[HOW-TO] Move sensitive Info and Log to an Admin Only page
Posted: Mon Apr 11, 2011 8:18 pm
Hey everyone. Can I just say what a wonderful program SS is. I LOVE it. I just thought I'd share one of the personal modifications i've made to my own server for the benefit of the community.
WARNING
I know this works because i have it running on mine, however I am writing this post modification so some of it is from memory and I haven't tested every aspect of the instructions. That being said this isn't going to blow anything up, and is easy to reverse if you (or I) screwed up, PROVIDED you back up each file before you edit it. This is admittedly very hackity, hack, hack.
Please follow the guidelines for making modifications to your SS server: http://forum.subsonic.org/forum/viewtopic.php?t=5852
THE PREMISE
I wasn't really happy with users having access to my server log or even the basic server info But I also didn't want to completely remove the "about" Page because it has other useful info and Donation info which I do want all of my users to see. Plus having log right there is really handy. Here is the basic idea of this mod. Split the About page into two pages: one with the server info/log that only admins have access to, and one with the basic subsonic info and donate link that everyone sees.
STEP 1:
We are primarily working with one folder, depending on what install you have that is:
or
First lets create a new Server Details page. This page will contain all of the sensitive info we do not want our users seeing. All I did was delete non sensitive info from the help.jsp and save-as serverDetailSettings.jsp. You can do the same, or just copy my edited page code below in any text editor and save it as serverDetailSettings.jsp into your ../jsp folder
STEP 2
Now we need to remove server related info (which we just move to a new page) from the original About page. you can either open up help.jsp and remove the relevant info yourself if you are comfortable with editing html. Or you can let me do it and create a new help.jsp file with the following in it. After you are done save it, replacing the exisiting help.jsp with our new one.
Recap Time
In our ../WEB-INF/jsp folder we have should have one new file serverDetailSettings.jsp and a new version of the help.jsp file. If you restart your server now and click About you should see a simplified version of the original about page; this one featuring just basic Subsonic info, sans any server info or the log
STEP 3
OK back to work. Next is to add the new Server Detail page back into SS so only admins can see it!
to do this we open up subsonic-servlet.xml in the ../WEB-INF folder
scroll down until you find
right underneath that paste:
Now, in the same file, find:
and underneath it paste:
STEP 4
Now we have a functioning serverDetailSettings.view which we can theoretically navigate to. The problem is we have no link to it on any of our existing server pages. We have a few options to remedy that. The first is to add a new icon to the top frame: simple and elegant (also boring). Or for people who want to get really hacky (like myself) you can add a new admin only "Server Details" link under Settings
Here is instruction for both of those options; for simplicities sake I only recommend using one...
OPTION 1:
in WEB-INF/jsp open top.jsp.
find
and underneath that paste:
Proceed to the end unless you also want to add a link in your settings as well
OPTION 2:
To add a new settings entry replace or edit settingsHeader.jsp in ../WEB-INF/jsp/ with the following:
Almost there. Open up serverDetailSettings.jsp again, and right underneath
paste
save. clear cache. restart. you should now see (depending on the route you took) either a new Server icon up top or under Settings have a new Server Details option
WARNING
I know this works because i have it running on mine, however I am writing this post modification so some of it is from memory and I haven't tested every aspect of the instructions. That being said this isn't going to blow anything up, and is easy to reverse if you (or I) screwed up, PROVIDED you back up each file before you edit it. This is admittedly very hackity, hack, hack.
Please follow the guidelines for making modifications to your SS server: http://forum.subsonic.org/forum/viewtopic.php?t=5852
THE PREMISE
I wasn't really happy with users having access to my server log or even the basic server info But I also didn't want to completely remove the "about" Page because it has other useful info and Donation info which I do want all of my users to see. Plus having log right there is really handy. Here is the basic idea of this mod. Split the About page into two pages: one with the server info/log that only admins have access to, and one with the basic subsonic info and donate link that everyone sees.
