changeset 834:175577dab6d8

remove IPAccessHandler
author Franklin Schmidt <fschmidt@gmail.com>
date Fri, 16 Sep 2016 00:51:57 -0600
parents 83765eb09bef
children 88b70b8dab9c
files src/org/eclipse/jetty/server/NCSARequestLog.java src/org/eclipse/jetty/server/handler/IPAccessHandler.java
diffstat 2 files changed, 0 insertions(+), 383 deletions(-) [+]
line wrap: on
line diff
diff -r 83765eb09bef -r 175577dab6d8 src/org/eclipse/jetty/server/NCSARequestLog.java
--- a/src/org/eclipse/jetty/server/NCSARequestLog.java	Fri Sep 16 00:41:20 2016 -0600
+++ b/src/org/eclipse/jetty/server/NCSARequestLog.java	Fri Sep 16 00:51:57 2016 -0600
@@ -28,7 +28,6 @@
 import javax.servlet.http.Cookie;
 
 import org.eclipse.jetty.http.HttpHeaders;
-import org.eclipse.jetty.http.PathMap;
 import org.eclipse.jetty.util.DateCache;
 import org.eclipse.jetty.util.RolloverFileOutputStream;
 import org.eclipse.jetty.util.StringUtil;
diff -r 83765eb09bef -r 175577dab6d8 src/org/eclipse/jetty/server/handler/IPAccessHandler.java
--- a/src/org/eclipse/jetty/server/handler/IPAccessHandler.java	Fri Sep 16 00:41:20 2016 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,382 +0,0 @@
-//
-//  ========================================================================
-//  Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
-//  ------------------------------------------------------------------------
-//  All rights reserved. This program and the accompanying materials
-//  are made available under the terms of the Eclipse Public License v1.0
-//  and Apache License v2.0 which accompanies this distribution.
-//
-//      The Eclipse Public License is available at
-//      http://www.eclipse.org/legal/epl-v10.html
-//
-//      The Apache License v2.0 is available at
-//      http://www.opensource.org/licenses/apache2.0.php
-//
-//  You may elect to redistribute this code under either of these licenses.
-//  ========================================================================
-//
-
-package org.eclipse.jetty.server.handler;
-
-import java.io.IOException;
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.eclipse.jetty.http.HttpStatus;
-import org.eclipse.jetty.http.PathMap;
-import org.eclipse.jetty.io.EndPoint;
-import org.eclipse.jetty.server.AbstractHttpConnection;
-import org.eclipse.jetty.server.Request;
-import org.eclipse.jetty.util.IPAddressMap;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-
-/**
- * IP Access Handler
- * <p>
- * Controls access to the wrapped handler by the real remote IP. Control is provided
- * by white/black lists that include both internet addresses and URIs. This handler
- * uses the real internet address of the connection, not one reported in the forwarded
- * for headers, as this cannot be as easily forged. 
- * <p>
- * Typically, the black/white lists will be used in one of three modes:
- * <ul>
- * <li>Blocking a few specific IPs/URLs by specifying several black list entries.
- * <li>Allowing only some specific IPs/URLs by specifying several white lists entries.
- * <li>Allowing a general range of IPs/URLs by specifying several general white list
- * entries, that are then further refined by several specific black list exceptions
- * </ul>
- * <p>
- * An empty white list is treated as match all. If there is at least one entry in
- * the white list, then a request must match a white list entry. Black list entries
- * are always applied, so that even if an entry matches the white list, a black list 
- * entry will override it.
- * <p>
- * Internet addresses may be specified as absolute address or as a combination of 
- * four octet wildcard specifications (a.b.c.d) that are defined as follows.
- * </p>
- * <pre>
- * nnn - an absolute value (0-255)
- * mmm-nnn - an inclusive range of absolute values, 
- *           with following shorthand notations:
- *           nnn- => nnn-255
- *           -nnn => 0-nnn
- *           -    => 0-255
- * a,b,... - a list of wildcard specifications
- * </pre>
- * <p>
- * Internet address specification is separated from the URI pattern using the "|" (pipe)
- * character. URI patterns follow the servlet specification for simple * prefix and 
- * suffix wild cards (e.g. /, /foo, /foo/bar, /foo/bar/*, *.baz).
- * <p>
- * Earlier versions of the handler used internet address prefix wildcard specification
- * to define a range of the internet addresses (e.g. 127., 10.10., 172.16.1.).
- * They also used the first "/" character of the URI pattern to separate it from the 
- * internet address. Both of these features have been deprecated in the current version. 
