Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[Bug 418732] Add whiteListByPath mode to IPAccessHandler 

Signed-off-by: Constantine Linnick <theaspect@gmail.com>
This commit is contained in:
Constantine Linnick 2013-10-05 18:16:49 +07:00 committed by Gerrit Code Review @ Eclipse.org
parent b4052a2b53
commit f451a14e04
3 changed files with 300 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
jetty-server/src/main/config/etc/jetty-ipaccess.xml
View File

@ -25,6 +25,7 @@
<Item>127.0.0.2/black.html</Item> <Item>127.0.0.2/black.html</Item>
</Array> </Array>
</Set> </Set>
<Set name="whiteListByPath">false</Set>
</New> </New>
</Set> </Set>

27
jetty-server/src/main/java/org/eclipse/jetty/server/handler/IPAccessHandler.java
View File

@ -54,11 +54,17 @@ import org.eclipse.jetty.util.log.Logger;
* entries, that are then further refined by several specific black list exceptions * entries, that are then further refined by several specific black list exceptions
* </ul> * </ul>
* <p> * <p>
* An empty white list is treated as match all. If there is at least one entry in * By default an empty white list is treated as match all. If there is at least one entry in
* the white list, then a request must match a white list entry. Black list entries * the white list, then a request must match a white list entry. Black list entries
* are always applied, so that even if an entry matches the white list, a black list * are always applied, so that even if an entry matches the white list, a black list
* entry will override it. * entry will override it.
* <p> * <p>
* <p>
* You can change white list policy setting whiteListByPath to true. In this mode a request will be white listed
* IF it has a matching URL in the white list, otherwise the black list applies, e.g. in default mode when
* whiteListByPath = false and wl = "127.0.0.1|/foo", /bar request from 127.0.0.1 will be blacklisted,
* if whiteListByPath=true then not.
* </p>
* Internet addresses may be specified as absolute address or as a combination of * Internet addresses may be specified as absolute address or as a combination of
* four octet wildcard specifications (a.b.c.d) that are defined as follows. * four octet wildcard specifications (a.b.c.d) that are defined as follows.
* </p> * </p>
@ -104,6 +110,7 @@ public class IPAccessHandler extends HandlerWrapper
// true means nodefault match // true means nodefault match
PathMap<IPAddressMap<Boolean>> _white = new PathMap<IPAddressMap<Boolean>>(true); PathMap<IPAddressMap<Boolean>> _white = new PathMap<IPAddressMap<Boolean>>(true);
PathMap<IPAddressMap<Boolean>> _black = new PathMap<IPAddressMap<Boolean>>(true); PathMap<IPAddressMap<Boolean>> _black = new PathMap<IPAddressMap<Boolean>>(true);
boolean _whiteListByPath = false;
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/** /**
@ -175,6 +182,17 @@ public class IPAccessHandler extends HandlerWrapper
set(entries, _black); set(entries, _black);
} }
/* ------------------------------------------------------------ */
/**
* Re-initialize the mode of path matching
*
* @param whiteListByPath matching mode
*/
public void setWhiteListByPath(boolean whiteListByPath)
{
this._whiteListByPath = whiteListByPath;
}
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/** /**
* Checks the incoming request against the whitelist and blacklist * Checks the incoming request against the whitelist and blacklist
@ -287,9 +305,12 @@ public class IPAccessHandler extends HandlerWrapper
if (_white.size()>0) if (_white.size()>0)
{ {
boolean match = false; boolean match = false;
boolean matchedByPath = false;
Object whiteObj = _white.getLazyMatches(path); Object whiteObj = _white.getLazyMatches(path);
if (whiteObj != null) if (whiteObj != null)
{ {
matchedByPath = true;
List whiteList = (whiteObj instanceof List) ? (List)whiteObj : Collections.singletonList(whiteObj); List whiteList = (whiteObj instanceof List) ? (List)whiteObj : Collections.singletonList(whiteObj);
for (Object entry: whiteList) for (Object entry: whiteList)
@ -300,7 +321,9 @@ public class IPAccessHandler extends HandlerWrapper
} }
} }
if (!match) if (!_whiteListByPath && !match) // Default behaviour
return false;
else if (_whiteListByPath && matchedByPath && !match) // Fail if only matched by path
return false; return false;
} }

389
jetty-server/src/test/java/org/eclipse/jetty/server/handler/IPAccessHandlerTest.java
View File

@ -64,6 +64,7 @@ public class IPAccessHandlerTest
private String _host; private String _host;
private String _uri; private String _uri;
private String _code; private String _code;
private boolean _byPath;
