You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2011/11/07 05:54:38 UTC
svn commit: r1198623 - in /tomcat/tc7.0.x/trunk: ./
java/org/apache/catalina/valves/RequestFilterValve.java
java/org/apache/catalina/valves/mbeans-descriptors.xml
webapps/docs/changelog.xml
Author: kkolinko
Date: Mon Nov 7 04:54:38 2011
New Revision: 1198623
URL: http://svn.apache.org/viewvc?rev=1198623&view=rev
Log:
Merged revision 1198622 from tomcat/trunk:
RequestFilterValve (RemoteAddrValve, RemoteHostValve):
- Refactor process() method separating value testing logic into a new method, isAllowed(String)
- Expose isAllowValid, isDenyValid properties and the new isAllowed(String) method through JXM
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Nov 7 04:54:38 2011
@@ -1 +1 @@
-/tomcat/trunk:1156115,1156171,1156276,1156304,1156519,1156530,1156602,1157015,1157018,1157151,1157198,1157204,1157810,1157832,1157834,1157847,1157908,1157939,1158155,1158160,1158176,1158195,1158198-1158199,1158227,1158331,1158334-1158335,1158426,1160347,1160592,1160611,1160619,1160626,1160639,1160652,1160720-1160721,1160772,1160774,1160776,1161303,1161310,1161322,1161339,1161486,1161540,1161549,1161584,1162082,1162149,1162169,1162721,1162769,1162836,1162932,1163630,1164419,1164438,1164469,1164480,1164567,1165234,1165247-1165248,1165253,1165273,1165282,1165309,1165331,1165338,1165347,1165360-1165361,1165367-1165368,1165602,1165608,1165677,1165693,1165721,1165723,1165728,1165730,1165738,1165746,1165765,1165777,1165918,1165921,1166077,1166150-1166151,1166290,1166366,1166620,1166686,1166693,1166752,1166757,1167368,1167394,1169447,1170647,1171692,1172233-1172234,1172236,1172269,1172278,1172282,1172556,1172610,1172664,1172689,1172711,1173020-1173021,1173082,1173088,1173090,1173096
,1173241,1173256,1173288,1173333,1173342,1173461,1173614,1173630,1173659,1173722,1174061,1174239,1174322,1174325,1174329-1174330,1174337-1174339,1174343,1174353,1174799,1174882,1174884,1174983,1175155,1175158,1175167,1175182,1175190,1175201,1175272,1175275,1175283,1175582,1175589-1175590,1175594,1175602,1175613,1175633,1175690,1175713,1175798,1175889,1175896,1175907,1176584,1176590,1176799,1177050,1177060,1177125,1177152,1177160,1177245,1177850,1177862,1177978,1178209,1178228,1178233,1178449,1178542,1178681,1178684,1178721,1179268,1179274,1180261,1180865,1180891,1180894,1180907,1181028,1181123,1181125,1181136,1181291,1181743,1182796,1183078,1183105,1183142,1183328,1183339-1183340,1183492-1183494,1183605,1184917,1184919,1185018,1185020,1185200,1185588,1185626,1185756,1185758,1186011,1186042-1186045,1186104,1186123,1186137,1186153,1186254,1186257,1186377-1186379,1186479-1186480,1186712,1186743,1186750,1186763,1186890-1186892,1186894,1186949,1187018,1187027-1187028,1187381,1187
755,1187775,1187806,1187827,1188301,1188303-1188305,1188399,1188822,1188930-1188931,1189116,1189129,1189183,1189240,1189256,1189386,1189413-1189414,1189477,1189685,1189805,1189857,1189864,1189882,1190034,1190185,1190279,1190339,1190371,1190388-1190389,1190474,1190481,1194915,1195222-1195223,1195531,1195899,1195905,1195943,1195949,1195953,1195955,1195965,1195968,1196175,1196212,1196223,1196304-1196305,1196735,1196825,1196827,1197158,1197261,1197263,1197299-1197300,1197305,1197339-1197340,1197343,1197382,1197386-1197387,1197480,1197578,1198497,1198528,1198552,1198602,1198604,1198607
+/tomcat/trunk:1156115,1156171,1156276,1156304,1156519,1156530,1156602,1157015,1157018,1157151,1157198,1157204,1157810,1157832,1157834,1157847,1157908,1157939,1158155,1158160,1158176,1158195,1158198-1158199,1158227,1158331,1158334-1158335,1158426,1160347,1160592,1160611,1160619,1160626,1160639,1160652,1160720-1160721,1160772,1160774,1160776,1161303,1161310,1161322,1161339,1161486,1161540,1161549,1161584,1162082,1162149,1162169,1162721,1162769,1162836,1162932,1163630,1164419,1164438,1164469,1164480,1164567,1165234,1165247-1165248,1165253,1165273,1165282,1165309,1165331,1165338,1165347,1165360-1165361,1165367-1165368,1165602,1165608,1165677,1165693,1165721,1165723,1165728,1165730,1165738,1165746,1165765,1165777,1165918,1165921,1166077,1166150-1166151,1166290,1166366,1166620,1166686,1166693,1166752,1166757,1167368,1167394,1169447,1170647,1171692,1172233-1172234,1172236,1172269,1172278,1172282,1172556,1172610,1172664,1172689,1172711,1173020-1173021,1173082,1173088,1173090,1173096
,1173241,1173256,1173288,1173333,1173342,1173461,1173614,1173630,1173659,1173722,1174061,1174239,1174322,1174325,1174329-1174330,1174337-1174339,1174343,1174353,1174799,1174882,1174884,1174983,1175155,1175158,1175167,1175182,1175190,1175201,1175272,1175275,1175283,1175582,1175589-1175590,1175594,1175602,1175613,1175633,1175690,1175713,1175798,1175889,1175896,1175907,1176584,1176590,1176799,1177050,1177060,1177125,1177152,1177160,1177245,1177850,1177862,1177978,1178209,1178228,1178233,1178449,1178542,1178681,1178684,1178721,1179268,1179274,1180261,1180865,1180891,1180894,1180907,1181028,1181123,1181125,1181136,1181291,1181743,1182796,1183078,1183105,1183142,1183328,1183339-1183340,1183492-1183494,1183605,1184917,1184919,1185018,1185020,1185200,1185588,1185626,1185756,1185758,1186011,1186042-1186045,1186104,1186123,1186137,1186153,1186254,1186257,1186377-1186379,1186479-1186480,1186712,1186743,1186750,1186763,1186890-1186892,1186894,1186949,1187018,1187027-1187028,1187381,1187
