Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge PR #10400 to 12.0.x for InetAccessHandler #10403

Merged
merged 8 commits into from
Aug 25, 2023
16 changes: 5 additions & 11 deletions jetty-core/jetty-server/src/main/config/modules/inetaccess.mod
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

[description]
Enables the InetAccessHandler.
Applies a include/exclude control of the remote IP of requests.
Applies an include/exclude control of the remote IP of requests.

[tags]
connector
Expand All @@ -18,15 +18,9 @@ etc/jetty-inetaccess.xml

[ini-template]

## List of InetAddress patterns to include
#jetty.inetaccess.include=127.0.0.1,127.0.0.2
## List of InetAddress patterns to include (connectorName@addressPattern|pathSpec)
#jetty.inetaccess.include=http@127.0.0.1-127.0.0.2|/pathSpec,tls@,|/pathSpec2,127.0.0.20

## List of InetAddress patterns to exclude
#jetty.inetaccess.exclude=127.0.0.1,127.0.0.2

## List of Connector names to include
#jetty.inetaccess.includeConnectors=http

## List of Connector names to exclude
#jetty.inetaccess.excludeConnectors=tls
## List of InetAddress patterns to exclude (connectorName@addressPattern|pathSpec)
#jetty.inetaccess.exclude=http@127.0.0.1-127.0.0.2|/pathSpec,tls@,|/pathSpec2,127.0.0.20

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -19,20 +19,6 @@
</Call>
</Arg>
</Call>
<Call name="includeConnectors">
<Arg>
<Call class="org.eclipse.jetty.util.StringUtil" name="csvSplit">
<Arg><Property name="jetty.inetaccess.includeConnectors" default="" /></Arg>
</Call>
</Arg>
</Call>
<Call name="excludeConnectors">
<Arg>
<Call class="org.eclipse.jetty.util.StringUtil" name="csvSplit">
<Arg><Property name="jetty.inetaccess.excludeConnectors" default="" /></Arg>
</Call>
</Arg>
</Call>
</New>
</Arg>
</Call>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -166,57 +166,6 @@ public void exclude(String connectorName, String addressPattern, PathSpec pathSp
_set.exclude(new PatternTuple(connectorName, InetAddressPattern.from(addressPattern), pathSpec));
}

/**
* Includes a connector name.
*
* @param name Connector name to include in this handler.
* @deprecated use {@link InetAccessHandler#include(String)} instead.
*/
@Deprecated
public void includeConnector(String name)
{
throw new UnsupportedOperationException();
}

/**
* Excludes a connector name.
*
* @param name Connector name to exclude in this handler.
* @deprecated use {@link InetAccessHandler#include(String)} instead.
*/
@Deprecated
public void excludeConnector(String name)
{
_set.exclude(new PatternTuple(name, null, null));
}

/**
* Includes connector names.
*
* @param names Connector names to include in this handler.
* @deprecated use {@link InetAccessHandler#include(String)} instead.
*/
@Deprecated
public void includeConnectors(String... names)
{
throw new UnsupportedOperationException();
}

/**
* Excludes connector names.
*
* @param names Connector names to exclude in this handler.
* @deprecated use {@link InetAccessHandler#include(String)} instead.
*/
@Deprecated
public void excludeConnectors(String... names)
{
for (String name : names)
{
excludeConnector(name);
}
}

@Override
public boolean handle(Request request, Response response, Callback callback) throws Exception
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@

public class InetAccessSet extends AbstractSet<InetAccessSet.PatternTuple> implements Set<InetAccessSet.PatternTuple>, Predicate<InetAccessSet.AccessTuple>
{
private ArrayList<PatternTuple> tuples = new ArrayList<>();
private final ArrayList<PatternTuple> tuples = new ArrayList<>();

@Override
public boolean add(PatternTuple storageTuple)
Expand Down Expand Up @@ -67,7 +67,7 @@ public boolean test(AccessTuple entry)
return false;
}

static class PatternTuple implements Predicate<AccessTuple>
public static class PatternTuple implements Predicate<AccessTuple>
{
private final String connector;
private final InetAddressPattern address;
Expand Down Expand Up @@ -110,19 +110,22 @@ public boolean test(AccessTuple entry)
if ((connector != null) && !connector.equals(entry.getConnector()))
return false;

// If we have a path we must must be at this path to match for an address.
// If we have a path we must be at this path to match for an address.
if ((pathSpec != null) && !pathSpec.matches(entry.getPath()))
return false;

// Match for InetAddress.
if ((address != null) && !address.test(entry.getAddress()))
return false;
return (address == null) || address.test(entry.getAddress());
}

return true;
@Override
public String toString()
{
return String.format("%s@%x{connector=%s, addressPattern=%s, pathSpec=%s}", getClass().getSimpleName(), hashCode(), connector, address, pathSpec);
}
}

static class AccessTuple
public static class AccessTuple
{
private final String connector;
private final InetAddress address;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1610,4 +1610,43 @@ public void testXmlDeployWarNotInWebapps(String env) throws Exception
}
}
}

@Test
public void testInetAccessHandler() throws Exception
{
Path jettyBase = newTestJettyBaseDirectory();
String jettyVersion = System.getProperty("jettyVersion");
JettyHomeTester distribution = JettyHomeTester.Builder.newInstance()
.jettyVersion(jettyVersion)
.jettyBase(jettyBase)
.build();

try (JettyHomeTester.Run run1 = distribution.start("--add-modules=inetaccess,http"))
{
assertTrue(run1.awaitFor(10, TimeUnit.SECONDS));
assertEquals(0, run1.getExitValue());

int httpPort = distribution.freePort();
List<String> args = List.of(
"jetty.inetaccess.exclude=|/excludedPath/*",
"jetty.http.port=" + httpPort);
try (JettyHomeTester.Run run2 = distribution.start(args))
{
assertTrue(run2.awaitConsoleLogsFor("Started oejs.Server@", START_TIMEOUT, TimeUnit.SECONDS));
startHttpClient();

// Excluded path returns 403 response.
ContentResponse response = client.newRequest("http://localhost:" + httpPort + "/excludedPath")
.timeout(15, TimeUnit.SECONDS)
.send();
assertEquals(HttpStatus.FORBIDDEN_403, response.getStatus());

// Other paths return 404 response.
response = client.newRequest("http://localhost:" + httpPort + "/path")
.timeout(15, TimeUnit.SECONDS)
.send();
assertEquals(HttpStatus.NOT_FOUND_404, response.getStatus());
}
}
}
}