@BeforeClass @BeforeClass
public static void setUp() public static void setUp()
@ -95,13 +96,14 @@ public class IPAccessHandlerTest
} }
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
public IPAccessHandlerTest(String white, String black, String host, String uri, String code) public IPAccessHandlerTest(String white, String black, String host, String uri, String code, boolean byPath)
{ {
_white = white; _white = white;
_black = black; _black = black;
_host = host; _host = host;
_uri = uri; _uri = uri;
_code = code; _code = code;
_byPath = byPath;
} }
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
@ -111,6 +113,7 @@ public class IPAccessHandlerTest
{ {
_handler.setWhite(_white.split(";",-1)); _handler.setWhite(_white.split(";",-1));
_handler.setBlack(_black.split(";",-1)); _handler.setBlack(_black.split(";",-1));
_handler.setWhiteListByPath(_byPath);
String request = "GET " + _uri + " HTTP/1.1\n" + "Host: "+ _host + "\n\n"; String request = "GET " + _uri + " HTTP/1.1\n" + "Host: "+ _host + "\n\n";
Socket socket = new Socket("127.0.0.1", _connector.getLocalPort()); Socket socket = new Socket("127.0.0.1", _connector.getLocalPort());
@ -247,157 +250,313 @@ public class IPAccessHandlerTest
public static Collection<Object[]> data() { public static Collection<Object[]> data() {
Object[][] data = new Object[][] { Object[][] data = new Object[][] {
// Empty lists // Empty lists
{"", "", "127.0.0.1", "/", "200"}, {"", "", "127.0.0.1", "/", "200", false},
{"", "", "127.0.0.1", "/dump/info", "200"}, {"", "", "127.0.0.1", "/dump/info", "200", false},
// White list // White list
{"127.0.0.1", "", "127.0.0.1", "/", "200"}, {"127.0.0.1", "", "127.0.0.1", "/", "200", false},
{"127.0.0.1", "", "127.0.0.1", "/dispatch", "200"}, {"127.0.0.1", "", "127.0.0.1", "/dispatch", "200", false},
{"127.0.0.1", "", "127.0.0.1", "/dump/info", "200"}, {"127.0.0.1", "", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.1|/", "", "127.0.0.1", "/", "200"}, {"127.0.0.1|/", "", "127.0.0.1", "/", "200", false},
{"127.0.0.1|/", "", "127.0.0.1", "/dispatch", "403"}, {"127.0.0.1|/", "", "127.0.0.1", "/dispatch", "403", false},
{"127.0.0.1|/", "", "127.0.0.1", "/dump/info", "403"}, {"127.0.0.1|/", "", "127.0.0.1", "/dump/info", "403", false},
{"127.0.0.1|/*", "", "127.0.0.1", "/", "200"}, {"127.0.0.1|/*", "", "127.0.0.1", "/", "200", false},
{"127.0.0.1|/*", "", "127.0.0.1", "/dispatch", "200"}, {"127.0.0.1|/*", "", "127.0.0.1", "/dispatch", "200", false},
{"127.0.0.1|/*", "", "127.0.0.1", "/dump/info", "200"}, {"127.0.0.1|/*", "", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.1|/dump/*", "", "127.0.0.1", "/", "403"}, {"127.0.0.1|/dump/*", "", "127.0.0.1", "/", "403", false},
{"127.0.0.1|/dump/*", "", "127.0.0.1", "/dispatch", "403"}, {"127.0.0.1|/dump/*", "", "127.0.0.1", "/dispatch", "403", false},
{"127.0.0.1|/dump/*", "", "127.0.0.1", "/dump/info", "200"}, {"127.0.0.1|/dump/*", "", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.1|/dump/*", "", "127.0.0.1", "/dump/test", "200"}, {"127.0.0.1|/dump/*", "", "127.0.0.1", "/dump/test", "200", false},
{"127.0.0.1|/dump/info", "", "127.0.0.1", "/", "403"}, {"127.0.0.1|/dump/info", "", "127.0.0.1", "/", "403", false},
{"127.0.0.1|/dump/info", "", "127.0.0.1", "/dispatch", "403"}, {"127.0.0.1|/dump/info", "", "127.0.0.1", "/dispatch", "403", false},
{"127.0.0.1|/dump/info", "", "127.0.0.1", "/dump/info", "200"}, {"127.0.0.1|/dump/info", "", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.1|/dump/info", "", "127.0.0.1", "/dump/test", "403"}, {"127.0.0.1|/dump/info", "", "127.0.0.1", "/dump/test", "403", false},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/", "403"}, {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/", "403", false},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dispatch", "403"}, {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dispatch", "403", false},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/info", "200"}, {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/test", "200"}, {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/test", "200", false},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/fail", "403"}, {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/fail", "403", false},
{"127.0.0.0-2|", "", "127.0.0.1", "/", "200"}, {"127.0.0.0-2|", "", "127.0.0.1", "/", "200", false},
{"127.0.0.0-2|", "", "127.0.0.1", "/dump/info", "200"}, {"127.0.0.0-2|", "", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.0-2|/", "", "127.0.0.1", "/", "200"}, {"127.0.0.0-2|/", "", "127.0.0.1", "/", "200", false},
