You are viewing a plain text version of this content. The canonical link for it is here.

Posted to ftpserver-users@mina.apache.org by Jeroen Cranendonk <je...@sdu-identification.nl> on 2008/08/07 16:59:42 UTC

Ftplet blocking unsecure operations

Hi!

Me again :)

I've cobbled together some code which should give an idea of what I'm trying
to achieve, haven't tested it yet though. And I do realize this probably
breaks your design in all kinds of ways :)

Firstly, I've added the following to FtpSessionImpl:
	public boolean isDataConnectionSecure() {
		return ioSession.getDataConnection().isSecure();
	}

	public boolean isSecure() {
		return
ioSession.getFilterChain().contains("sslSessionFilter");		
	}

	public void write(final Object message) {
		ioSession.write(message);
	}

And then my Ftplet looks like this (and it probably won't compile unless
it's against the full ftpserver code):

public class MyFtplet extends DefaultFtplet implements Ftplet {
	
	@Override
	public FtpletEnum onUploadStart(final FtpSession session, final
FtpRequest request) throws FtpException,
		IOException {

		return this.onLimitedStart(session, request);
	}

	private FtpletEnum onLimitedStart(final FtpSession session, final
FtpRequest request) {

		if (session.isSecure() && session.isDataConnectionSecure())
{
			return FtpletEnum.RET_DEFAULT;
		}

		session.write(new
DefaultFtpReply(FtpReply.REPLY_550_REQUESTED_ACTION_NOT_TAKEN,
			"Cannot do this before securing the connection."));
		return FtpletEnum.RET_SKIP;
	}

}




_______________________________________________________________________________________________
Help save paper! Do you really need to print this email?

Aan de inhoud van dit bericht kunnen alleen rechten ten opzichte van Sdu Identification B.V.
worden ontleend, indien zij door rechtsgeldig ondertekende stukken worden ondersteund.
De informatie in dit e-mailbericht is van vertrouwelijke aard en alleen bedoeld voor gebruik
door geadresseerde. Als u een bericht onbedoeld heeft ontvangen, wordt u verzocht de
verzender hiervan in kennis te stellen en het bericht te vernietigen zonder te vermenigvuldigen
of andersoortig te gebruiken.

The contents of this electronic mail message are only binding upon Sdu Identification B.V.,
if the contents of the message are accompanied by a lawfully recognized type of signature.
The contents of this electronic mail message are privileged and confidential and are intended
only for use by the addressee. If you have received this electronic mail message by error,
please notify the sender and delete the message without reproducing it and using it in any way.

Re: Ftplet blocking unsecure operations

Posted by Niklas Gustavsson <ni...@protocol7.com>.

I've added a few convenience methods, somewhat like what you suggested
below, you can now use the following code in a Ftplet:
        if(session.isSecure() && session.getDataConnection().isSecure()) {
            // all is good
        }

Thanks for your suggestion, keep em coming :-)

/niklas

On Thu, Aug 7, 2008 at 4:59 PM, Jeroen Cranendonk
<je...@sdu-identification.nl> wrote:
> Hi!
>
> Me again :)
>
> I've cobbled together some code which should give an idea of what I'm trying
> to achieve, haven't tested it yet though. And I do realize this probably
> breaks your design in all kinds of ways :)
>
> Firstly, I've added the following to FtpSessionImpl:
>        public boolean isDataConnectionSecure() {
>                return ioSession.getDataConnection().isSecure();
>        }
>
>        public boolean isSecure() {
>                return
> ioSession.getFilterChain().contains("sslSessionFilter");
>        }
>
>        public void write(final Object message) {
>                ioSession.write(message);
>        }
>
> And then my Ftplet looks like this (and it probably won't compile unless
> it's against the full ftpserver code):
>
> public class MyFtplet extends DefaultFtplet implements Ftplet {
>
>        @Override
>        public FtpletEnum onUploadStart(final FtpSession session, final
> FtpRequest request) throws FtpException,
>                IOException {
>
>                return this.onLimitedStart(session, request);
>        }
>
>        private FtpletEnum onLimitedStart(final FtpSession session, final
> FtpRequest request) {
>
>                if (session.isSecure() && session.isDataConnectionSecure())
> {
>                        return FtpletEnum.RET_DEFAULT;
>                }
>
>                session.write(new
> DefaultFtpReply(FtpReply.REPLY_550_REQUESTED_ACTION_NOT_TAKEN,
>                        "Cannot do this before securing the connection."));
>                return FtpletEnum.RET_SKIP;
>        }
>
> }
>
>
>
>
> _______________________________________________________________________________________________
> Help save paper! Do you really need to print this email?
>
> Aan de inhoud van dit bericht kunnen alleen rechten ten opzichte van Sdu Identification B.V.
> worden ontleend, indien zij door rechtsgeldig ondertekende stukken worden ondersteund.
> De informatie in dit e-mailbericht is van vertrouwelijke aard en alleen bedoeld voor gebruik
> door geadresseerde. Als u een bericht onbedoeld heeft ontvangen, wordt u verzocht de
> verzender hiervan in kennis te stellen en het bericht te vernietigen zonder te vermenigvuldigen
> of andersoortig te gebruiken.
>
> The contents of this electronic mail message are only binding upon Sdu Identification B.V.,
> if the contents of the message are accompanied by a lawfully recognized type of signature.
> The contents of this electronic mail message are privileged and confidential and are intended
> only for use by the addressee. If you have received this electronic mail message by error,
> please notify the sender and delete the message without reproducing it and using it in any way.
>
>