You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ff...@apache.org on 2018/01/04 02:03:32 UTC
[cxf] branch master updated: [CXF-7603]private a way that only a
set of client IP can access the WADL
This is an automated email from the ASF dual-hosted git repository.
ffang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new d7272b5 [CXF-7603]private a way that only a set of client IP can access the WADL
d7272b5 is described below
commit d7272b5248f1b4e34745acba5ec127d7a5d77f46
Author: Freeman Fang <fr...@gmail.com>
AuthorDate: Thu Jan 4 10:03:17 2018 +0800
[CXF-7603]private a way that only a set of client IP can access the WADL
---
.../apache/cxf/jaxrs/model/wadl/WadlGenerator.java | 32 ++++++++++++++++++++++
.../cxf/jaxrs/model/wadl/WadlGeneratorTest.java | 15 ++++++++++
2 files changed, 47 insertions(+)
diff --git a/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/model/wadl/WadlGenerator.java b/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/model/wadl/WadlGenerator.java
index 7f4c7e7..b384c34 100644
--- a/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/model/wadl/WadlGenerator.java
+++ b/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/model/wadl/WadlGenerator.java
@@ -50,6 +50,7 @@ import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Logger;
+import javax.servlet.ServletRequest;
import javax.ws.rs.BeanParam;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.Encoded;
@@ -187,6 +188,7 @@ public class WadlGenerator implements ContainerRequestFilter {
private ElementQNameResolver resolver;
private List<String> privateAddresses;
+ private List<String> whiteList;
private String applicationTitle;
private String nsPrefix = DEFAULT_NS_PREFIX;
private MediaType defaultWadlResponseMediaType = MediaType.APPLICATION_XML_TYPE;
@@ -239,6 +241,28 @@ public class WadlGenerator implements ContainerRequestFilter {
context.abortWith(Response.status(404).build());
return;
}
+
+ if (whiteList != null && whiteList.size() > 0) {
+ ServletRequest servletRequest = (ServletRequest)m.getContextualProperty(
+ "HTTP.REQUEST");
+ String remoteAddress = null;
+ if (servletRequest != null) {
+ remoteAddress = servletRequest.getRemoteAddr();
+ } else {
+ remoteAddress = "";
+ }
+ boolean foundMatch = false;
+ for (String addr : whiteList) {
+ if (addr.equals(remoteAddress)) {
+ foundMatch = true;
+ break;
+ }
+ }
+ if (!foundMatch) {
+ context.abortWith(Response.status(404).build());
+ return;
+ }
+ }
HttpHeaders headers = new HttpHeadersImpl(m);
List<MediaType> accepts = headers.getAcceptableMediaTypes();
@@ -2253,6 +2277,14 @@ public class WadlGenerator implements ContainerRequestFilter {
}
+ public List<String> getWhiteList() {
+ return whiteList;
+ }
+
+ public void setWhiteList(List<String> whiteList) {
+ this.whiteList = whiteList;
+ }
+
private static class SchemaConverter extends DelegatingXMLStreamWriter {
private static final String SCHEMA_LOCATION = "schemaLocation";
private final Map<String, String> locsMap;
diff --git a/rt/rs/description/src/test/java/org/apache/cxf/jaxrs/model/wadl/WadlGeneratorTest.java b/rt/rs/description/src/test/java/org/apache/cxf/jaxrs/model/wadl/WadlGeneratorTest.java
index 79a10b9..53768e4 100644
--- a/rt/rs/description/src/test/java/org/apache/cxf/jaxrs/model/wadl/WadlGeneratorTest.java
+++ b/rt/rs/description/src/test/java/org/apache/cxf/jaxrs/model/wadl/WadlGeneratorTest.java
@@ -84,6 +84,21 @@ public class WadlGeneratorTest extends Assert {
}
@Test
+ public void testWhiteList() throws Exception {
+ WadlGenerator wg = new WadlGenerator();
+ List<String> whiteList = new ArrayList<String>();
+ whiteList.add("123.123.123.123");
+ wg.setWhiteList(whiteList);
+ wg.setExternalLinks(Collections.singletonList("http://books.xsd"));
+
+ ClassResourceInfo cri =
+ ResourceUtils.createClassResourceInfo(BookStore.class, BookStore.class, true, true);
+ Message m = mockMessage("http://localhost:8080/baz", "/bookstore/1", WadlGenerator.WADL_QUERY, cri);
+ Response response = handleRequest(wg, m);
+ assertEquals(response.getStatus(), 404);
+ }
+
+ @Test
public void testCustomSchemaJaxbContextPrefixes() throws Exception {
WadlGenerator wg = new WadlGenerator();
wg.setSchemaLocations(Collections.singletonList("classpath:/book1.xsd"));
--
To stop receiving notification emails like this one, please contact
['"commits@cxf.apache.org" <co...@cxf.apache.org>'].