diff --git a/jetty-server/src/main/config/modules/inetaccess.mod b/jetty-server/src/main/config/modules/inetaccess.mod index 8716b1d4e798..acd2ceacfe75 100644 --- a/jetty-server/src/main/config/modules/inetaccess.mod +++ b/jetty-server/src/main/config/modules/inetaccess.mod @@ -2,7 +2,7 @@ [description] Enables the InetAccessHandler. -Applies a include/exclude control of the remote IP of requests. +Applies an include/exclude control of the remote IP of requests. [tags] connector @@ -18,15 +18,9 @@ etc/jetty-inetaccess.xml [ini-template] -## List of InetAddress patterns to include -#jetty.inetaccess.include=127.0.0.1,127.0.0.2 +## List of InetAddress patterns to include (connectorName@addressPattern|pathSpec) +#jetty.inetaccess.include=http@127.0.0.1-127.0.0.2|/pathSpec,tls@,|/pathSpec2,127.0.0.20 -## List of InetAddress patterns to exclude -#jetty.inetaccess.exclude=127.0.0.1,127.0.0.2 - -## List of Connector names to include -#jetty.inetaccess.includeConnectors=http - -## List of Connector names to exclude -#jetty.inetaccess.excludeConnectors=tls +## List of InetAddress patterns to exclude (connectorName@addressPattern|pathSpec) +#jetty.inetaccess.exclude=http@127.0.0.1-127.0.0.2|/pathSpec,tls@,|/pathSpec2,127.0.0.20 diff --git a/jetty-server/src/main/config/modules/inetaccess/inetaccess.xml b/jetty-server/src/main/config/modules/inetaccess/inetaccess.xml deleted file mode 100644 index 34af6f2e8289..000000000000 --- a/jetty-server/src/main/config/modules/inetaccess/inetaccess.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - - 127.0.0.1-127.0.0.255 - 127.0.0.128-127.0.0.129 - - - - diff --git a/jetty-server/src/main/config/modules/inetaccess/jetty-inetaccess.xml b/jetty-server/src/main/config/modules/inetaccess/jetty-inetaccess.xml index e784968e37bc..f30fe062f66f 100644 --- a/jetty-server/src/main/config/modules/inetaccess/jetty-inetaccess.xml +++ b/jetty-server/src/main/config/modules/inetaccess/jetty-inetaccess.xml @@ -19,20 +19,6 @@ - - - - - - - - - - - - - - diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/InetAccessSet.java b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/InetAccessSet.java index bb4327fb38b0..505512c4280a 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/InetAccessSet.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/InetAccessSet.java @@ -27,7 +27,7 @@ public class InetAccessSet extends AbstractSet implements Set, Predicate { - private ArrayList tuples = new ArrayList<>(); + private final ArrayList tuples = new ArrayList<>(); @Override public boolean add(PatternTuple storageTuple) @@ -67,7 +67,7 @@ public boolean test(AccessTuple entry) return false; } - static class PatternTuple implements Predicate + public static class PatternTuple implements Predicate { private final String connector; private final InetAddressPattern address; @@ -110,19 +110,22 @@ public boolean test(AccessTuple entry) if ((connector != null) && !connector.equals(entry.getConnector())) return false; - // If we have a path we must must be at this path to match for an address. + // If we have a path we must be at this path to match for an address. if ((pathSpec != null) && !pathSpec.matches(entry.getPath())) return false; // Match for InetAddress. - if ((address != null) && !address.test(entry.getAddress())) - return false; + return (address == null) || address.test(entry.getAddress()); + } - return true; + @Override + public String toString() + { + return String.format("%s@%x{connector=%s, addressPattern=%s, pathSpec=%s}", getClass().getSimpleName(), hashCode(), connector, address, pathSpec); } } - static class AccessTuple + public static class AccessTuple { private final String connector; private final InetAddress address; diff --git a/tests/test-distribution/src/test/java/org/eclipse/jetty/tests/distribution/DistributionTests.java b/tests/test-distribution/src/test/java/org/eclipse/jetty/tests/distribution/DistributionTests.java index e1f6feddea00..7ba60185a7c3 100644 --- a/tests/test-distribution/src/test/java/org/eclipse/jetty/tests/distribution/DistributionTests.java +++ b/tests/test-distribution/src/test/java/org/eclipse/jetty/tests/distribution/DistributionTests.java @@ -1376,4 +1376,42 @@ public void testVirtualThreadPool() throws Exception } } } + + @Test + public void testInetAccessHandler() throws Exception + { + String jettyVersion = System.getProperty("jettyVersion"); + JettyHomeTester distribution = JettyHomeTester.Builder.newInstance() + .jettyVersion(jettyVersion) + .mavenLocalRepository(System.getProperty("mavenRepoPath")) + .build(); + + try (JettyHomeTester.Run run1 = distribution.start("--add-modules=inetaccess,http")) + { + assertTrue(run1.awaitFor(10, TimeUnit.SECONDS)); + assertEquals(0, run1.getExitValue()); + + int httpPort = distribution.freePort(); + List args = List.of( + "jetty.inetaccess.exclude=|/excludedPath/*", + "jetty.http.port=" + httpPort); + try (JettyHomeTester.Run run2 = distribution.start(args)) + { + assertTrue(run2.awaitConsoleLogsFor("Started Server@", 10, TimeUnit.SECONDS)); + startHttpClient(); + + // Excluded path returns 403 response. + ContentResponse response = client.newRequest("http://localhost:" + httpPort + "/excludedPath") + .timeout(15, TimeUnit.SECONDS) + .send(); + assertEquals(HttpStatus.FORBIDDEN_403, response.getStatus()); + + // Other paths return 404 response. + response = client.newRequest("http://localhost:" + httpPort + "/path") + .timeout(15, TimeUnit.SECONDS) + .send(); + assertEquals(HttpStatus.NOT_FOUND_404, response.getStatus()); + } + } + } }