{"127.0.0.0-2|/", "", "127.0.0.1", "/dispatch", "403"}, {"127.0.0.0-2|/", "", "127.0.0.1", "/dispatch", "403", false},
{"127.0.0.0-2|/", "", "127.0.0.1", "/dump/info", "403"}, {"127.0.0.0-2|/", "", "127.0.0.1", "/dump/info", "403", false},
{"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/", "403"}, {"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/", "403", false},
{"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/dispatch", "403"}, {"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/dispatch", "403", false},
{"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/dump/info", "200"}, {"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/", "403"}, {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/", "403", false},
{"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dispatch", "403"}, {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dispatch", "403", false},
{"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dump/info", "200"}, {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dump/test", "403"}, {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dump/test", "403", false},
{"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/", "403"}, {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/", "403", false},
{"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dispatch", "403"}, {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dispatch", "403", false},
{"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/info", "200"}, {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/test", "200"}, {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/test", "200", false},
{"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/fail", "403"}, {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/fail", "403", false},
// Black list // Black list
{"", "127.0.0.1", "127.0.0.1", "/", "403"}, {"", "127.0.0.1", "127.0.0.1", "/", "403", false},
{"", "127.0.0.1", "127.0.0.1", "/dispatch", "403"}, {"", "127.0.0.1", "127.0.0.1", "/dispatch", "403", false},
{"", "127.0.0.1", "127.0.0.1", "/dump/info", "403"}, {"", "127.0.0.1", "127.0.0.1", "/dump/info", "403", false},
{"", "127.0.0.1|/", "127.0.0.1", "/", "403"}, {"", "127.0.0.1|/", "127.0.0.1", "/", "403", false},
{"", "127.0.0.1|/", "127.0.0.1", "/dispatch", "200"}, {"", "127.0.0.1|/", "127.0.0.1", "/dispatch", "200", false},
{"", "127.0.0.1|/", "127.0.0.1", "/dump/info", "200"}, {"", "127.0.0.1|/", "127.0.0.1", "/dump/info", "200", false},
{"", "127.0.0.1|/*", "127.0.0.1", "/", "403"}, {"", "127.0.0.1|/*", "127.0.0.1", "/", "403", false},
{"", "127.0.0.1|/*", "127.0.0.1", "/dispatch", "403"}, {"", "127.0.0.1|/*", "127.0.0.1", "/dispatch", "403", false},
{"", "127.0.0.1|/*", "127.0.0.1", "/dump/info", "403"}, {"", "127.0.0.1|/*", "127.0.0.1", "/dump/info", "403", false},
{"", "127.0.0.1|/dump/*", "127.0.0.1", "/", "200"}, {"", "127.0.0.1|/dump/*", "127.0.0.1", "/", "200", false},
{"", "127.0.0.1|/dump/*", "127.0.0.1", "/dispatch", "200"}, {"", "127.0.0.1|/dump/*", "127.0.0.1", "/dispatch", "200", false},
{"", "127.0.0.1|/dump/*", "127.0.0.1", "/dump/info", "403"}, {"", "127.0.0.1|/dump/*", "127.0.0.1", "/dump/info", "403", false},
{"", "127.0.0.1|/dump/*", "127.0.0.1", "/dump/test", "403"}, {"", "127.0.0.1|/dump/*", "127.0.0.1", "/dump/test", "403", false},
{"", "127.0.0.1|/dump/info", "127.0.0.1", "/", "200"}, {"", "127.0.0.1|/dump/info", "127.0.0.1", "/", "200", false},
{"", "127.0.0.1|/dump/info", "127.0.0.1", "/dispatch", "200"}, {"", "127.0.0.1|/dump/info", "127.0.0.1", "/dispatch", "200", false},
{"", "127.0.0.1|/dump/info", "127.0.0.1", "/dump/info", "403"}, {"", "127.0.0.1|/dump/info", "127.0.0.1", "/dump/info", "403", false},
{"", "127.0.0.1|/dump/info", "127.0.0.1", "/dump/test", "200"}, {"", "127.0.0.1|/dump/info", "127.0.0.1", "/dump/test", "200", false},
{"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/", "200"}, {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/", "200", false},
{"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dispatch", "200"}, {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dispatch", "200", false},
{"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/info", "403"}, {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/info", "403", false},
{"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/test", "403"}, {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/test", "403", false},
{"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/fail", "200"}, {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/fail", "200", false},
