Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Issue #1676 removed deprecated IPAddressMap and IPAccessHandler. Created module inetaccess.mod

This commit is contained in:
Greg Wilkins 2017-07-18 16:48:02 +02:00
parent 79cafb37a0
commit 3a4da94e1a
9 changed files with 28 additions and 1536 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
jetty-server/src/main/config/etc/jetty-ipaccess.xml
View File

@ -1,28 +0,0 @@
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
<!-- =============================================================== -->
<!-- The IP Access Handler -->
<!-- =============================================================== -->
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Call name="insertHandler">
<Arg>
<New id="IPAccessHandler" class="org.eclipse.jetty.server.handler.IPAccessHandler">
<Set name="white">
<Array type="String">
<Item>127.0.0.1</Item>
<Item>127.0.0.2/*.html</Item>
</Array>
</Set>
<Set name="black">
<Array type="String">
<Item>127.0.0.1/blacklisted</Item>
<Item>127.0.0.2/black.html</Item>
</Array>
</Set>
<Set name="whiteListByPath">false</Set>
</New>
</Arg>
</Call>
</Configure>

15
jetty-server/src/main/config/modules/inetaccess.mod Normal file
View File

@ -0,0 +1,15 @@
[description]
Enable the InetAccessHandler to apply a include/exclude
control of the remote IP of requests.
[tags]
handler
[depend]
server
[files]
basehome:modules/inetaccess/inetaccess.xml|etc/inetaccess.xml
[xml]
etc/inetaccess.xml

13
jetty-server/src/main/config/modules/inetaccess/inetaccess.xml Normal file
View File

@ -0,0 +1,13 @@
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Call name="insertHandler">
<Arg>
<New id="InetAccessHandler" class="org.eclipse.jetty.server.handler.InetAccessHandler">
<Call name="include"><Arg>127.0.0.1-127.0.0.255</Arg></Call>
<Call name="exclude"><Arg>127.0.0.128-127.0.0.129</Arg></Call>
</New>
</Arg>
</Call>
</Configure>

12
jetty-server/src/main/config/modules/ipaccess.mod
View File

@ -1,12 +0,0 @@
[description]
Enable the ipaccess handler to apply a white/black list
control of the remote IP of requests.
[tags]
handler
[depend]
server
[xml]
etc/jetty-ipaccess.xml

386
jetty-server/src/main/java/org/eclipse/jetty/server/handler/IPAccessHandler.java
View File

