Only enable basic auth, if a HMAC key is configured

2021-05-08 19:02:20 +02:00 · 2021-05-08 19:02:20 +02:00 · aa3f4a1b1f
parent 65ea3e1adb
commit aa3f4a1b1f
1 changed files with 4 additions and 2 deletions
--- a/server/src/main/java/ctbrec/recorder/server/HttpServer.java
+++ b/server/src/main/java/ctbrec/recorder/server/HttpServer.java
@ -239,10 +239,12 @@ public class HttpServer {
                defaultContext.addServlet(holder, staticFileContext);
                LOG.info("Register static file servlet under {}", defaultContext.getContextPath()+staticFileContext);

-                // servlet to retrieve the HMAC secured by basic auth
+                // servlet to retrieve the HMAC (secured by basic auth if an hmac key is set in the config)
                String username = this.config.getSettings().webinterfaceUsername;
                String password = this.config.getSettings().webinterfacePassword;
-                basicAuthContext.setSecurityHandler(basicAuth(username, password, "CTB Recorder"));
+                if (config.getSettings().key != null && config.getSettings().key.length > 0) {
+                    basicAuthContext.setSecurityHandler(basicAuth(username, password, "CTB Recorder"));
+                }
                basicAuthContext.addServlet(new ServletHolder(new HttpServlet() {
                    @Override
                    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException {