You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2011/11/10 12:27:11 UTC
svn commit: r1200273 - in /tomcat/tc6.0.x/trunk: ./ STATUS.txt
java/org/apache/catalina/valves/RequestFilterValve.java
java/org/apache/catalina/valves/mbeans-descriptors.xml
webapps/docs/changelog.xml
Author: kkolinko
Date: Thu Nov 10 11:27:10 2011
New Revision: 1200273
URL: http://svn.apache.org/viewvc?rev=1200273&view=rev
Log:
RequestFilterValve (RemoteAddrValve, RemoteHostValve):
- Refactor process() method separating value testing logic into a new method, isAllowed(String)
- Expose isAllowValid, isDenyValid properties and the new isAllowed(String) method through JXM
(r1198622 in tomcat/trunk, r1198623 in TC7)
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc6.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Nov 10 11:27:10 2011
@@ -1 +1 @@
-/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,666232,673796,673820,677910,683969,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,713953,714002,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,752323,753039,757335,757774,758249,758365,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763228,763262,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335,769979,770716,77
0809,770876,772872,776921,776924,776935,776945,777464,777466,777576,777625,778379,778523-778524,781528,781779,782145,782791,783316,783696,783724,783756,783762,783766,783863,783934,784453,784602,784614,785381,785688,785768,785859,786468,786487,786490,786496,786667,787627,787770,787985,789389,790405,791041,791184,791194,791224,791243,791326,791328,791789,792740,793372,793757,793882,793981,794082,794673,794822,795043,795152,795210,795457,795466,797168,797425,797596,797607,802727,802940,804462,804544,804734,805153,809131,809603,810916,810977,812125,812137,812432,813001,813013,813866,814180,814708,814876,815972,816252,817442,817822,819339,819361,820110,820132,820874,820954,821397,828196,828201,828210,828225,828759,830378-830379,830999,831106,831774,831785,831828,831850,831860,832214,832218,833121,833545,834047,835036,835336,836405,881396,881412,883130,883134,883146,883165,883177,883362,883565,884341,885038,885231,885241,885260,885901,885991,886019,888072,889363,889606,889716,8901
39,890265,890349-890350,890417,891185-891187,891583,892198,892341,892415,892464,892555,892812,892814,892817,892843,892887,893321,893493,894580,894586,894805,894831,895013,895045,895057,895191,895392,895703,896370,896384,897380-897381,897776,898126,898256,898468,898527,898555,898558,898718,898836,898906,899284,899348,899420,899653,899769-899770,899783,899788,899792,899916,899918-899919,899935,899949,903916,905020,905151,905722,905728,905735,907311,907513,907538,907652,907819,907825,907864,908002,908721,908754,908759,909097,909206,909212,909525,909636,909869,909875,909887,910266,910370,910442,910471,910485,910974,915226,915737,915861,916097,916141,916157,916170,917598,917633,918093,918489,918594,918684,918787,918792,918799,918803,918885,919851,919914,920025,920055,920298,920449,920596,920824,920840,921444,922010,926716,927062,927621,928482,928695,928732,928798,931709,932357,932967,935105,935983,939491,939551,940064,941356,941463,943112,944409,944416,945231,945808,945835,945841
,946686,948057,950164,950596,950614,950851,950905,951615,953434,954435,955648,955655,956832,957130,957830,958192,960701,961948,962865,962872,962881,962900,963106,963865,963868,964614,966177-966178,966292,966692,966863,981815,988448,991837,993042,1001955,1002185,1002263,1002274,1002349,1002359,1002362,1002481,1002514,1003461,1003481,1003488,1003556,1003572,1003581,1003861,1004393,1004409,1004415,1004868-1004869,1004912,1005452,1005467,1005647,1005802,1022120,1022134,1022323,1022415,1022606,1022623,1024224,1024251,1026042,1026784,1026912,1026920,1029767,1033415,1033448,1033842,1033897,1037715,1037794,1037887,1037924,1038041,1042022,1042029,1042447,1042452,1042494,1044944,1044987,1050249,1055055,1055236,1055458,1055975,1056264,1056828,1056889,1059881,1061412,1061442,1061446,1062398,1064652,1066244,1066772,1067039,1067139,1069824,1070139,1070420,1070609,1072042,1073393,1075458,1076212,1078409,1078412,1079801,1081334,1088179,1088460,1090022,1094069,1094089,1095138,1097899,1099575
