diff --git a/jetty-server/src/main/config/modules/inetaccess.mod b/jetty-server/src/main/config/modules/inetaccess.mod
index 8716b1d4e798..acd2ceacfe75 100644
--- a/jetty-server/src/main/config/modules/inetaccess.mod
+++ b/jetty-server/src/main/config/modules/inetaccess.mod
@@ -2,7 +2,7 @@
[description]
Enables the InetAccessHandler.
-Applies a include/exclude control of the remote IP of requests.
+Applies an include/exclude control of the remote IP of requests.
[tags]
connector
@@ -18,15 +18,9 @@ etc/jetty-inetaccess.xml
[ini-template]
-## List of InetAddress patterns to include
-#jetty.inetaccess.include=127.0.0.1,127.0.0.2
+## List of InetAddress patterns to include (connectorName@addressPattern|pathSpec)
+#jetty.inetaccess.include=http@127.0.0.1-127.0.0.2|/pathSpec,tls@,|/pathSpec2,127.0.0.20
-## List of InetAddress patterns to exclude
-#jetty.inetaccess.exclude=127.0.0.1,127.0.0.2
-
-## List of Connector names to include
-#jetty.inetaccess.includeConnectors=http
-
-## List of Connector names to exclude
-#jetty.inetaccess.excludeConnectors=tls
+## List of InetAddress patterns to exclude (connectorName@addressPattern|pathSpec)
+#jetty.inetaccess.exclude=http@127.0.0.1-127.0.0.2|/pathSpec,tls@,|/pathSpec2,127.0.0.20
diff --git a/jetty-server/src/main/config/modules/inetaccess/inetaccess.xml b/jetty-server/src/main/config/modules/inetaccess/inetaccess.xml
deleted file mode 100644
index 34af6f2e8289..000000000000
--- a/jetty-server/src/main/config/modules/inetaccess/inetaccess.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-
-
-
-
-
-
-
- 127.0.0.1-127.0.0.255
- 127.0.0.128-127.0.0.129
-
-
-
-
diff --git a/jetty-server/src/main/config/modules/inetaccess/jetty-inetaccess.xml b/jetty-server/src/main/config/modules/inetaccess/jetty-inetaccess.xml
index e784968e37bc..f30fe062f66f 100644
--- a/jetty-server/src/main/config/modules/inetaccess/jetty-inetaccess.xml
+++ b/jetty-server/src/main/config/modules/inetaccess/jetty-inetaccess.xml
@@ -19,20 +19,6 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/InetAccessSet.java b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/InetAccessSet.java
index bb4327fb38b0..505512c4280a 100644
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/InetAccessSet.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/InetAccessSet.java
@@ -27,7 +27,7 @@
public class InetAccessSet extends AbstractSet implements Set, Predicate
{
- private ArrayList tuples = new ArrayList<>();
+ private final ArrayList tuples = new ArrayList<>();
@Override
public boolean add(PatternTuple storageTuple)
@@ -67,7 +67,7 @@ public boolean test(AccessTuple entry)
return false;
}
- static class PatternTuple implements Predicate
+ public static class PatternTuple implements Predicate
{
private final String connector;
private final InetAddressPattern address;
@@ -110,19 +110,22 @@ public boolean test(AccessTuple entry)
if ((connector != null) && !connector.equals(entry.getConnector()))
return false;
- // If we have a path we must must be at this path to match for an address.
+ // If we have a path we must be at this path to match for an address.
if ((pathSpec != null) && !pathSpec.matches(entry.getPath()))
return false;
// Match for InetAddress.
- if ((address != null) && !address.test(entry.getAddress()))
- return false;
+ return (address == null) || address.test(entry.getAddress());
+ }
- return true;
+ @Override
+ public String toString()
+ {
+ return String.format("%s@%x{connector=%s, addressPattern=%s, pathSpec=%s}", getClass().getSimpleName(), hashCode(), connector, address, pathSpec);
}
}
- static class AccessTuple
+ public static class AccessTuple
{
private final String connector;
private final InetAddress address;
diff --git a/tests/test-distribution/src/test/java/org/eclipse/jetty/tests/distribution/DistributionTests.java b/tests/test-distribution/src/test/java/org/eclipse/jetty/tests/distribution/DistributionTests.java
index e1f6feddea00..7ba60185a7c3 100644
--- a/tests/test-distribution/src/test/java/org/eclipse/jetty/tests/distribution/DistributionTests.java
+++ b/tests/test-distribution/src/test/java/org/eclipse/jetty/tests/distribution/DistributionTests.java
@@ -1376,4 +1376,42 @@ public void testVirtualThreadPool() throws Exception
}
}
}
+
+ @Test
+ public void testInetAccessHandler() throws Exception
+ {
+ String jettyVersion = System.getProperty("jettyVersion");
+ JettyHomeTester distribution = JettyHomeTester.Builder.newInstance()
+ .jettyVersion(jettyVersion)
+ .mavenLocalRepository(System.getProperty("mavenRepoPath"))
+ .build();
+
+ try (JettyHomeTester.Run run1 = distribution.start("--add-modules=inetaccess,http"))
+ {
+ assertTrue(run1.awaitFor(10, TimeUnit.SECONDS));
+ assertEquals(0, run1.getExitValue());
+
+ int httpPort = distribution.freePort();
+ List args = List.of(
+ "jetty.inetaccess.exclude=|/excludedPath/*",
+ "jetty.http.port=" + httpPort);
+ try (JettyHomeTester.Run run2 = distribution.start(args))
+ {
+ assertTrue(run2.awaitConsoleLogsFor("Started Server@", 10, TimeUnit.SECONDS));
+ startHttpClient();
+
+ // Excluded path returns 403 response.
+ ContentResponse response = client.newRequest("http://localhost:" + httpPort + "/excludedPath")
+ .timeout(15, TimeUnit.SECONDS)
+ .send();
+ assertEquals(HttpStatus.FORBIDDEN_403, response.getStatus());
+
+ // Other paths return 404 response.
+ response = client.newRequest("http://localhost:" + httpPort + "/path")
+ .timeout(15, TimeUnit.SECONDS)
+ .send();
+ assertEquals(HttpStatus.NOT_FOUND_404, response.getStatus());
+ }
+ }
+ }
}