@ -1,386 +0,0 @@
//
// ========================================================================
// Copyright (c) 1995-2017 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty.server.handler;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.http.HttpStatus;
import org.eclipse.jetty.http.PathMap;
import org.eclipse.jetty.io.EndPoint;
import org.eclipse.jetty.server.HttpChannel;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.util.IPAddressMap;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
/**
* IP Access Handler
* <p>
* Controls access to the wrapped handler by the real remote IP. Control is provided
* by white/black lists that include both internet addresses and URIs. This handler
* uses the real internet address of the connection, not one reported in the forwarded
* for headers, as this cannot be as easily forged.
* <p>
* Typically, the black/white lists will be used in one of three modes:
* <ul>
* <li>Blocking a few specific IPs/URLs by specifying several black list entries.
* <li>Allowing only some specific IPs/URLs by specifying several white lists entries.
* <li>Allowing a general range of IPs/URLs by specifying several general white list
* entries, that are then further refined by several specific black list exceptions
* </ul>
* <p>
* By default an empty white list is treated as match all. If there is at least one entry in
* the white list, then a request must match a white list entry. Black list entries
* are always applied, so that even if an entry matches the white list, a black list
* entry will override it.
* <p>
* You can change white list policy setting whiteListByPath to true. In this mode a request will be white listed
* IF it has a matching URL in the white list, otherwise the black list applies, e.g. in default mode when
* whiteListByPath = false and wl = "127.0.0.1|/foo", /bar request from 127.0.0.1 will be blacklisted,
* if whiteListByPath=true then not.
* <p>
* Internet addresses may be specified as absolute address or as a combination of
* four octet wildcard specifications (a.b.c.d) that are defined as follows.
* </p>
* <pre>
* nnn - an absolute value (0-255)
* mmm-nnn - an inclusive range of absolute values,
* with following shorthand notations:
* nnn- =&gt; nnn-255
* -nnn =&gt; 0-nnn
* - =&gt; 0-255
* a,b,... - a list of wildcard specifications
* </pre>
* <p>
* Internet address specification is separated from the URI pattern using the "|" (pipe)
* character. URI patterns follow the servlet specification for simple * prefix and
* suffix wild cards (e.g. /, /foo, /foo/bar, /foo/bar/*, *.baz).
* <p>
* Earlier versions of the handler used internet address prefix wildcard specification
* to define a range of the internet addresses (e.g. 127., 10.10., 172.16.1.).
* They also used the first "/" character of the URI pattern to separate it from the
* internet address. Both of these features have been deprecated in the current version.
* <p>
* Examples of the entry specifications are:
* <ul>
* <li>10.10.1.2 - all requests from IP 10.10.1.2
* <li>10.10.1.2|/foo/bar - all requests from IP 10.10.1.2 to URI /foo/bar
* <li>10.10.1.2|/foo/* - all requests from IP 10.10.1.2 to URIs starting with /foo/
* <li>10.10.1.2|*.html - all requests from IP 10.10.1.2 to URIs ending with .html
* <li>10.10.0-255.0-255 - all requests from IPs within 10.10.0.0/16 subnet
* <li>10.10.0-.-255|/foo/bar - all requests from IPs within 10.10.0.0/16 subnet to URI /foo/bar
* <li>10.10.0-3,1,3,7,15|/foo/* - all requests from IPs addresses with last octet equal
* to 1,3,7,15 in subnet 10.10.0.0/22 to URIs starting with /foo/
* </ul>
* <p>
* Earlier versions of the handler used internet address prefix wildcard specification
* to define a range of the internet addresses (e.g. 127., 10.10., 172.16.1.).
* They also used the first "/" character of the URI pattern to separate it from the
* internet address. Both of these features have been deprecated in the current version.
* @deprecated
* @see InetAccessHandler
*/
public class IPAccessHandler extends HandlerWrapper
{
private static final Logger LOG = Log.getLogger(IPAccessHandler.class);
// true means nodefault match
PathMap<IPAddressMap<Boolean>> _white = new PathMap<IPAddressMap<Boolean>>(true);
PathMap<IPAddressMap<Boolean>> _black = new PathMap<IPAddressMap<Boolean>>(true);
boolean _whiteListByPath = false;
/* ------------------------------------------------------------ */
/**
* Creates new handler object
*/
public IPAccessHandler()
{
super();
}
/* ------------------------------------------------------------ */
/**
* Creates new handler object and initializes white- and black-list
*
* @param white array of whitelist entries
* @param black array of blacklist entries
*/
public IPAccessHandler(String[] white, String []black)
{
super();
if (white != null && white.length > 0)
setWhite(white);
if (black != null && black.length > 0)
setBlack(black);
}
/* ------------------------------------------------------------ */
/**
* Add a whitelist entry to an existing handler configuration
*
* @param entry new whitelist entry
*/
public void addWhite(String entry)
{
add(entry, _white);
}
/* ------------------------------------------------------------ */
