings(new ConstraintMapping[]{constraintMapping});        
+        context.addHandler(securityHandler);
 
         server.start();
         server.join();