- * <p>
- * Examples of the entry specifications are:
- * <ul>
- * <li>10.10.1.2 - all requests from IP 10.10.1.2
- * <li>10.10.1.2|/foo/bar - all requests from IP 10.10.1.2 to URI /foo/bar
- * <li>10.10.1.2|/foo/* - all requests from IP 10.10.1.2 to URIs starting with /foo/
- * <li>10.10.1.2|*.html - all requests from IP 10.10.1.2 to URIs ending with .html
- * <li>10.10.0-255.0-255 - all requests from IPs within 10.10.0.0/16 subnet
- * <li>10.10.0-.-255|/foo/bar - all requests from IPs within 10.10.0.0/16 subnet to URI /foo/bar
- * <li>10.10.0-3,1,3,7,15|/foo/* - all requests from IPs addresses with last octet equal
- *                                  to 1,3,7,15 in subnet 10.10.0.0/22 to URIs starting with /foo/
- * </ul>
- * <p>
- * Earlier versions of the handler used internet address prefix wildcard specification
- * to define a range of the internet addresses (e.g. 127., 10.10., 172.16.1.).
- * They also used the first "/" character of the URI pattern to separate it from the 
- * internet address. Both of these features have been deprecated in the current version. 
- */
-public class IPAccessHandler extends HandlerWrapper
-{
-    private static final Logger LOG = LoggerFactory.getLogger(IPAccessHandler.class);
-
-    IPAddressMap<PathMap> _white = new IPAddressMap<PathMap>();
-    IPAddressMap<PathMap> _black = new IPAddressMap<PathMap>();
-
-    /* ------------------------------------------------------------ */
-    /**
-     * Creates new handler object
-     */
-    public IPAccessHandler()
-    {
-        super();
-    }
-    
-    /* ------------------------------------------------------------ */
-    /**
-     * Creates new handler object and initializes white- and black-list
-     * 
-     * @param white array of whitelist entries
-     * @param black array of blacklist entries
-     */
-    public IPAccessHandler(String[] white, String []black)
-    {
-        super();
-        
-        if (white != null && white.length > 0)
-            setWhite(white);
-        if (black != null && black.length > 0)
-            setBlack(black);
-    }
-    
-    /* ------------------------------------------------------------ */
-    /**
-     * Add a whitelist entry to an existing handler configuration
-     * 
-     * @param entry new whitelist entry
-     */
-    public void addWhite(String entry)
-    {
-        add(entry, _white);
-    }
-    
-    /* ------------------------------------------------------------ */
-    /**
-     * Add a blacklist entry to an existing handler configuration
-     * 
-     * @param entry new blacklist entry
-     */
-    public void addBlack(String entry)
-    {
-        add(entry, _black);
-    }
-    
-    /* ------------------------------------------------------------ */
-    /**
-     * Re-initialize the whitelist of existing handler object
-     * 
-     * @param entries array of whitelist entries
-     */
-    public void setWhite(String[] entries)
-    {
-        set(entries, _white);
-    }
-    
-    /* ------------------------------------------------------------ */
-    /**
-     * Re-initialize the blacklist of existing handler object
-     * 
-     * @param entries array of blacklist entries
-     */
-    public void setBlack(String[] entries)
-    {
-        set(entries, _black);
-    }
-    
-    /* ------------------------------------------------------------ */
-    /**
-     * Checks the incoming request against the whitelist and blacklist
-     * 
-     * @see org.eclipse.jetty.server.handler.HandlerWrapper#handle(java.lang.String, org.eclipse.jetty.server.Request, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
-     */
-    @Override
-    public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
-    {
-        // Get the real remote IP (not the one set by the forwarded headers (which may be forged))
-        AbstractHttpConnection connection = baseRequest.getConnection();
-        if (connection!=null)
-        {
-            EndPoint endp=connection.getEndPoint();
-            if (endp!=null)
-            {
-                String addr = endp.getRemoteAddr();
-                if (addr!=null && !isAddrUriAllowed(addr,baseRequest.getPathInfo()))
-                {
-                    response.sendError(HttpStatus.FORBIDDEN_403);
-                    baseRequest.setHandled(true);
-                    return;
-                }
-            }
-        }
-        
-        getHandler().handle(target,baseRequest, request, response);
-    }
-    
-
-    /* ------------------------------------------------------------ */
-    /**
-     * Helper method to parse the new entry and add it to 
-     * the specified address pattern map.
