Skip to content

Commit

Permalink
Merge pull request #10400 from eclipse/jetty-10.0.x-inetaccessHandler
Browse files Browse the repository at this point in the history
Issue #10388 - fix InetAccessHandler module
  • Loading branch information
lachlan-roberts authored Aug 25, 2023
2 parents 3aaf39d + d6320c4 commit 38cea26
Show file tree
Hide file tree
Showing 5 changed files with 53 additions and 45 deletions.
16 changes: 5 additions & 11 deletions jetty-server/src/main/config/modules/inetaccess.mod
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

[description]
Enables the InetAccessHandler.
Applies a include/exclude control of the remote IP of requests.
Applies an include/exclude control of the remote IP of requests.

[tags]
connector
Expand All @@ -18,15 +18,9 @@ etc/jetty-inetaccess.xml

[ini-template]

## List of InetAddress patterns to include
#jetty.inetaccess.include=127.0.0.1,127.0.0.2
## List of InetAddress patterns to include (connectorName@addressPattern|pathSpec)
#jetty.inetaccess.include=http@127.0.0.1-127.0.0.2|/pathSpec,tls@,|/pathSpec2,127.0.0.20

## List of InetAddress patterns to exclude
#jetty.inetaccess.exclude=127.0.0.1,127.0.0.2

## List of Connector names to include
#jetty.inetaccess.includeConnectors=http

## List of Connector names to exclude
#jetty.inetaccess.excludeConnectors=tls
## List of InetAddress patterns to exclude (connectorName@addressPattern|pathSpec)
#jetty.inetaccess.exclude=http@127.0.0.1-127.0.0.2|/pathSpec,tls@,|/pathSpec2,127.0.0.20

13 changes: 0 additions & 13 deletions jetty-server/src/main/config/modules/inetaccess/inetaccess.xml

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -19,20 +19,6 @@
</Call>
</Arg>
</Call>
<Call name="includeConnectors">
<Arg>
<Call class="org.eclipse.jetty.util.StringUtil" name="csvSplit">
<Arg><Property name="jetty.inetaccess.includeConnectors" default="" /></Arg>
</Call>
</Arg>
</Call>
<Call name="excludeConnectors">
<Arg>
<Call class="org.eclipse.jetty.util.StringUtil" name="csvSplit">
<Arg><Property name="jetty.inetaccess.excludeConnectors" default="" /></Arg>
</Call>
</Arg>
</Call>
</New>
</Arg>
</Call>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@

public class InetAccessSet extends AbstractSet<InetAccessSet.PatternTuple> implements Set<InetAccessSet.PatternTuple>, Predicate<InetAccessSet.AccessTuple>
{
private ArrayList<PatternTuple> tuples = new ArrayList<>();
private final ArrayList<PatternTuple> tuples = new ArrayList<>();

@Override
public boolean add(PatternTuple storageTuple)
Expand Down Expand Up @@ -67,7 +67,7 @@ public boolean test(AccessTuple entry)
return false;
}

static class PatternTuple implements Predicate<AccessTuple>
public static class PatternTuple implements Predicate<AccessTuple>
{
private final String connector;
private final InetAddressPattern address;
Expand Down Expand Up @@ -110,19 +110,22 @@ public boolean test(AccessTuple entry)
if ((connector != null) && !connector.equals(entry.getConnector()))
return false;

// If we have a path we must must be at this path to match for an address.
// If we have a path we must be at this path to match for an address.
if ((pathSpec != null) && !pathSpec.matches(entry.getPath()))
return false;

// Match for InetAddress.
if ((address != null) && !address.test(entry.getAddress()))
return false;
return (address == null) || address.test(entry.getAddress());
}

return true;
@Override
public String toString()
{
return String.format("%s@%x{connector=%s, addressPattern=%s, pathSpec=%s}", getClass().getSimpleName(), hashCode(), connector, address, pathSpec);
}
}

static class AccessTuple
public static class AccessTuple
{
private final String connector;
private final InetAddress address;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1376,4 +1376,42 @@ public void testVirtualThreadPool() throws Exception
}
}
}

@Test
public void testInetAccessHandler() throws Exception
{
String jettyVersion = System.getProperty("jettyVersion");
JettyHomeTester distribution = JettyHomeTester.Builder.newInstance()
.jettyVersion(jettyVersion)
.mavenLocalRepository(System.getProperty("mavenRepoPath"))
.build();

try (JettyHomeTester.Run run1 = distribution.start("--add-modules=inetaccess,http"))
{
assertTrue(run1.awaitFor(10, TimeUnit.SECONDS));
assertEquals(0, run1.getExitValue());

int httpPort = distribution.freePort();
List<String> args = List.of(
"jetty.inetaccess.exclude=|/excludedPath/*",
"jetty.http.port=" + httpPort);
try (JettyHomeTester.Run run2 = distribution.start(args))
{
assertTrue(run2.awaitConsoleLogsFor("Started Server@", 10, TimeUnit.SECONDS));
startHttpClient();

// Excluded path returns 403 response.
ContentResponse response = client.newRequest("http://localhost:" + httpPort + "/excludedPath")
.timeout(15, TimeUnit.SECONDS)
.send();
assertEquals(HttpStatus.FORBIDDEN_403, response.getStatus());

// Other paths return 404 response.
response = client.newRequest("http://localhost:" + httpPort + "/path")
.timeout(15, TimeUnit.SECONDS)
.send();
assertEquals(HttpStatus.NOT_FOUND_404, response.getStatus());
}
}
}
}

0 comments on commit 38cea26

Please sign in to comment.