{"", "127.0.0.0-2|", "127.0.0.1", "/", "403"}, {"", "127.0.0.0-2|", "127.0.0.1", "/", "403", false},
{"", "127.0.0.0-2|", "127.0.0.1", "/dump/info", "403"}, {"", "127.0.0.0-2|", "127.0.0.1", "/dump/info", "403", false},
{"", "127.0.0.0-2|/", "127.0.0.1", "/", "403"}, {"", "127.0.0.0-2|/", "127.0.0.1", "/", "403", false},
{"", "127.0.0.0-2|/", "127.0.0.1", "/dispatch", "200"}, {"", "127.0.0.0-2|/", "127.0.0.1", "/dispatch", "200", false},
{"", "127.0.0.0-2|/", "127.0.0.1", "/dump/info", "200"}, {"", "127.0.0.0-2|/", "127.0.0.1", "/dump/info", "200", false},
{"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/", "200"}, {"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/", "200", false},
{"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/dispatch", "200"}, {"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/dispatch", "200", false},
{"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/dump/info", "403"}, {"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/dump/info", "403", false},
{"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/", "200"}, {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/", "200", false},
{"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dispatch", "200"}, {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dispatch", "200", false},
{"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dump/info", "403"}, {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dump/info", "403", false},
{"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dump/test", "200"}, {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dump/test", "200", false},
{"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/", "200"}, {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/", "200", false},
{"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dispatch", "200"}, {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dispatch", "200", false},
{"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/info", "403"}, {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/info", "403", false},
{"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/test", "403"}, {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/test", "403", false},
{"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/fail", "200"}, {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/fail", "200", false},
// Both lists // Both lists
{"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200"}, {"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200", false},
{"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "403"}, {"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "403", false},
{"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403"}, {"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", false},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200"}, {"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200", false},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200"}, {"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403"}, {"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", false},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200"}, {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200", false},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200"}, {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/test", "403"}, {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/test", "403", false},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403"}, {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", false},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump", "403"}, {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump", "403", false},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/info", "200"}, {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/test", "403"}, {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/test", "403", false},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/fail", "403"}, {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/fail", "403", false},
{"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/", "200"}, {"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/", "200", false},
{"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/dump/info", "200"}, {"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/dump/fail", "403"}, {"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/dump/fail", "403", false},
// Different address // Different address
{"127.0.0.2", "", "127.0.0.1", "/", "403"}, {"127.0.0.2", "", "127.0.0.1", "/", "403", false},
{"127.0.0.2", "", "127.0.0.1", "/dump/info", "403"}, {"127.0.0.2", "", "127.0.0.1", "/dump/info", "403", false},