/**
* Add a blacklist entry to an existing handler configuration
*
* @param entry new blacklist entry
*/
public void addBlack(String entry)
{
add(entry, _black);
}
/* ------------------------------------------------------------ */
/**
* Re-initialize the whitelist of existing handler object
*
* @param entries array of whitelist entries
*/
public void setWhite(String[] entries)
{
set(entries, _white);
}
/* ------------------------------------------------------------ */
/**
* Re-initialize the blacklist of existing handler object
*
* @param entries array of blacklist entries
*/
public void setBlack(String[] entries)
{
set(entries, _black);
}
/* ------------------------------------------------------------ */
/**
* Re-initialize the mode of path matching
*
* @param whiteListByPath matching mode
*/
public void setWhiteListByPath(boolean whiteListByPath)
{
this._whiteListByPath = whiteListByPath;
}
/* ------------------------------------------------------------ */
/**
* Checks the incoming request against the whitelist and blacklist
*
* @see org.eclipse.jetty.server.handler.HandlerWrapper#handle(java.lang.String, org.eclipse.jetty.server.Request, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
@Override
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
{
// Get the real remote IP (not the one set by the forwarded headers (which may be forged))
HttpChannel channel = baseRequest.getHttpChannel();
if (channel!=null)
{
EndPoint endp=channel.getEndPoint();
if (endp!=null)
{
InetSocketAddress address = endp.getRemoteAddress();
if (address!=null && !isAddrUriAllowed(address.getHostString(),baseRequest.getPathInfo()))
{
response.sendError(HttpStatus.FORBIDDEN_403);
baseRequest.setHandled(true);
return;
}
}
}
getHandler().handle(target,baseRequest, request, response);
}
/* ------------------------------------------------------------ */
/**
* Helper method to parse the new entry and add it to
* the specified address pattern map.
*
* @param entry new entry
* @param patternMap target address pattern map
*/
protected void add(String entry, PathMap<IPAddressMap<Boolean>> patternMap)
{
if (entry != null && entry.length() > 0)
{
boolean deprecated = false;
int idx;
if (entry.indexOf('|') > 0 )
{
idx = entry.indexOf('|');
}
else
{
idx = entry.indexOf('/');
deprecated = (idx >= 0);
}
String addr = idx > 0 ? entry.substring(0,idx) : entry;
String path = idx > 0 ? entry.substring(idx) : "/*";
if (addr.endsWith("."))
deprecated = true;
if (path!=null && (path.startsWith("|") || path.startsWith("/*.")))
path=path.substring(1);
IPAddressMap<Boolean> addrMap = patternMap.get(path);
if (addrMap == null)
{
addrMap = new IPAddressMap<Boolean>();
patternMap.put(path,addrMap);
}
if (addr != null && !"".equals(addr))
// MUST NOT BE null
addrMap.put(addr, true);
if (deprecated)
LOG.debug(toString() +" - deprecated specification syntax: "+entry);
}
}
/* ------------------------------------------------------------ */
/**
* Helper method to process a list of new entries and replace
* the content of the specified address pattern map
*
* @param entries new entries
* @param patternMap target address pattern map
*/
protected void set(String[] entries, PathMap<IPAddressMap<Boolean>> patternMap)
{
patternMap.clear();
if (entries != null && entries.length > 0)
{
for (String addrPath:entries)
{
add(addrPath, patternMap);
}
}
}
/* ------------------------------------------------------------ */
/**
* Check if specified request is allowed by current IPAccess rules.
*
* @param addr internet address
* @param path context path
* @return true if request is allowed
*
*/
protected boolean isAddrUriAllowed(String addr, String path)
{
if (_white.size()>0)
{
boolean match = false;
boolean matchedByPath = false;
for (Map.Entry<String,IPAddressMap<Boolean>> entry : _white.getMatches(path))
{
matchedByPath=true;
IPAddressMap<Boolean> addrMap = entry.getValue();
if ((addrMap!=null && (addrMap.size()==0 || addrMap.match(addr)!=null)))
{
match=true;
break;
}
}
if (_whiteListByPath)
{
if (matchedByPath && !match)
return false;
}
else
{
if (!match)
return false;
}
}
if (_black.size() > 0)
{
for (Map.Entry<String,IPAddressMap<Boolean>> entry : _black.getMatches(path))
{
IPAddressMap<Boolean> addrMap = entry.getValue();
if (addrMap!=null && (addrMap.size()==0 || addrMap.match(addr)!=null))
return false;
}
}
return true;
}
/* ------------------------------------------------------------ */
/**
* Dump the handler configuration
*/
@Override
public String dump()
{
StringBuilder buf = new StringBuilder();
buf.append(toString());
buf.append(" WHITELIST:\n");
dump(buf, _white);
buf.append(toString());
buf.append(" BLACKLIST:\n");
dump(buf, _black);
return buf.toString();
}
/* ------------------------------------------------------------ */
/**
* Dump a pattern map into a StringBuilder buffer
*
* @param buf buffer
* @param patternMap pattern map to dump
*/
protected void dump(StringBuilder buf, PathMap<IPAddressMap<Boolean>> patternMap)
{
for (String path: patternMap.keySet())
{
for (String addr: patternMap.get(path).keySet())
{
buf.append("# ");
buf.append(addr);
buf.append("|");
buf.append(path);
buf.append("\n");
}
}
}
}

