You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by ng...@apache.org on 2008/04/16 23:14:48 UTC
svn commit: r648855 - in /mina/ftpserver/trunk/core/src:
main/java/org/apache/ftpserver/listener/mina/
test/java/org/apache/ftpserver/clienttests/
Author: ngn
Date: Wed Apr 16 14:14:25 2008
New Revision: 648855
URL: http://svn.apache.org/viewvc?rev=648855&view=rev
Log:
Adding support for blocking addresses or subnets (FTPSERVER-129)
Added:
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/InetAddressBlacklistTest.java
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/SubnetBlacklistTest.java
Modified:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/mina/MinaListener.java
Modified: mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/mina/MinaListener.java
URL: http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/mina/MinaListener.java?rev=648855&r1=648854&r2=648855&view=diff
==============================================================================
--- mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/mina/MinaListener.java (original)
+++ mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/mina/MinaListener.java Wed Apr 16 14:14:25 2008
@@ -20,7 +20,10 @@
package org.apache.ftpserver.listener.mina;
import java.io.IOException;
+import java.net.InetAddress;
import java.net.InetSocketAddress;
+import java.util.ArrayList;
+import java.util.List;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.TimeUnit;
@@ -36,6 +39,8 @@
import org.apache.mina.filter.codec.ProtocolCodecFilter;
import org.apache.mina.filter.executor.ExecutorFilter;
import org.apache.mina.filter.executor.OrderedThreadPoolExecutor;
+import org.apache.mina.filter.firewall.BlacklistFilter;
+import org.apache.mina.filter.firewall.Subnet;
import org.apache.mina.filter.logging.MdcInjectionFilter;
import org.apache.mina.filter.ssl.SslFilter;
import org.apache.mina.transport.socket.SocketAcceptor;
@@ -63,6 +68,9 @@
private FtpHandler handler = new DefaultFtpHandler();
private int idleTimeout = 60;
+
+ private List<InetAddress> blockedAddresses;
+ private List<Subnet> blockedSubnets;
public int getIdleTimeout() {
@@ -73,6 +81,24 @@
this.idleTimeout = idleTimeout;
}
+ private void updateBlacklistFilter() {
+ if(acceptor != null) {
+ BlacklistFilter filter = (BlacklistFilter) acceptor.getFilterChain().get("ipFilter");
+
+ if(filter != null) {
+ if(blockedAddresses != null) {
+ filter.setBlacklist(blockedAddresses);
+ } else if(blockedSubnets != null) {
+ filter.setSubnetBlacklist(blockedSubnets);
+ } else {
+ // an empty list clears the blocked addresses
+ filter.setSubnetBlacklist(new ArrayList<Subnet>());
+ }
+
+ }
+ }
+ }
+
/**
* @see Listener#start(FtpServerContext)
*/
@@ -93,8 +119,13 @@
((SocketSessionConfig) acceptor.getSessionConfig()).setReceiveBufferSize(512);
MdcInjectionFilter mdcFilter = new MdcInjectionFilter();
-
+
acceptor.getFilterChain().addLast("mdcFilter", mdcFilter);
+
+ // add and update the blacklist filter
+ acceptor.getFilterChain().addLast("ipFilter", new BlacklistFilter());
+ updateBlacklistFilter();
+
acceptor.getFilterChain().addLast("threadPool", new ExecutorFilter(filterExecutor));
acceptor.getFilterChain().addLast(
"codec",
@@ -216,4 +247,38 @@
((FtpHandlerAdapter)acceptor.getHandler()).setFtpHandler(handler);
}
}
+
+ /**
+ * Retrives the {@link InetAddress} for which this listener blocks connections
+ * @return The list of {@link InetAddress}es
+ */
+ public List<InetAddress> getBlockedAddresses() {
+ return blockedAddresses;
+ }
+
+ /**
+ * Sets the {@link InetAddress} that this listener will block from connecting
+ * @param blockedAddresses The list of {@link InetAddress}es
+ */
+ public synchronized void setBlockedAddresses(List<InetAddress> blockedAddresses) {
+ this.blockedAddresses = blockedAddresses;
+ updateBlacklistFilter();
+ }
+
+ /**
+ * Retrives the {@link Subnet}s for which this acceptor blocks connections
+ * @return The list of {@link Subnet}s
+ */
+ public List<Subnet> getBlockedSubnets() {
+ return blockedSubnets;
+ }
+
+ /**
+ * Sets the {@link Subnet}s that this listener will block from connecting
+ * @param blockedAddresses The list of {@link Subnet}s
+ */
+ public synchronized void setBlockedSubnets(List<Subnet> blockedSubnets) {
+ this.blockedSubnets = blockedSubnets;
+ updateBlacklistFilter();
+ }
}
Added: mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/InetAddressBlacklistTest.java
URL: http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/InetAddressBlacklistTest.java?rev=648855&view=auto
==============================================================================
--- mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/InetAddressBlacklistTest.java (added)
+++ mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/InetAddressBlacklistTest.java Wed Apr 16 14:14:25 2008
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ftpserver.clienttests;
+
+import java.net.InetAddress;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.commons.net.ftp.FTPConnectionClosedException;
+import org.apache.ftpserver.FtpServer;
+import org.apache.ftpserver.listener.mina.MinaListener;
+
+public class InetAddressBlacklistTest extends ClientTestTemplate {
+ protected FtpServer createServer() throws Exception {
+ FtpServer server = super.createServer();
+
+ MinaListener listener = (MinaListener) server.getServerContext().getListener("default");
+
+ List<InetAddress> blockedAddresses = new ArrayList<InetAddress>();
+ blockedAddresses.add(InetAddress.getByName("localhost"));
+
+ listener.setBlockedAddresses(blockedAddresses);
+
+ return server;
+ }
+
+ protected boolean isConnectClient() {
+ return false;
+ }
+
+ public void testConnect() throws Exception {
+ try {
+ client.connect("localhost", port);
+ fail("Must throw");
+ } catch(FTPConnectionClosedException e) {
+ // OK
+ }
+ }
+}
Added: mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/SubnetBlacklistTest.java
URL: http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/SubnetBlacklistTest.java?rev=648855&view=auto
==============================================================================
--- mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/SubnetBlacklistTest.java (added)
+++ mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/SubnetBlacklistTest.java Wed Apr 16 14:14:25 2008
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ftpserver.clienttests;
+
+import java.net.InetAddress;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.commons.net.ftp.FTPConnectionClosedException;
+import org.apache.ftpserver.FtpServer;
+import org.apache.ftpserver.listener.mina.MinaListener;
+import org.apache.mina.filter.firewall.Subnet;
+
+public class SubnetBlacklistTest extends ClientTestTemplate {
+ protected FtpServer createServer() throws Exception {
+ FtpServer server = super.createServer();
+
+ MinaListener listener = (MinaListener) server.getServerContext().getListener("default");
+
+ List<Subnet> blockedSubnets = new ArrayList<Subnet>();
+ blockedSubnets.add(new Subnet(InetAddress.getByName("localhost"), 32));
+
+ listener.setBlockedSubnets(blockedSubnets);
+
+ return server;
+ }
+
+ protected boolean isConnectClient() {
+ return false;
+ }
+
+ public void testConnect() throws Exception {
+ try {
+ client.connect("localhost", port);
+ fail("Must throw");
+ } catch(FTPConnectionClosedException e) {
+ // OK
+ }
+ }
+}