You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2011/11/07 05:42:42 UTC

svn commit: r1198622 - in /tomcat/trunk/java/org/apache/catalina/valves: RequestFilterValve.java mbeans-descriptors.xml

Author: kkolinko
Date: Mon Nov  7 04:42:42 2011
New Revision: 1198622

URL: http://svn.apache.org/viewvc?rev=1198622&view=rev
Log:
RequestFilterValve (RemoteAddrValve, RemoteHostValve):
- Refactor process() method separating value testing logic into a new method, isAllowed(String)
- Expose isAllowValid, isDenyValid properties and the new isAllowed(String) method through JXM

Modified:
    tomcat/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
    tomcat/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml

Modified: tomcat/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/RequestFilterValve.java?rev=1198622&r1=1198621&r2=1198622&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/valves/RequestFilterValve.java (original)
+++ tomcat/trunk/java/org/apache/catalina/valves/RequestFilterValve.java Mon Nov  7 04:42:42 2011
@@ -181,6 +181,26 @@ public abstract class RequestFilterValve
     }
 
 
+    /**
+     * Returns {@code false} if the last change to the {@code allow} pattern did
+     * not apply successfully. E.g. if the pattern is syntactically
+     * invalid.
+     */
+    public final boolean isAllowValid() {
+        return allowValid;
+    }
+
+
+    /**
+     * Returns {@code false} if the last change to the {@code deny} pattern did
+     * not apply successfully. E.g. if the pattern is syntactically
+     * invalid.
+     */
+    public final boolean isDenyValid() {
+        return denyValid;
+    }
+
+
     // --------------------------------------------------------- Public Methods
 
     /**
@@ -234,34 +254,49 @@ public abstract class RequestFilterValve
      * @exception IOException if an input/output error occurs
      * @exception ServletException if a servlet error occurs
      */
-    protected void process(String property,
-                           Request request, Response response)
-        throws IOException, ServletException {
+    protected void process(String property, Request request, Response response)
+            throws IOException, ServletException {
 
+        if (isAllowed(property)) {
+            getNext().invoke(request, response);
+            return;
+        }
+
+        // Deny this request
+        response.sendError(HttpServletResponse.SC_FORBIDDEN);
+
+    }
+
+    /**
+     * Perform the test implemented by this Valve, matching against the
+     * specified request property value. This method is public so that it can be
+     * called through JMX, e.g. to test whether certain IP address is allowed or
+     * denied by the valve configuration.
+     *
+     * @param property
+     *            The request property value on which to filter
+     */
+    public boolean isAllowed(String property) {
         // Use local copies for thread safety
         Pattern deny = this.deny;
         Pattern allow = this.allow;
 
         // Check the deny patterns, if any
         if (deny != null && deny.matcher(property).matches()) {
-            response.sendError(HttpServletResponse.SC_FORBIDDEN);
-            return;
+            return false;
         }
 
         // Check the allow patterns, if any
         if (allow != null && allow.matcher(property).matches()) {
-            getNext().invoke(request, response);
-            return;
+            return true;
         }
 
         // Allow if denies specified but not allows
         if (deny != null && allow == null) {
-            getNext().invoke(request, response);
-            return;
+            return true;
         }
 
         // Deny this request
-        response.sendError(HttpServletResponse.SC_FORBIDDEN);
-
+        return false;
     }
 }

Modified: tomcat/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml?rev=1198622&r1=1198621&r2=1198622&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml (original)
+++ tomcat/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml Mon Nov  7 04:42:42 2011
@@ -316,6 +316,12 @@
                description="The allow expression"
                type="java.lang.String"/>
 
+    <attribute name="allowValid"
+               description="Becomes false if assigned value of allow expression is not syntactically correct"
+               is="true"
+               type="boolean"
+               writeable="false"/>
+
     <attribute name="asyncSupported"
                description="Does this valve support async reporting."
                is="true"
@@ -330,11 +336,25 @@
                description="The deny expression"
                type="java.lang.String"/>
 
+    <attribute name="denyValid"
+               description="Becomes false if assigned value of deny expression is not syntactically correct"
+               is="true"
+               type="boolean"
+               writeable="false"/>
+
     <attribute name="stateName"
                description="The name of the LifecycleState that this component is currently in"
                type="java.lang.String"
                writeable="false"/>
 
+    <operation name="isAllowed"
+               description="Tests whether a client with this IP address value is allowed access by the current valve configuration"
+               impact="INFO"
+               returnType="boolean">
+      <parameter name="ipAddress"
+          description="IP address to be tested"
+                 type="java.lang.String"/>
+    </operation>
   </mbean>
 
   <mbean name="RemoteHostValve"
@@ -347,6 +367,12 @@
                description="The allow expression"
                type="java.lang.String"/>
 
+    <attribute name="allowValid"
+               description="Becomes false if assigned value of allow expression is not syntactically correct"
+               is="true"
+               type="boolean"
+               writeable="false"/>
+
     <attribute name="asyncSupported"
                description="Does this valve support async reporting."
                is="true"
@@ -361,11 +387,25 @@
                description="The deny expression"
                type="java.lang.String"/>
 
+    <attribute name="denyValid"
+               description="Becomes false if assigned value of deny expression is not syntactically correct"
+               is="true"
+               type="boolean"
+               writeable="false"/>
+
     <attribute name="stateName"
                description="The name of the LifecycleState that this component is currently in"
                type="java.lang.String"
                writeable="false"/>
 
+    <operation name="isAllowed"
+               description="Tests whether a client with this host name is allowed access by the current valve configuration"
+               impact="INFO"
+               returnType="boolean">
+      <parameter name="hostName"
+          description="host name to be tested"
+                 type="java.lang.String"/>
+    </operation>
   </mbean>
 
   <mbean name="RemoteIpValve"



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org