565
jetty-server/src/test/java/org/eclipse/jetty/server/handler/IPAccessHandlerTest.java
View File

@ -1,565 +0,0 @@
//
// ========================================================================
// Copyright (c) 1995-2017 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty.server.handler;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import java.io.BufferedReader;
import java.io.EOFException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.Socket;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Collection;
import java.util.LinkedHashMap;
import java.util.Locale;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.http.HttpStatus;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.NetworkConnector;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.junit.runners.Parameterized.Parameters;
@RunWith(Parameterized.class)
public class IPAccessHandlerTest
{
private static Server _server;
private static NetworkConnector _connector;
private static IPAccessHandler _handler;
private String _white;
private String _black;
private String _host;
private String _uri;
private String _code;
private boolean _byPath;
@BeforeClass
public static void setUp()
throws Exception
{
_server = new Server();
_connector = new ServerConnector(_server);
_server.setConnectors(new Connector[] { _connector });
_handler = new IPAccessHandler();
_handler.setHandler(new AbstractHandler()
{
@Override
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
{
baseRequest.setHandled(true);
response.setStatus(HttpStatus.OK_200);
}
});
_server.setHandler(_handler);
_server.start();
}
/* ------------------------------------------------------------ */
@AfterClass
public static void tearDown()
throws Exception
{
_server.stop();
}
/* ------------------------------------------------------------ */
public IPAccessHandlerTest(String white, String black, String host, String uri, String code, boolean byPath)
{
_white = white;
_black = black;
_host = host;
_uri = uri;
_code = code;
_byPath = byPath;
}
/* ------------------------------------------------------------ */
@Test
public void testHandler()
throws Exception
{
_handler.setWhite(_white.split(";",-1));
_handler.setBlack(_black.split(";",-1));
_handler.setWhiteListByPath(_byPath);
String request = "GET " + _uri + " HTTP/1.1\n" + "Host: "+ _host + "\n\n";
Socket socket = new Socket("127.0.0.1", _connector.getLocalPort());
socket.setSoTimeout(5000);
try
{
OutputStream output = socket.getOutputStream();
BufferedReader input = new BufferedReader(new InputStreamReader(socket.getInputStream()));
output.write(request.getBytes(StandardCharsets.UTF_8));
output.flush();
Response response = readResponse(input);
Object[] params = new Object[]{
"Request WBHUC", _white, _black, _host, _uri, _code,
"Response", response.getCode()};
assertEquals(Arrays.deepToString(params), _code, response.getCode());
}
finally
{
socket.close();
}
}
/* ------------------------------------------------------------ */
protected Response readResponse(BufferedReader reader)
throws IOException
{
// Simplified parser for HTTP responses
String line = reader.readLine();
if (line == null)
throw new EOFException();
Matcher responseLine = Pattern.compile("HTTP/1\\.1\\s+(\\d+)").matcher(line);
assertTrue(responseLine.lookingAt());
String code = responseLine.group(1);
Map<String, String> headers = new LinkedHashMap<String, String>();
while ((line = reader.readLine()) != null)
{
if (line.trim().length() == 0)
break;
Matcher header = Pattern.compile("([^:]+):\\s*(.*)").matcher(line);
assertTrue(header.lookingAt());
String headerName = header.group(1);
String headerValue = header.group(2);
headers.put(headerName.toLowerCase(Locale.ENGLISH), headerValue.toLowerCase(Locale.ENGLISH));
}
StringBuilder body = new StringBuilder();
if (headers.containsKey("content-length"))
{
int length = Integer.parseInt(headers.get("content-length"));
for (int i = 0; i < length; ++i)
{
char c = (char)reader.read();
body.append(c);
}
}
else if ("chunked".equals(headers.get("transfer-encoding")))
{
while ((line = reader.readLine()) != null)
{
if ("0".equals(line))
{
line = reader.readLine();
assertEquals("", line);
break;
}
int length = Integer.parseInt(line, 16);
for (int i = 0; i < length; ++i)
{
char c = (char)reader.read();
body.append(c);
}
line = reader.readLine();
assertEquals("", line);
}
}
return new Response(code, headers, body.toString().trim());
}
/* ------------------------------------------------------------ */
protected class Response
{
private final String code;
private final Map<String, String> headers;
private final String body;
/* ------------------------------------------------------------ */
private Response(String code, Map<String, String> headers, String body)
{
this.code = code;
this.headers = headers;
this.body = body;
}
/* ------------------------------------------------------------ */
public String getCode()
{
return code;
}
/* ------------------------------------------------------------ */
public Map<String, String> getHeaders()
{
return headers;
}
/* ------------------------------------------------------------ */
public String getBody()
{
return body;
}
/* ------------------------------------------------------------ */
@Override
public String toString()
{
StringBuilder builder = new StringBuilder();
builder.append(code).append("\r\n");
for (Map.Entry<String, String> entry : headers.entrySet())
builder.append(entry.getKey()).append(": ").append(entry.getValue()).append("\r\n");
builder.append("\r\n");
builder.append(body);
return builder.toString();
}
}
/* ------------------------------------------------------------ */
@Parameters
public static Collection<Object[]> data() {
Object[][] data = new Object[][] {
// Empty lists
{"", "", "127.0.0.1", "/", "200", false},
{"", "", "127.0.0.1", "/dump/info", "200", false},
// White list
{"127.0.0.1", "", "127.0.0.1", "/", "200", false},
{"127.0.0.1", "", "127.0.0.1", "/dispatch", "200", false},
{"127.0.0.1", "", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.1|/", "", "127.0.0.1", "/", "200", false},
{"127.0.0.1|/", "", "127.0.0.1", "/dispatch", "403", false},
{"127.0.0.1|/", "", "127.0.0.1", "/dump/info", "403", false},
{"127.0.0.1|/*", "", "127.0.0.1", "/", "200", false},
{"127.0.0.1|/*", "", "127.0.0.1", "/dispatch", "200", false},
{"127.0.0.1|/*", "", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.1|/dump/*", "", "127.0.0.1", "/", "403", false},
{"127.0.0.1|/dump/*", "", "127.0.0.1", "/dispatch", "403", false},
{"127.0.0.1|/dump/*", "", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.1|/dump/*", "", "127.0.0.1", "/dump/test", "200", false},