,1099586,1099772,1099789,1100145,1100822,1101094,1101144,1124680,1130774,1133014,1137862,1137996,1138950,1138953,1140693,1141104,1141441,1142043,1142904,1143134,1143150,1148216,1148471,1152601,1156171,1156519,1164567,1167394,1172233-1172234,1172236,1173614,1174353,1174882,1174884,1175158,1175190,1176799,1177125,1177245,1177850,1177862,1178228,1178233,1178684,1181028,1181136,1184917,1184919,1185200,1185588,1186011,1186104,1186123,1186137,1186153,1186378,1186712,1186763,1186949,1187381,1189240,1189386,1190388-1190389
+/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,666232,673796,673820,677910,683969,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,713953,714002,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,752323,753039,757335,757774,758249,758365,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763228,763262,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335,769979,770716,77
0809,770876,772872,776921,776924,776935,776945,777464,777466,777576,777625,778379,778523-778524,781528,781779,782145,782791,783316,783696,783724,783756,783762,783766,783863,783934,784453,784602,784614,785381,785688,785768,785859,786468,786487,786490,786496,786667,787627,787770,787985,789389,790405,791041,791184,791194,791224,791243,791326,791328,791789,792740,793372,793757,793882,793981,794082,794673,794822,795043,795152,795210,795457,795466,797168,797425,797596,797607,802727,802940,804462,804544,804734,805153,809131,809603,810916,810977,812125,812137,812432,813001,813013,813866,814180,814708,814876,815972,816252,817442,817822,819339,819361,820110,820132,820874,820954,821397,828196,828201,828210,828225,828759,830378-830379,830999,831106,831774,831785,831828,831850,831860,832214,832218,833121,833545,834047,835036,835336,836405,881396,881412,883130,883134,883146,883165,883177,883362,883565,884341,885038,885231,885241,885260,885901,885991,886019,888072,889363,889606,889716,8901
39,890265,890349-890350,890417,891185-891187,891583,892198,892341,892415,892464,892555,892812,892814,892817,892843,892887,893321,893493,894580,894586,894805,894831,895013,895045,895057,895191,895392,895703,896370,896384,897380-897381,897776,898126,898256,898468,898527,898555,898558,898718,898836,898906,899284,899348,899420,899653,899769-899770,899783,899788,899792,899916,899918-899919,899935,899949,903916,905020,905151,905722,905728,905735,907311,907513,907538,907652,907819,907825,907864,908002,908721,908754,908759,909097,909206,909212,909525,909636,909869,909875,909887,910266,910370,910442,910471,910485,910974,915226,915737,915861,916097,916141,916157,916170,917598,917633,918093,918489,918594,918684,918787,918792,918799,918803,918885,919851,919914,920025,920055,920298,920449,920596,920824,920840,921444,922010,926716,927062,927621,928482,928695,928732,928798,931709,932357,932967,935105,935983,939491,939551,940064,941356,941463,943112,944409,944416,945231,945808,945835,945841