{"127.0.0.2|/dump/*", "", "127.0.0.1", "/", "403"}, {"127.0.0.2|/dump/*", "", "127.0.0.1", "/", "403", false},
{"127.0.0.2|/dump/*", "", "127.0.0.1", "/dump/info", "403"}, {"127.0.0.2|/dump/*", "", "127.0.0.1", "/dump/info", "403", false},
{"127.0.0.2|/dump/info", "", "127.0.0.1", "/", "403"}, {"127.0.0.2|/dump/info", "", "127.0.0.1", "/", "403", false},
{"127.0.0.2|/dump/info", "", "127.0.0.1", "/dump/info", "403"}, {"127.0.0.2|/dump/info", "", "127.0.0.1", "/dump/info", "403", false},
{"127.0.0.2|/dump/info", "", "127.0.0.1", "/dump/test", "403"}, {"127.0.0.2|/dump/info", "", "127.0.0.1", "/dump/test", "403", false},
{"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/", "403"}, {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/", "403", false},
{"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dispatch", "403"}, {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dispatch", "403", false},
{"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/info", "200"}, {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/info", "200", false},
{"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/test", "403"}, {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/test", "403", false},
{"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/fail", "403"}, {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/fail", "403", false},
{"172.0.0.0-255", "", "127.0.0.1", "/", "403"}, {"172.0.0.0-255", "", "127.0.0.1", "/", "403", false},
{"172.0.0.0-255", "", "127.0.0.1", "/dump/info", "403"}, {"172.0.0.0-255", "", "127.0.0.1", "/dump/info", "403", false},
{"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/", "403"}, {"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/", "403", false},
{"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/dispatch", "403"}, {"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/dispatch", "403", false},
{"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/dump/info", "200"}, {"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/dump/info", "200", false},
/*-----------------------------------------------------------------------------------------*/
// Match by path starts with [117]
// test cases affected by _whiteListByPath highlighted accordingly
{"", "", "127.0.0.1", "/", "200", true},
{"", "", "127.0.0.1", "/dump/info", "200", true},
// White list
{"127.0.0.1", "", "127.0.0.1", "/", "200", true},
{"127.0.0.1", "", "127.0.0.1", "/dispatch", "200", true},
{"127.0.0.1", "", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.1|/", "", "127.0.0.1", "/", "200", true},
{"127.0.0.1|/", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
{"127.0.0.1|/", "", "127.0.0.1", "/dump/info", "200", true}, // _whiteListByPath
{"127.0.0.1|/*", "", "127.0.0.1", "/", "200", true},
{"127.0.0.1|/*", "", "127.0.0.1", "/dispatch", "200", true},
{"127.0.0.1|/*", "", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.1|/dump/*", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump/*", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump/*", "", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.1|/dump/*", "", "127.0.0.1", "/dump/test", "200", true},
{"127.0.0.1|/dump/info", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump/info", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump/info", "", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.1|/dump/info", "", "127.0.0.1", "/dump/test", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/test", "200", true},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/fail", "200", true}, // _whiteListByPath
{"127.0.0.0-2|", "", "127.0.0.1", "/", "200", true},
{"127.0.0.0-2|", "", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.0-2|/", "", "127.0.0.1", "/", "200", true},
{"127.0.0.0-2|/", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
{"127.0.0.0-2|/", "", "127.0.0.1", "/dump/info", "200", true}, // _whiteListByPath
{"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
{"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
{"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
{"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
{"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dump/test", "200", true}, // _whiteListByPath
{"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
{"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
{"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/test", "200", true},
{"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/fail", "200", true}, // _whiteListByPath
// Black list