{"127.0.0.1|/dump/info", "", "127.0.0.1", "/", "403", false},
{"127.0.0.1|/dump/info", "", "127.0.0.1", "/dispatch", "403", false},
{"127.0.0.1|/dump/info", "", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.1|/dump/info", "", "127.0.0.1", "/dump/test", "403", false},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/", "403", false},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dispatch", "403", false},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/test", "200", false},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/fail", "403", false},
{"127.0.0.0-2|", "", "127.0.0.1", "/", "200", false},
{"127.0.0.0-2|", "", "127.0.0.1", "/dump/info", "403", false},
{"127.0.0.0-2|/", "", "127.0.0.1", "/", "200", false},
{"127.0.0.0-2|/", "", "127.0.0.1", "/dispatch", "403", false},
{"127.0.0.0-2|/", "", "127.0.0.1", "/dump/info", "403", false},
{"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/", "403", false},
{"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/dispatch", "403", false},
{"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/", "403", false},
{"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dispatch", "403", false},
{"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dump/test", "403", false},
{"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/", "403", false},
{"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dispatch", "403", false},
{"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/test", "200", false},
{"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/fail", "403", false},
// Black list
{"", "127.0.0.1", "127.0.0.1", "/", "403", false},
{"", "127.0.0.1", "127.0.0.1", "/dispatch", "403", false},
{"", "127.0.0.1", "127.0.0.1", "/dump/info", "403", false},
{"", "127.0.0.1|/", "127.0.0.1", "/", "403", false},
{"", "127.0.0.1|/", "127.0.0.1", "/dispatch", "200", false},
{"", "127.0.0.1|/", "127.0.0.1", "/dump/info", "200", false},
{"", "127.0.0.1|/*", "127.0.0.1", "/", "403", false},
{"", "127.0.0.1|/*", "127.0.0.1", "/dispatch", "403", false},
{"", "127.0.0.1|/*", "127.0.0.1", "/dump/info", "403", false},
{"", "127.0.0.1|/dump/*", "127.0.0.1", "/", "200", false},
{"", "127.0.0.1|/dump/*", "127.0.0.1", "/dispatch", "200", false},
{"", "127.0.0.1|/dump/*", "127.0.0.1", "/dump/info", "403", false},
{"", "127.0.0.1|/dump/*", "127.0.0.1", "/dump/test", "403", false},
{"", "127.0.0.1|/dump/info", "127.0.0.1", "/", "200", false},
{"", "127.0.0.1|/dump/info", "127.0.0.1", "/dispatch", "200", false},
{"", "127.0.0.1|/dump/info", "127.0.0.1", "/dump/info", "403", false},
{"", "127.0.0.1|/dump/info", "127.0.0.1", "/dump/test", "200", false},
{"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/", "200", false},
{"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dispatch", "200", false},
{"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/info", "403", false},
{"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/test", "403", false},
{"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/fail", "200", false},
{"", "127.0.0.0-2|", "127.0.0.1", "/", "403", false},
{"", "127.0.0.0-2|", "127.0.0.1", "/dump/info", "200", false},
{"", "127.0.0.0-2|/", "127.0.0.1", "/", "403", false},
{"", "127.0.0.0-2|/", "127.0.0.1", "/dispatch", "200", false},
{"", "127.0.0.0-2|/", "127.0.0.1", "/dump/info", "200", false},
{"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/", "200", false},
{"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/dispatch", "200", false},
{"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/dump/info", "403", false},
{"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/", "200", false},
{"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dispatch", "200", false},
{"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dump/info", "403", false},
{"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dump/test", "200", false},
{"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/", "200", false},
{"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dispatch", "200", false},
{"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/info", "403", false},
{"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/test", "403", false},
{"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/fail", "200", false},
// Both lists
{"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200", false},
{"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "403", false},
{"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", false},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200", false},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", false},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200", false},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/test", "403", false},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", false},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump", "403", false},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/test", "403", false},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/fail", "403", false},
{"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/", "200", false},
{"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/dump/fail", "403", false},
// Different address
{"127.0.0.2", "", "127.0.0.1", "/", "403", false},
{"127.0.0.2", "", "127.0.0.1", "/dump/info", "403", false},
{"127.0.0.2|/dump/*", "", "127.0.0.1", "/", "403", false},
{"127.0.0.2|/dump/*", "", "127.0.0.1", "/dump/info", "403", false},
{"127.0.0.2|/dump/info", "", "127.0.0.1", "/", "403", false},
{"127.0.0.2|/dump/info", "", "127.0.0.1", "/dump/info", "403", false},
{"127.0.0.2|/dump/info", "", "127.0.0.1", "/dump/test", "403", false},
{"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/", "403", false},
{"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dispatch", "403", false},
{"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/test", "403", false},
{"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/fail", "403", false},
{"172.0.0.0-255", "", "127.0.0.1", "/", "403", false},
{"172.0.0.0-255", "", "127.0.0.1", "/dump/info", "403", false},
{"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/", "403", false},
{"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/dispatch", "403", false},
{"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/dump/info", "200", false},
/*-----------------------------------------------------------------------------------------*/
// Match by path starts with [117]
// test cases affected by _whiteListByPath highlighted accordingly
{"", "", "127.0.0.1", "/", "200", true},
{"", "", "127.0.0.1", "/dump/info", "200", true},
// White list