STEP 1:
We are primarily working with one folder, depending on what install you have that is:
- Code: Select all
subsonic/jetty/<num>/webapp/WEB-INF/jsp
or
- Code: Select all
subsonic/WEB-INF/jsp
First lets create a new Server Details page. This page will contain all of the sensitive info we do not want our users seeing. All I did was delete non sensitive info from the help.jsp and save-as serverDetailSettings.jsp. You can do the same, or just copy my edited page code below in any text editor and save it as serverDetailSettings.jsp into your ../jsp folder
- Code: Select all
%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="iso-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<%@ include file="head.jsp" %>
<script type="text/javascript" src="<c:url value="/script/scripts.js"/>"></script>
<script type="text/javascript" src="<c:url value="/dwr/interface/transferService.js"/>"></script>
<script type="text/javascript" src="<c:url value="/dwr/engine.js"/>"></script>
<script type="text/javascript" src="<c:url value="/dwr/util.js"/>"></script>
</head>
<body class="mainframe bgcolor1">
<c:if test="${model.newVersionAvailable}">
<p class="warning"><fmt:message key="help.upgrade"><fmt:param value="${model.brand}"/><fmt:param value="${model.latestVersion}"/></fmt:message></p>
</c:if>
<c:choose>
<c:when test="${empty model.buildDate}">
<fmt:message key="common.unknown" var="buildDateString"/>
</c:when>
<c:otherwise>
<fmt:formatDate value="${model.buildDate}" dateStyle="long" var="buildDateString"/>
</c:otherwise>
</c:choose>
<c:choose>
<c:when test="${empty model.localVersion}">
<fmt:message key="common.unknown" var="versionString"/>
</c:when>
<c:otherwise>
<c:set var="versionString" value="${model.localVersion} (build ${model.buildNumber})"/>
</c:otherwise>
</c:choose>
<table width="75%" class="ruleTable indent">
<tr><td class="ruleTableHeader"><fmt:message key="help.version.title"/></td><td class="ruleTableCell">${versionString} – ${buildDateString}</td></tr>
<tr><td class="ruleTableHeader"><fmt:message key="help.server.title"/></td>
<td class="ruleTableCell">${model.serverInfo} (<sub:formatBytes bytes="${model.usedMemory}"/> / <sub:formatBytes bytes="${model.totalMemory}"/>)</td></tr>
</table>
<h2><img src="<spring:theme code="logImage"/>" alt=""> <fmt:message key="help.log"/></h2>
<table cellpadding="2" class="log indent">
<c:forEach items="${model.logEntries}" var="entry">
<tr>
<td>[<fmt:formatDate value="${entry.date}" dateStyle="short" timeStyle="long" type="both"/>]</td>
<td>${entry.level}</td><td>${entry.category}</td><td>${entry.message}</td>
</tr>
</c:forEach>
</table>
<p><fmt:message key="help.logfile"><fmt:param value="${model.logFile}"/></fmt:message> </p>
<div class="forward"><a href="help.view?"><fmt:message key="common.refresh"/></a></div>
</body></html>
STEP 2
Now we need to remove server related info (which we just move to a new page) from the original About page. you can either open up help.jsp and remove the relevant info yourself if you are comfortable with editing html. Or you can let me do it and create a new help.jsp file with the following in it. After you are done save it, replacing the exisiting help.jsp with our new one.
- Code: Select all
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="iso-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<%@ include file="head.jsp" %>
<script type="text/javascript" src="<c:url value="/script/scripts.js"/>"></script>
<script type="text/javascript" src="<c:url value="/dwr/interface/transferService.js"/>"></script>
<script type="text/javascript" src="<c:url value="/dwr/engine.js"/>"></script>
<script type="text/javascript" src="<c:url value="/dwr/util.js"/>"></script>
</head>
<body class="mainframe bgcolor1">
<h1>
<img src="<spring:theme code="helpImage"/>" alt="">
<fmt:message key="help.title"><fmt:param value="${model.brand}"/></fmt:message>
</h1>
<table width="75%"><tr>
<td><a href="<c:url value="/donate.view"/>"><img src="<spring:theme code="paypalImage"/>" alt=""></a></td>
<td><fmt:message key="help.donate"><fmt:param value="${model.brand}"/></fmt:message></td>
</tr></table>
<table width="75%" class="ruleTable indent">
<tr><td class="ruleTableHeader"><fmt:message key="help.license.title"/></td><td class="ruleTableCell">
<a href="http://www.gnu.org/copyleft/gpl.html" target="_blank"><img style="float:right;margin-left: 10px" alt="GPL 3.0" src="<c:url value="/icons/gpl.png"/>"></a>
<fmt:message key="help.license.text"><fmt:param value="${model.brand}"/></fmt:message></td></tr>
<tr><td class="ruleTableHeader"><fmt:message key="help.homepage.title"/></td><td class="ruleTableCell"><a target="_blank" href="http://www.subsonic.org/">subsonic.org</a></td></tr>
<tr><td class="ruleTableHeader"><fmt:message key="help.forum.title"/></td><td class="ruleTableCell"><a target="_blank" href="http://forum.subsonic.org/">forum.subsonic.org</a></td></tr>
<tr><td class="ruleTableHeader"><fmt:message key="help.contact.title"/></td><td class="ruleTableCell"><fmt:message key="help.contact.text"><fmt:param value="${model.brand}"/></fmt:message></td></tr>
</table>
</body></html>
Recap Time
In our ../WEB-INF/jsp folder we have should have one new file serverDetailSettings.jsp and a new version of the help.jsp file. If you restart your server now and click About you should see a simplified version of the original about page; this one featuring just basic Subsonic info, sans any server info or the log
STEP 3
OK back to work. Next is to add the new Server Detail page back into SS so only admins can see it!