{"", "127.0.0.1", "127.0.0.1", "/", "403", true},
{"", "127.0.0.1", "127.0.0.1", "/dispatch", "403", true},
{"", "127.0.0.1", "127.0.0.1", "/dump/info", "403", true},
{"", "127.0.0.1|/", "127.0.0.1", "/", "403", true},
{"", "127.0.0.1|/", "127.0.0.1", "/dispatch", "200", true},
{"", "127.0.0.1|/", "127.0.0.1", "/dump/info", "200", true},
{"", "127.0.0.1|/*", "127.0.0.1", "/", "403", true},
{"", "127.0.0.1|/*", "127.0.0.1", "/dispatch", "403", true},
{"", "127.0.0.1|/*", "127.0.0.1", "/dump/info", "403", true},
{"", "127.0.0.1|/dump/*", "127.0.0.1", "/", "200", true},
{"", "127.0.0.1|/dump/*", "127.0.0.1", "/dispatch", "200", true},
{"", "127.0.0.1|/dump/*", "127.0.0.1", "/dump/info", "403", true},
{"", "127.0.0.1|/dump/*", "127.0.0.1", "/dump/test", "403", true},
{"", "127.0.0.1|/dump/info", "127.0.0.1", "/", "200", true},
{"", "127.0.0.1|/dump/info", "127.0.0.1", "/dispatch", "200", true},
{"", "127.0.0.1|/dump/info", "127.0.0.1", "/dump/info", "403", true},
{"", "127.0.0.1|/dump/info", "127.0.0.1", "/dump/test", "200", true},
{"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/", "200", true},
{"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dispatch", "200", true},
{"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/info", "403", true},
{"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/test", "403", true},
{"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/fail", "200", true},
{"", "127.0.0.0-2|", "127.0.0.1", "/", "403", true},
{"", "127.0.0.0-2|", "127.0.0.1", "/dump/info", "403", true},
{"", "127.0.0.0-2|/", "127.0.0.1", "/", "403", true},
{"", "127.0.0.0-2|/", "127.0.0.1", "/dispatch", "200", true},
{"", "127.0.0.0-2|/", "127.0.0.1", "/dump/info", "200", true},
{"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/", "200", true},
{"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/dispatch", "200", true},
{"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/dump/info", "403", true},
{"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/", "200", true},
{"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dispatch", "200", true},
{"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dump/info", "403", true},
{"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dump/test", "200", true},
{"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/", "200", true},
{"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dispatch", "200", true},
{"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/info", "403", true},
{"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/test", "403", true},
{"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/fail", "200", true},
// Both lists
{"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200", true},
{"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", true},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200", true},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", true},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200", true},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/test", "403", true},
{"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", true},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/test", "403", true},
{"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/fail", "200", true}, // _whiteListByPath
{"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/", "200", true},
{"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/dump/fail", "403", true},
// Different address
{"127.0.0.2", "", "127.0.0.1", "/", "403", true},
{"127.0.0.2", "", "127.0.0.1", "/dump/info", "403", true},
{"127.0.0.2|/dump/*", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
{"127.0.0.2|/dump/*", "", "127.0.0.1", "/dump/info", "403", true},
{"127.0.0.2|/dump/info", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
{"127.0.0.2|/dump/info", "", "127.0.0.1", "/dump/info", "403", true},
{"127.0.0.2|/dump/info", "", "127.0.0.1", "/dump/test", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
{"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/info", "200", true},
{"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/test", "403", true},
{"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/fail", "200", true}, // _whiteListByPath
{"172.0.0.0-255", "", "127.0.0.1", "/", "403", true},
{"172.0.0.0-255", "", "127.0.0.1", "/dump/info", "403", true},
{"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
{"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
{"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/dump/info", "200", true},
}; };
return Arrays.asList(data); return Arrays.asList(data);
}; };