{"127.0.0.1", "", "127.0.0.1", "/", "200", true},
{"127.0.0.1", "", "127.0.0.1", "/dispatch", "200", true},
{"127.0.0.1", "", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.1|/", "", "127.0.0.1", "/", "200", true},
{"127.0.0.1|/", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
{"127.0.0.1|/", "", "127.0.0.1", "/dump/info", "200", true}, // _whiteListByPath
{"127.0.0.1|/*", "", "127.0.0.1", "/", "200", true},
{"127.0.0.1|/*", "", "127.0.0.1", "/dispatch", "200", true},
{"127.0.0.1|/*", "", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.1|/dump/*", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump/*", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump/*", "", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.1|/dump/*", "", "127.0.0.1", "/dump/test", "200", true},
{"127.0.0.1|/dump/info", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump/info", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump/info", "", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.1|/dump/info", "", "127.0.0.1", "/dump/test", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/test", "200", true},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/fail", "200", true}, // _whiteListByPath
{"127.0.0.0-2|", "", "127.0.0.1", "/", "200", true},
{"127.0.0.0-2|", "", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.0-2|/", "", "127.0.0.1", "/", "200", true},
{"127.0.0.0-2|/", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
{"127.0.0.0-2|/", "", "127.0.0.1", "/dump/info", "200", true}, // _whiteListByPath
{"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
{"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
{"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
{"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
{"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dump/test", "200", true}, // _whiteListByPath
{"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
{"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
{"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/test", "200", true},
{"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/fail", "200", true}, // _whiteListByPath
// Black list
{"", "127.0.0.1", "127.0.0.1", "/", "403", true},
{"", "127.0.0.1", "127.0.0.1", "/dispatch", "403", true},
{"", "127.0.0.1", "127.0.0.1", "/dump/info", "403", true},
{"", "127.0.0.1|/", "127.0.0.1", "/", "403", true},
{"", "127.0.0.1|/", "127.0.0.1", "/dispatch", "200", true},
{"", "127.0.0.1|/", "127.0.0.1", "/dump/info", "200", true},
{"", "127.0.0.1|/*", "127.0.0.1", "/", "403", true},
{"", "127.0.0.1|/*", "127.0.0.1", "/dispatch", "403", true},
{"", "127.0.0.1|/*", "127.0.0.1", "/dump/info", "403", true},
{"", "127.0.0.1|/dump/*", "127.0.0.1", "/", "200", true},
{"", "127.0.0.1|/dump/*", "127.0.0.1", "/dispatch", "200", true},
{"", "127.0.0.1|/dump/*", "127.0.0.1", "/dump/info", "403", true},
{"", "127.0.0.1|/dump/*", "127.0.0.1", "/dump/test", "403", true},
{"", "127.0.0.1|/dump/info", "127.0.0.1", "/", "200", true},
{"", "127.0.0.1|/dump/info", "127.0.0.1", "/dispatch", "200", true},
{"", "127.0.0.1|/dump/info", "127.0.0.1", "/dump/info", "403", true},
{"", "127.0.0.1|/dump/info", "127.0.0.1", "/dump/test", "200", true},
{"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/", "200", true},
{"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dispatch", "200", true},
{"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/info", "403", true},
{"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/test", "403", true},
{"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/fail", "200", true},
{"", "127.0.0.0-2|", "127.0.0.1", "/", "403", true},
{"", "127.0.0.0-2|", "127.0.0.1", "/dump/info", "200", true},
{"", "127.0.0.0-2|/", "127.0.0.1", "/", "403", true},
{"", "127.0.0.0-2|/", "127.0.0.1", "/dispatch", "200", true},
{"", "127.0.0.0-2|/", "127.0.0.1", "/dump/info", "200", true},
{"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/", "200", true},
{"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/dispatch", "200", true},
{"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/dump/info", "403", true},
{"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/", "200", true},
{"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dispatch", "200", true},
{"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dump/info", "403", true},
{"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dump/test", "200", true},
{"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/", "200", true},
{"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dispatch", "200", true},
{"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/info", "403", true},
{"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/test", "403", true},
{"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/fail", "200", true},
// Both lists
{"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200", true},
{"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", true},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200", true},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", true},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200", true},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/test", "403", true},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", true},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/test", "403", true},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/fail", "200", true}, // _whiteListByPath
{"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/", "200", true},
{"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/dump/fail", "403", true},
// Different address
{"127.0.0.2", "", "127.0.0.1", "/", "403", true},
{"127.0.0.2", "", "127.0.0.1", "/dump/info", "403", true},
{"127.0.0.2|/dump/*", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
{"127.0.0.2|/dump/*", "", "127.0.0.1", "/dump/info", "403", true},
{"127.0.0.2|/dump/info", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
{"127.0.0.2|/dump/info", "", "127.0.0.1", "/dump/info", "403", true},
{"127.0.0.2|/dump/info", "", "127.0.0.1", "/dump/test", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/test", "403", true},
{"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/fail", "200", true}, // _whiteListByPath
{"172.0.0.0-255", "", "127.0.0.1", "/", "403", true},
{"172.0.0.0-255", "", "127.0.0.1", "/dump/info", "403", true},
{"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
{"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
{"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/dump/info", "200", true},
};
return Arrays.asList(data);
};
}