to do this we open up subsonic-servlet.xml in the ../WEB-INF folder
scroll down until you find
- Code: Select all
<bean id="helpController" class="net.sourceforge.subsonic.controller.HelpController">
<property name="viewName" value="help"/>
<property name="versionService" ref="versionService"/>
<property name="settingsService" ref="settingsService"/>
</bean>
right underneath that paste:
- Code: Select all
<bean id="serverDetailController" class="net.sourceforge.subsonic.controller.HelpController">
<property name="viewName" value="serverDetailSettings"/>
<property name="versionService" ref="versionService"/>
<property name="settingsService" ref="settingsService"/>
</bean>
Now, in the same file, find:
- Code: Select all
<prop key="/help.view">helpController</prop>
and underneath it paste:
- Code: Select all
<prop key="/serverDetailSettings.view">serverDetailController</prop>
STEP 4
Now we have a functioning serverDetailSettings.view which we can theoretically navigate to. The problem is we have no link to it on any of our existing server pages. We have a few options to remedy that. The first is to add a new icon to the top frame: simple and elegant (also boring). Or for people who want to get really hacky (like myself) you can add a new admin only "Server Details" link under Settings
Here is instruction for both of those options; for simplicities sake I only recommend using one...
OPTION 1:
in WEB-INF/jsp open top.jsp.
find
- Code: Select all
<td style="min-width:4em;padding-right:1.5em">
<a href="help.view?" target="main"><img src="<spring:theme code="helpImage"/>" title="${help}" alt="${help}"></a><br>
<a href="help.view?" target="main">${help}</a>
</td>
and underneath that paste:
- Code: Select all
<c:if test="${model.user.adminRole}">
<td style="min-width:4em;padding-right:1.5em">
<a href="serverDetailSettings.view?" target="main"><img src="<spring:theme code="helpImage"/>" title="Server" alt="Server"></a><br>
<a href="serverDetailSettings.view?" target="main">$Server</a>
</td>
</c:if>
Proceed to the end unless you also want to add a link in your settings as well
OPTION 2:
To add a new settings entry replace or edit settingsHeader.jsp in ../WEB-INF/jsp/ with the following:
- Code: Select all
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="iso-8859-1" %>
<%@ include file="include.jsp" %>
<c:set var="categories" value="${param.restricted ? 'personal password player' : 'musicFolder general advanced personal user player network transcoding internetRadio podcast search serverDetail'}"/>
<h1>
<img src="<spring:theme code="settingsImage"/>" alt=""/>
<fmt:message key="settingsheader.title"/>
</h1>
<h2>
<c:forTokens items="${categories}" delims=" " var="cat" varStatus="loopStatus">
<c:choose>
<c:when test="${loopStatus.count > 1 and (loopStatus.count - 1) % 6 != 0}"> | </c:when>
<c:otherwise></h2><h2></c:otherwise>
</c:choose>
<c:url var="url" value="${cat}Settings.view?"/>
<c:choose>
<c:when test="${param.cat eq cat}">
<c:choose>
<c:when test="${cat=='serverDetail'}">
<span class="headerSelected">Server Details</span>
</c:when>
<c:otherwise>
<span class="headerSelected"><fmt:message key="settingsheader.${cat}"/></span>
</c:otherwise>
</c:choose>
</c:when>
<c:otherwise>
<c:choose>
<c:when test="${cat=='serverDetail'}">
<a href="${url}">Server Details</a>
</c:when>
<c:otherwise>
<a href="${url}"><fmt:message key="settingsheader.${cat}"/></a>
</c:otherwise>
</c:choose>
</c:otherwise>
</c:choose>
</c:forTokens>
</h2>
<p></p>
Almost there. Open up serverDetailSettings.jsp again, and right underneath
- Code: Select all
<body class="mainframe bgcolor1">
paste
- Code: Select all
<c:import url="settingsHeader.jsp">
<c:param name="cat" value="serverDetail"/>
</c:import>
save. clear cache. restart. you should now see (depending on the route you took) either a new Server icon up top or under Settings have a new Server Details option