,946686,948057,950164,950596,950614,950851,950905,951615,953434,954435,955648,955655,956832,957130,957830,958192,960701,961948,962865,962872,962881,962900,963106,963865,963868,964614,966177-966178,966292,966692,966863,981815,988448,991837,993042,1001955,1002185,1002263,1002274,1002349,1002359,1002362,1002481,1002514,1003461,1003481,1003488,1003556,1003572,1003581,1003861,1004393,1004409,1004415,1004868-1004869,1004912,1005452,1005467,1005647,1005802,1022120,1022134,1022323,1022415,1022606,1022623,1024224,1024251,1026042,1026784,1026912,1026920,1029767,1033415,1033448,1033842,1033897,1037715,1037794,1037887,1037924,1038041,1042022,1042029,1042447,1042452,1042494,1044944,1044987,1050249,1055055,1055236,1055458,1055975,1056264,1056828,1056889,1059881,1061412,1061442,1061446,1062398,1064652,1066244,1066772,1067039,1067139,1069824,1070139,1070420,1070609,1072042,1073393,1075458,1076212,1078409,1078412,1079801,1081334,1088179,1088460,1090022,1094069,1094089,1095138,1097899,1099575
,1099586,1099772,1099789,1100145,1100822,1101094,1101144,1124680,1130774,1133014,1137862,1137996,1138950,1138953,1140693,1141104,1141441,1142043,1142904,1143134,1143150,1148216,1148471,1152601,1156171,1156519,1164567,1167394,1172233-1172234,1172236,1173614,1174353,1174882,1174884,1175158,1175190,1176799,1177125,1177245,1177850,1177862,1178228,1178233,1178684,1181028,1181136,1184917,1184919,1185200,1185588,1186011,1186104,1186123,1186137,1186153,1186378,1186712,1186763,1186949,1187381,1189240,1189386,1190388-1190389,1198622
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1200273&r1=1200272&r2=1200273&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Thu Nov 10 11:27:10 2011
@@ -78,15 +78,6 @@ PATCHES PROPOSED TO BACKPORT:
+1: kkolinko, markt
-1:
-* In RequestFilterValve (RemoteAddrValve, RemoteHostValve):
- refactor value matching logic into separate method and expose this
- new method through JMX.
- Expose previously added isAllowValid, isDenyValid properties as well.
- (r1198623 in TC7)
- http://people.apache.org/~kkolinko/patches/2011-11-08_tc6_RequestFilterValve_JMX.patch
- +1: kkolinko, markt, jfclere
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50570
Apply FIPS mode patch from TC7:
http://svn.apache.org/viewvc?rev=1199985&view=rev
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java?rev=1200273&r1=1200272&r2=1200273&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java Thu Nov 10 11:27:10 2011
@@ -165,9 +165,9 @@ public abstract class RequestFilterValve
public void setAllow(String allow) {
boolean success = false;
try {
+ this.allow = allow;
allows = precalculate(allow);
success = true;
- this.allow = allow;
} finally {
allowValid = success;
}
@@ -194,9 +194,9 @@ public abstract class RequestFilterValve
public void setDeny(String deny) {
boolean success = false;
try {
+ this.deny = deny;
denies = precalculate(deny);
success = true;
- this.deny = deny;
} finally {
denyValid = success;
}
@@ -204,6 +204,26 @@ public abstract class RequestFilterValve
/**
+ * Returns <code>false</code> if the last change to the
+ * <code>allow</code> pattern did not apply successfully. E.g.
+ * if the pattern is syntactically invalid.
+ */
+ public final boolean isAllowValid() {
+ return allowValid;
+ }
+
+
+ /**
+ * Returns <code>false</code> if the last change to the
+ * <code>deny</code> pattern did not apply successfully. E.g.
+ * if the pattern is syntactically invalid.
+ */
+ public final boolean isDenyValid() {
+ return denyValid;
+ }
+
+
+ /**
* Return descriptive information about this Valve implementation.
*/
public String getInfo() {
@@ -292,6 +312,27 @@ public abstract class RequestFilterValve
Request request, Response response)
throws IOException, ServletException {
+ if (isAllowed(property)) {
+ getNext().invoke(request, response);
+ return;
+ }
+
+ // Deny this request
+ response.sendError(HttpServletResponse.SC_FORBIDDEN);
+
+ }
+
+
+ /**
+ * Perform the test implemented by this Valve, matching against the
+ * specified request property value. This method is public so that it can be
+ * called through JMX, e.g. to test whether certain IP address is allowed or
+ * denied by the valve configuration.