366
jetty-util/src/main/java/org/eclipse/jetty/util/IPAddressMap.java
View File

@ -1,366 +0,0 @@
//
// ========================================================================
// Copyright (c) 1995-2017 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty.util;
import java.util.BitSet;
import java.util.HashMap;
import java.util.Map;
import java.util.StringTokenizer;
/* ------------------------------------------------------------ */
/**
* Internet address map to object
* <p>
* Internet addresses may be specified as absolute address or as a combination of
* four octet wildcard specifications (a.b.c.d) that are defined as follows.
* </p>
* <pre>
* nnn - an absolute value (0-255)
* mmm-nnn - an inclusive range of absolute values,
* with following shorthand notations:
* nnn- =&gt; nnn-255
* -nnn =&gt; 0-nnn
* - =&gt; 0-255
* a,b,... - a list of wildcard specifications
* </pre>
* @param <TYPE> the Map Entry value type
* @deprecated
*/
@SuppressWarnings("serial")
public class IPAddressMap<TYPE> extends HashMap<String, TYPE>
{
private final HashMap<String,IPAddrPattern> _patterns = new HashMap<String,IPAddrPattern>();
/* --------------------------------------------------------------- */
/** Construct empty IPAddressMap.
*/
public IPAddressMap()
{
super(11);
}
/* --------------------------------------------------------------- */
/** Construct empty IPAddressMap.
*
* @param capacity initial capacity
*/
public IPAddressMap(int capacity)
{
super (capacity);
}
/* ------------------------------------------------------------ */
/**
* Insert a new internet address into map
*
* @see java.util.HashMap#put(java.lang.Object, java.lang.Object)
*/
@Override
public TYPE put(String addrSpec, TYPE object)
throws IllegalArgumentException
{
if (addrSpec == null || addrSpec.trim().length() == 0)
throw new IllegalArgumentException("Invalid IP address pattern: "+addrSpec);
String spec = addrSpec.trim();
if (_patterns.get(spec) == null)
_patterns.put(spec,new IPAddrPattern(spec));
return super.put(spec, object);
}
/* ------------------------------------------------------------ */
/**
* Retrieve the object mapped to the specified internet address literal
*
* @see java.util.HashMap#get(java.lang.Object)
*/
@Override
public TYPE get(Object key)
{
return super.get(key);
}
/* ------------------------------------------------------------ */
/**
* Retrieve the first object that is associated with the specified
* internet address by taking into account the wildcard specifications.
*
* @param addr internet address
* @return associated object
*/
public TYPE match(String addr)
{
Map.Entry<String, TYPE> entry = getMatch(addr);
return entry==null ? null : entry.getValue();
}
/* ------------------------------------------------------------ */
/**
* Retrieve the first map entry that is associated with the specified
* internet address by taking into account the wildcard specifications.
*
* @param addr internet address
* @return map entry associated
*/
public Map.Entry<String, TYPE> getMatch(String addr)
{
if (addr != null)
{
for(Map.Entry<String, TYPE> entry: super.entrySet())
{
if (_patterns.get(entry.getKey()).match(addr))
{
return entry;
}
}
}
return null;
}
/* ------------------------------------------------------------ */
/**
* Retrieve a lazy list of map entries associated with specified
* internet address by taking into account the wildcard specifications.
*
* @param addr internet address
* @return lazy list of map entries
*/
public Object getLazyMatches(String addr)
{
if (addr == null)
return LazyList.getList(super.entrySet());
Object entries = null;
for(Map.Entry<String, TYPE> entry: super.entrySet())
{
if (_patterns.get(entry.getKey()).match(addr))
{
entries = LazyList.add(entries,entry);
}
}
return entries;
}
/* ------------------------------------------------------------ */
/**
* IPAddrPattern
*
* Represents internet address wildcard.
* Matches the wildcard to provided internet address.
*/
private static class IPAddrPattern
{
private final OctetPattern[] _octets = new OctetPattern[4];
/* ------------------------------------------------------------ */
/**
* Create new IPAddrPattern
*
* @param value internet address wildcard specification
* @throws IllegalArgumentException if wildcard specification is invalid
*/
public IPAddrPattern(String value)
throws IllegalArgumentException
{
if (value == null || value.trim().length() == 0)
throw new IllegalArgumentException("Invalid IP address pattern: "+value);
try
{
StringTokenizer parts = new StringTokenizer(value, ".");
String part;
for (int idx=0; idx<4; idx++)
{
part = parts.hasMoreTokens() ? parts.nextToken().trim() : "0-255";
int len = part.length();
if (len == 0 && parts.hasMoreTokens())
throw new IllegalArgumentException("Invalid IP address pattern: "+value);
_octets[idx] = new OctetPattern(len==0 ? "0-255" : part);
}
}
catch (IllegalArgumentException ex)
{
throw new IllegalArgumentException("Invalid IP address pattern: "+value, ex);
}
}
/* ------------------------------------------------------------ */
/**
* Match the specified internet address against the wildcard
*
* @param value internet address
* @return true if specified internet address matches wildcard specification
*
* @throws IllegalArgumentException if specified internet address is invalid
*/
public boolean match(String value)
throws IllegalArgumentException
{
if (value == null || value.trim().length() == 0)
throw new IllegalArgumentException("Invalid IP address: "+value);
try
{
StringTokenizer parts = new StringTokenizer(value, ".");
boolean result = true;
for (int idx=0; idx<4; idx++)
{
if (!parts.hasMoreTokens())
throw new IllegalArgumentException("Invalid IP address: "+value);
if (!(result &= _octets[idx].match(parts.nextToken())))
break;
}
return result;
}
catch (IllegalArgumentException ex)
{
throw new IllegalArgumentException("Invalid IP address: "+value, ex);
}
}
}
/* ------------------------------------------------------------ */
/**
* OctetPattern
*
* Represents a single octet wildcard.
* Matches the wildcard to the specified octet value.
*/
private static class OctetPattern extends BitSet
{
private final BitSet _mask = new BitSet(256);
/* ------------------------------------------------------------ */
/**
* Create new OctetPattern
*
* @param octetSpec octet wildcard specification
* @throws IllegalArgumentException if wildcard specification is invalid
*/
public OctetPattern(String octetSpec)
throws IllegalArgumentException
{
try
{
if (octetSpec != null)
{
String spec = octetSpec.trim();
if(spec.length() == 0)
{
_mask.set(0,255);
}
else
{
StringTokenizer parts = new StringTokenizer(spec,",");
while (parts.hasMoreTokens())
{
String part = parts.nextToken().trim();
if (part.length() > 0)
{
if (part.indexOf('-') < 0)
{
Integer value = Integer.valueOf(part);
_mask.set(value);
}
else
{
int low = 0, high = 255;
String[] bounds = part.split("-",-2);
if (bounds.length != 2)
{
throw new IllegalArgumentException("Invalid octet spec: "+octetSpec);
}
if (bounds[0].length() > 0)
{
low = Integer.parseInt(bounds[0]);
}
if (bounds[1].length() > 0)
{
high = Integer.parseInt(bounds[1]);
}
if (low > high)
{
throw new IllegalArgumentException("Invalid octet spec: "+octetSpec);
}
_mask.set(low, high+1);
}
}
}
}
}
}
catch (NumberFormatException ex)
{
throw new IllegalArgumentException("Invalid octet spec: "+octetSpec, ex);
}
}
/* ------------------------------------------------------------ */
/**
* Match specified octet value against the wildcard
*
* @param value octet value
* @return true if specified octet value matches the wildcard
* @throws IllegalArgumentException if specified octet value is invalid
*/
public boolean match(String value)
throws IllegalArgumentException
{
if (value == null || value.trim().length() == 0)
throw new IllegalArgumentException("Invalid octet: "+value);
try
{
int number = Integer.parseInt(value);
return match(number);
}
catch (NumberFormatException ex)
{
throw new IllegalArgumentException("Invalid octet: "+value);
}
}
/* ------------------------------------------------------------ */
/**
* Match specified octet value against the wildcard
*
* @param number octet value
* @return true if specified octet value matches the wildcard
* @throws IllegalArgumentException if specified octet value is invalid
*/
public boolean match(int number)
throws IllegalArgumentException
{
if (number < 0 || number > 255)
throw new IllegalArgumentException("Invalid octet: "+number);
return _mask.get(number);
}
}
}