-     * 
-     * @param entry new entry
-     * @param patternMap target address pattern map
-     */
-    protected void add(String entry, IPAddressMap<PathMap> patternMap)
-    {
-        if (entry != null && entry.length() > 0)
-        {
-            boolean deprecated = false;
-            int idx;
-            if (entry.indexOf('|') > 0 )
-            {
-                idx = entry.indexOf('|');
-            }
-            else
-            {
-                idx = entry.indexOf('/');
-                deprecated = (idx >= 0);
-            }
-            
-            String addr = idx > 0 ? entry.substring(0,idx) : entry;        
-            String path = idx > 0 ? entry.substring(idx) : "/*";
-            
-            if (addr.endsWith("."))
-                deprecated = true;
-            if (path!=null && (path.startsWith("|") || path.startsWith("/*.")))
-                path=path.substring(1);
-           
-            PathMap pathMap = patternMap.get(addr);
-            if (pathMap == null)
-            {
-                pathMap = new PathMap(true);
-                patternMap.put(addr,pathMap);
-            }
-            if (path != null && !"".equals(path))
-                pathMap.put(path,path);
-            
-            if (deprecated)
-                LOG.debug(toString() +" - deprecated specification syntax: "+entry);
-        }
-    }
-
-    /* ------------------------------------------------------------ */
-    /**
-     * Helper method to process a list of new entries and replace 
-     * the content of the specified address pattern map
-     * 
-     * @param entries new entries
-     * @param patternMap target address pattern map
-     */
-    protected void set(String[] entries,  IPAddressMap<PathMap> patternMap)
-    {
-        patternMap.clear();
-        
-        if (entries != null && entries.length > 0)
-        {
-            for (String addrPath:entries)
-            {
-                add(addrPath, patternMap);
-            }
-        }
-    }
-    
-    /* ------------------------------------------------------------ */
-    /**
-     * Check if specified request is allowed by current IPAccess rules.
-     * 
-     * @param addr internet address
-     * @param path context path
-     * @return true if request is allowed
-     *
-     */
-    protected boolean isAddrUriAllowed(String addr, String path)
-    {
-        if (_white.size()>0)
-        {
-            boolean match = false;
-            
-            Object whiteObj = _white.getLazyMatches(addr);
-            if (whiteObj != null) 
-            {
-                List whiteList = (whiteObj instanceof List) ? (List)whiteObj : Collections.singletonList(whiteObj);
-
-                for (Object entry: whiteList)
-                {
-                    PathMap pathMap = ((Map.Entry<String,PathMap>)entry).getValue();
-                    if (match = (pathMap!=null && (pathMap.size()==0 || pathMap.match(path)!=null)))
-                        break;
-                }
-            }
-            
-            if (!match)
-                return false;
-        }
-
-        if (_black.size() > 0)
-        {
-            Object blackObj = _black.getLazyMatches(addr);
-            if (blackObj != null) 
-            {
-                List blackList = (blackObj instanceof List) ? (List)blackObj : Collections.singletonList(blackObj);
-    
-                for (Object entry: blackList)
-                {
-                    PathMap pathMap = ((Map.Entry<String,PathMap>)entry).getValue();
-                    if (pathMap!=null && (pathMap.size()==0 || pathMap.match(path)!=null))
-                        return false;
-                }
-            }
-        }
-        
-        return true;
-    }
-
-    /* ------------------------------------------------------------ */
-    /**
-     * Dump the white- and black-list configurations when started
-     * 
-     * @see org.eclipse.jetty.server.handler.HandlerWrapper#doStart()
-     */
-    @Override
-    protected void doStart()
-        throws Exception
-    {
-        super.doStart();
-        
-        if (LOG.isDebugEnabled())
-        {
-            System.err.println(dump());
-        }
-    }
-    
-    /* ------------------------------------------------------------ */
-    /**
-     * Dump the handler configuration
-     */
-    public String dump()
-    {
-        StringBuilder buf = new StringBuilder();
-        
-        buf.append(toString());
-        buf.append(" WHITELIST:\n");
-        dump(buf, _white);
-        buf.append(toString());
-        buf.append(" BLACKLIST:\n");
-        dump(buf, _black);
-        
-        return buf.toString();
-    }    
-    
-    /* ------------------------------------------------------------ */
-    /**
-     * Dump a pattern map into a StringBuilder buffer
-     * 
-     * @param buf buffer
-     * @param patternMap pattern map to dump
-     */
-    protected void dump(StringBuilder buf, IPAddressMap<PathMap> patternMap)
-    {
-        for (String addr: patternMap.keySet())
-        {
-            for (Object path: ((PathMap)patternMap.get(addr)).values())
-            {
-                buf.append("# ");
-                buf.append(addr);
-                buf.append("|");
-                buf.append(path);
-                buf.append("\n");
-            }       
-        }
-    }
- }