Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-1543: Change IpAddressMatcher to return false when comparing an Inet6Address with an Inet4Address rather than raising an exception.

This commit is contained in:
Luke Taylor 2010-10-23 22:25:08 +01:00
parent cf0289bc02
commit 4de8b84b0d
2 changed files with 55 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
web/src/main/java/org/springframework/security/web/util/IpAddressMatcher.java
View File

@ -10,6 +10,9 @@ import org.springframework.util.StringUtils;
/** /**
* Matches a request based on IP Address or subnet mask matching against the remote address. * Matches a request based on IP Address or subnet mask matching against the remote address.
* <p>
* Both IPv6 and IPv4 addresses are supported, but a matcher which is configured with an IPv4 address will
* never match a request which returns an IPv6 address, and vice-versa.
* *
* @author Luke Taylor * @author Luke Taylor
* @since 3.0.2 * @since 3.0.2
@ -40,8 +43,7 @@ public class IpAddressMatcher implements RequestMatcher {
InetAddress remoteAddress = parseAddress(request.getRemoteAddr()); InetAddress remoteAddress = parseAddress(request.getRemoteAddr());
if (!requiredAddress.getClass().equals(remoteAddress.getClass())) { if (!requiredAddress.getClass().equals(remoteAddress.getClass())) {
throw new IllegalArgumentException("IP Address in expression must be the same type as " + return false;
"version returned by request");
} }
if (nMaskBits == 0) { if (nMaskBits == 0) {

51
web/src/test/java/org/springframework/security/web/util/IpAddressMatcherTests.java Normal file
View File

@ -0,0 +1,51 @@
package org.springframework.security.web.util;
import static org.junit.Assert.*;
import org.junit.Before;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
/**
* @author Luke Taylor
*/
public class IpAddressMatcherTests {
final IpAddressMatcher v6matcher = new IpAddressMatcher("fe80::21f:5bff:fe33:bd68");
final IpAddressMatcher v4matcher = new IpAddressMatcher("192.168.1.104");
MockHttpServletRequest ipv4Request = new MockHttpServletRequest();
MockHttpServletRequest ipv6Request = new MockHttpServletRequest();
@Before
public void setup() {
ipv6Request.setRemoteAddr("fe80::21f:5bff:fe33:bd68");
ipv4Request.setRemoteAddr("192.168.1.104");
}
@Test
public void ipv6MatcherMatchesIpv6Address() {
assertTrue(v6matcher.matches(ipv6Request));
}
@Test
public void ipv6MatcherDoesntMatchIpv4Address() {
assertFalse(v6matcher.matches(ipv4Request));
}
@Test
public void ipv4MatcherMatchesIpv4Address() {
assertTrue(v4matcher.matches(ipv4Request));
}
@Test
public void ipv4SubnetMatchesCorrectly() throws Exception {
IpAddressMatcher matcher = new IpAddressMatcher("192.168.1.0/24");
assertTrue(matcher.matches(ipv4Request));
matcher = new IpAddressMatcher("192.168.1.128/25");
assertFalse(matcher.matches(ipv4Request));
ipv4Request.setRemoteAddr("192.168.1.159"); // 159 = 0x9f
assertTrue(matcher.matches(ipv4Request));
}
}