2
jetty-util/src/main/java/org/eclipse/jetty/util/InetAddressSet.java
View File

@ -41,8 +41,6 @@ import java.util.function.Predicate;
* "192.168.255.255" </dd>
* <dt>InetAddress-InetAddress</dt><dd>An inclusive range of InetAddresses.
* eg. "[a000::1]-[afff::]", "192.168.128.0-192.168.128.255"</dd>
* <dt>Legacy format</dt><dd>The legacy format used by {@link IPAddressMap} for IPv4 only.
* eg. "10.10.10-14.0-128"</dd>
* </dl>
* <p>This class is designed to work with {@link IncludeExcludeSet}</p>
* @see IncludeExcludeSet

177
jetty-util/src/test/java/org/eclipse/jetty/util/IPAddressMapTest.java
View File

@ -1,177 +0,0 @@
//
// ========================================================================
// Copyright (c) 1995-2017 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty.util;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import org.junit.Test;
@Deprecated
public class IPAddressMapTest
{
@Test
public void testOneAddress()
{
IPAddressMap<String> map = new IPAddressMap<>();
map.put("10.5.2.1","1");
assertNotNull(map.match("10.5.2.1"));
assertNull(map.match("101.5.2.1"));
assertNull(map.match("10.15.2.1"));
assertNull(map.match("10.5.22.1"));
assertNull(map.match("10.5.2.0"));
}
/* ------------------------------------------------------------ */
@Test
public void testOneRange()
{
IPAddressMap<String> map = new IPAddressMap<>();
map.put("1-15.16-31.32-63.64-127","1");
assertNotNull(map.match("7.23.39.71"));
assertNotNull(map.match("1.16.32.64"));
assertNotNull(map.match("15.31.63.127"));
assertNull(map.match("16.32.64.128"));
assertNull(map.match("1.16.32.63"));
assertNull(map.match("1.16.31.64"));
assertNull(map.match("1.15.32.64"));
assertNull(map.match("0.16.32.64"));
}
/* ------------------------------------------------------------ */
@Test
public void testOneMissing()
{
IPAddressMap<String> map = new IPAddressMap<>();
map.put("10.5.2.","1");
assertNotNull(map.match("10.5.2.0"));
assertNotNull(map.match("10.5.2.128"));
assertNotNull(map.match("10.5.2.255"));
}
/* ------------------------------------------------------------ */
@Test
public void testTwoMissing()
{
IPAddressMap<String> map = new IPAddressMap<>();
map.put("10.5.","1");
assertNotNull(map.match("10.5.2.0"));
assertNotNull(map.match("10.5.2.128"));
assertNotNull(map.match("10.5.2.255"));
assertNotNull(map.match("10.5.0.1"));
assertNotNull(map.match("10.5.128.1"));
assertNotNull(map.match("10.5.255.1"));
}
/* ------------------------------------------------------------ */
@Test
public void testThreeMissing()
{
IPAddressMap<String> map = new IPAddressMap<>();
map.put("10.","1");
assertNotNull(map.match("10.5.2.0"));
assertNotNull(map.match("10.5.2.128"));
assertNotNull(map.match("10.5.2.255"));
assertNotNull(map.match("10.5.0.1"));
assertNotNull(map.match("10.5.128.1"));
assertNotNull(map.match("10.5.255.1"));
assertNotNull(map.match("10.0.1.1"));
assertNotNull(map.match("10.128.1.1"));
assertNotNull(map.match("10.255.1.1"));
}
/* ------------------------------------------------------------ */
@Test
public void testOneMixed()
{
IPAddressMap<String> map = new IPAddressMap<>();
map.put("0-15,21.10,16-31.0-15,32-63.-95,128-","1");
assertNotNull(map.match("7.23.39.46"));
assertNotNull(map.match("10.20.10.150"));
assertNotNull(map.match("21.10.32.255"));
assertNotNull(map.match("21.10.15.0"));
assertNull(map.match("16.15.20.100"));
assertNull(map.match("15.10.63.100"));
assertNull(map.match("15.10.64.128"));
assertNull(map.match("15.11.32.95"));
assertNull(map.match("16.31.63.128"));
}
/* ------------------------------------------------------------ */
@Test
public void testManyMixed()
{
IPAddressMap<String> map = new IPAddressMap<>();
map.put("10.5.2.1","1");
map.put("1-15.16-31.32-63.64-127","2");
map.put("1-15,21.10,16-31.0-15,32-63.-55,195-","3");
map.put("44.99.99.","4");
map.put("55.99.","5");
map.put("66.","6");
assertEquals("1", map.match("10.5.2.1"));
assertEquals("2", map.match("7.23.39.71"));
assertEquals("2", map.match("1.16.32.64"));
assertEquals("2", map.match("15.31.63.127"));
assertEquals("3", map.match("7.23.39.46"));
assertEquals("3", map.match("10.20.10.200"));
assertEquals("3", map.match("21.10.32.255"));
assertEquals("3", map.match("21.10.15.0"));
assertEquals("4", map.match("44.99.99.0"));
assertEquals("5", map.match("55.99.128.1"));
assertEquals("6", map.match("66.255.1.1"));
assertNull(map.match("101.5.2.1"));
assertNull(map.match("10.15.2.1"));
assertNull(map.match("10.5.22.1"));
assertNull(map.match("10.5.2.0"));
assertNull(map.match("16.32.64.96"));
assertNull(map.match("1.16.32.194"));
assertNull(map.match("1.16.31.64"));
assertNull(map.match("1.15.32.64"));
assertNull(map.match("0.16.32.64"));
assertNull(map.match("16.15.20.100"));
assertNull(map.match("15.10.63.100"));
assertNull(map.match("15.10.64.128"));
assertNull(map.match("15.11.32.95"));
assertNull(map.match("16.31.63.128"));
}
}