+ *
+ * @param property
+ * The request property value on which to filter
+ */
+ public boolean isAllowed(String property) {
// Use local copies for thread safety
Pattern[] denies = this.denies;
Pattern[] allows = this.allows;
@@ -299,28 +340,24 @@ public abstract class RequestFilterValve
// Check the deny patterns, if any
for (int i = 0; i < denies.length; i++) {
if (denies[i].matcher(property).matches()) {
- response.sendError(HttpServletResponse.SC_FORBIDDEN);
- return;
+ return false;
}
}
// Check the allow patterns, if any
for (int i = 0; i < allows.length; i++) {
if (allows[i].matcher(property).matches()) {
- getNext().invoke(request, response);
- return;
+ return true;
}
}
// Allow if denies specified but not allows
if ((denies.length > 0) && (allows.length == 0)) {
- getNext().invoke(request, response);
- return;
+ return true;
}
// Deny this request
- response.sendError(HttpServletResponse.SC_FORBIDDEN);
-
+ return false;
}
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml?rev=1200273&r1=1200272&r2=1200273&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml Thu Nov 10 11:27:10 2011
@@ -287,6 +287,12 @@
description="The comma-delimited set of allow expressions"
type="java.lang.String"/>
+ <attribute name="allowValid"
+ description="Becomes false if assigned value of allow expression is not syntactically correct"
+ is="true"
+ type="boolean"
+ writeable="false"/>
+
<attribute name="containerName"
description="Object name of the container"
type="javax.management.ObjectName"/>
@@ -300,6 +306,20 @@
description="The comma-delimited set of deny expressions"
type="java.lang.String"/>
+ <attribute name="denyValid"
+ description="Becomes false if assigned value of deny expression is not syntactically correct"
+ is="true"
+ type="boolean"
+ writeable="false"/>
+
+ <operation name="isAllowed"
+ description="Tests whether a client with this IP address value is allowed access by the current valve configuration"
+ impact="INFO"
+ returnType="boolean">
+ <parameter name="ipAddress"
+ description="IP address to be tested"
+ type="java.lang.String"/>
+ </operation>
</mbean>
<mbean name="RemoteHostValve"
@@ -314,6 +334,12 @@
description="The comma-delimited set of allow expressions"
type="java.lang.String"/>
+ <attribute name="allowValid"
+ description="Becomes false if assigned value of allow expression is not syntactically correct"
+ is="true"
+ type="boolean"
+ writeable="false"/>
+
<attribute name="containerName"
description="Object name of the container"
type="javax.management.ObjectName"/>
@@ -327,6 +353,21 @@
description="The comma-delimited set of deny expressions"
type="java.lang.String"/>
+ <attribute name="denyValid"
+ description="Becomes false if assigned value of deny expression is not syntactically correct"
+ is="true"
+ type="boolean"
+ writeable="false"/>
+
+ <operation name="isAllowed"
+ description="Tests whether a client with this host name is allowed access by the current valve configuration"
+ impact="INFO"
+ returnType="boolean">
+ <parameter name="hostName"
+ description="host name to be tested"
+ type="java.lang.String"/>
+ </operation>
+
</mbean>
<mbean name="RequestDumperValve"
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1200273&r1=1200272&r2=1200273&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Thu Nov 10 11:27:10 2011
@@ -116,6 +116,12 @@
RemoteHostValve result in the failure of the valve rather than
just a warning message. (kkolinko)
</add>
+ <update>
+ In <code>RequestFilterValve</code> (<code>RemoteAddrValve</code>,
+ <code>RemoteHostValve</code>): refactor value matching logic into
+ separate method and expose this new method <code>isAllowed</code>
+ through JMX. (kkolinko)
+ </update>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org