You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ff...@apache.org on 2018/01/04 02:06:06 UTC

[cxf] branch 3.1.x-fixes updated: [CXF-7603]private a way that only a set of client IP can access the WADL

This is an automated email from the ASF dual-hosted git repository.

ffang pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/3.1.x-fixes by this push:
     new c0d3fe1  [CXF-7603]private a way that only a set of client IP can access the WADL
c0d3fe1 is described below

commit c0d3fe1af815eaa1125e1f1dbe36d3493104d1e4
Author: Freeman Fang <fr...@gmail.com>
AuthorDate: Thu Jan 4 10:03:17 2018 +0800

    [CXF-7603]private a way that only a set of client IP can access the WADL
    
    (cherry picked from commit d7272b5248f1b4e34745acba5ec127d7a5d77f46)
---
 .../apache/cxf/jaxrs/model/wadl/WadlGenerator.java | 32 ++++++++++++++++++++++
 .../cxf/jaxrs/model/wadl/WadlGeneratorTest.java    | 15 ++++++++++
 2 files changed, 47 insertions(+)

diff --git a/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/model/wadl/WadlGenerator.java b/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/model/wadl/WadlGenerator.java
index 155b7ff..1085fac 100644
--- a/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/model/wadl/WadlGenerator.java
+++ b/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/model/wadl/WadlGenerator.java
@@ -50,6 +50,7 @@ import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.logging.Logger;
 
+import javax.servlet.ServletRequest;
 import javax.ws.rs.BeanParam;
 import javax.ws.rs.DefaultValue;
 import javax.ws.rs.Encoded;
@@ -187,6 +188,7 @@ public class WadlGenerator implements ContainerRequestFilter {
 
     private ElementQNameResolver resolver;
     private List<String> privateAddresses;
+    private List<String> whiteList;
     private String applicationTitle;
     private String nsPrefix = DEFAULT_NS_PREFIX;
     private MediaType defaultWadlResponseMediaType = MediaType.APPLICATION_XML_TYPE;
@@ -239,6 +241,28 @@ public class WadlGenerator implements ContainerRequestFilter {
             context.abortWith(Response.status(404).build());
             return;
         }
+        
+        if (whiteList != null && whiteList.size() > 0) {
+            ServletRequest servletRequest = (ServletRequest)m.getContextualProperty(
+                "HTTP.REQUEST");
+            String remoteAddress = null;
+            if (servletRequest != null) {
+                remoteAddress = servletRequest.getRemoteAddr();
+            } else {
+                remoteAddress = "";
+            }
+            boolean foundMatch = false;
+            for (String addr : whiteList) {
+                if (addr.equals(remoteAddress)) {
+                    foundMatch = true;
+                    break;
+                }
+            }
+            if (!foundMatch) {
+                context.abortWith(Response.status(404).build());
+                return;
+            }
+        }
 
         HttpHeaders headers = new HttpHeadersImpl(m);
         List<MediaType> accepts = headers.getAcceptableMediaTypes();
@@ -2260,6 +2284,14 @@ public class WadlGenerator implements ContainerRequestFilter {
     }
 
 
+    public List<String> getWhiteList() {
+        return whiteList;
+    }
+
+    public void setWhiteList(List<String> whiteList) {
+        this.whiteList = whiteList;
+    }
+
     private static class SchemaConverter extends DelegatingXMLStreamWriter {
         private static final String SCHEMA_LOCATION = "schemaLocation";
         private final Map<String, String> locsMap;
diff --git a/rt/rs/description/src/test/java/org/apache/cxf/jaxrs/model/wadl/WadlGeneratorTest.java b/rt/rs/description/src/test/java/org/apache/cxf/jaxrs/model/wadl/WadlGeneratorTest.java
index 88a9ebe..8cf5057 100644
--- a/rt/rs/description/src/test/java/org/apache/cxf/jaxrs/model/wadl/WadlGeneratorTest.java
+++ b/rt/rs/description/src/test/java/org/apache/cxf/jaxrs/model/wadl/WadlGeneratorTest.java
@@ -84,6 +84,21 @@ public class WadlGeneratorTest extends Assert {
     }
     
     @Test
+    public void testWhiteList() throws Exception {
+        WadlGenerator wg = new WadlGenerator();
+        List<String> whiteList = new ArrayList<String>();
+        whiteList.add("123.123.123.123");
+        wg.setWhiteList(whiteList);
+        wg.setExternalLinks(Collections.singletonList("http://books.xsd"));
+
+        ClassResourceInfo cri =
+            ResourceUtils.createClassResourceInfo(BookStore.class, BookStore.class, true, true);
+        Message m = mockMessage("http://localhost:8080/baz", "/bookstore/1", WadlGenerator.WADL_QUERY, cri);
+        Response response = handleRequest(wg, m);
+        assertEquals(response.getStatus(), 404);
+    }
+    
+    @Test
     public void testCustomSchemaJaxbContextPrefixes() throws Exception {
         WadlGenerator wg = new WadlGenerator();
         wg.setSchemaLocations(Collections.singletonList("classpath:/book1.xsd"));

-- 
To stop receiving notification emails like this one, please contact
['"commits@cxf.apache.org" <co...@cxf.apache.org>'].