755,1187775,1187806,1187827,1188301,1188303-1188305,1188399,1188822,1188930-1188931,1189116,1189129,1189183,1189240,1189256,1189386,1189413-1189414,1189477,1189685,1189805,1189857,1189864,1189882,1190034,1190185,1190279,1190339,1190371,1190388-1190389,1190474,1190481,1194915,1195222-1195223,1195531,1195899,1195905,1195943,1195949,1195953,1195955,1195965,1195968,1196175,1196212,1196223,1196304-1196305,1196735,1196825,1196827,1197158,1197261,1197263,1197299-1197300,1197305,1197339-1197340,1197343,1197382,1197386-1197387,1197480,1197578,1198497,1198528,1198552,1198602,1198604,1198607,1198622
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java?rev=1198623&r1=1198622&r2=1198623&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java Mon Nov 7 04:54:38 2011
@@ -192,6 +192,26 @@ public abstract class RequestFilterValve
/**
+ * Returns {@code false} if the last change to the {@code allow} pattern did
+ * not apply successfully. E.g. if the pattern is syntactically
+ * invalid.
+ */
+ public final boolean isAllowValid() {
+ return allowValid;
+ }
+
+
+ /**
+ * Returns {@code false} if the last change to the {@code deny} pattern did
+ * not apply successfully. E.g. if the pattern is syntactically
+ * invalid.
+ */
+ public final boolean isDenyValid() {
+ return denyValid;
+ }
+
+
+ /**
* Return descriptive information about this Valve implementation.
*/
@Override
@@ -256,34 +276,49 @@ public abstract class RequestFilterValve
* @exception IOException if an input/output error occurs
* @exception ServletException if a servlet error occurs
*/
- protected void process(String property,
- Request request, Response response)
- throws IOException, ServletException {
+ protected void process(String property, Request request, Response response)
+ throws IOException, ServletException {
+ if (isAllowed(property)) {
+ getNext().invoke(request, response);
+ return;
+ }
+
+ // Deny this request
+ response.sendError(HttpServletResponse.SC_FORBIDDEN);
+
+ }
+
+ /**
+ * Perform the test implemented by this Valve, matching against the
+ * specified request property value. This method is public so that it can be
+ * called through JMX, e.g. to test whether certain IP address is allowed or
+ * denied by the valve configuration.
+ *
+ * @param property
+ * The request property value on which to filter
+ */
+ public boolean isAllowed(String property) {
// Use local copies for thread safety
Pattern deny = this.deny;
Pattern allow = this.allow;
// Check the deny patterns, if any
if (deny != null && deny.matcher(property).matches()) {
- response.sendError(HttpServletResponse.SC_FORBIDDEN);
- return;
+ return false;
}
// Check the allow patterns, if any
if (allow != null && allow.matcher(property).matches()) {
- getNext().invoke(request, response);
- return;
+ return true;
}
// Allow if denies specified but not allows
if (deny != null && allow == null) {
- getNext().invoke(request, response);
- return;
+ return true;
}
// Deny this request
- response.sendError(HttpServletResponse.SC_FORBIDDEN);
-
+ return false;
}
}
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml?rev=1198623&r1=1198622&r2=1198623&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml Mon Nov 7 04:54:38 2011
@@ -336,6 +336,12 @@
description="The allow expression"
type="java.lang.String"/>
+ <attribute name="allowValid"
+ description="Becomes false if assigned value of allow expression is not syntactically correct"
+ is="true"
+ type="boolean"
+ writeable="false"/>
+
<attribute name="asyncSupported"
description="Does this valve support async reporting."
is="true"
@@ -355,11 +361,25 @@
type="java.lang.String"
writeable="false"/>
+ <attribute name="denyValid"
+ description="Becomes false if assigned value of deny expression is not syntactically correct"
+ is="true"
+ type="boolean"
+ writeable="false"/>
+
<attribute name="stateName"
description="The name of the LifecycleState that this component is currently in"
type="java.lang.String"
writeable="false"/>
+ <operation name="isAllowed"
+ description="Tests whether a client with this IP address value is allowed access by the current valve configuration"
+ impact="INFO"
+ returnType="boolean">
+ <parameter name="ipAddress"
+ description="IP address to be tested"
+ type="java.lang.String"/>
+ </operation>
</mbean>
<mbean name="RemoteHostValve"
@@ -372,6 +392,12 @@
description="The allow expression"
type="java.lang.String"/>
+ <attribute name="allowValid"
+ description="Becomes false if assigned value of allow expression is not syntactically correct"
+ is="true"
+ type="boolean"
+ writeable="false"/>
+
<attribute name="asyncSupported"
description="Does this valve support async reporting."
is="true"
@@ -391,11 +417,25 @@
type="java.lang.String"
writeable="false"/>
+ <attribute name="denyValid"
+ description="Becomes false if assigned value of deny expression is not syntactically correct"
+ is="true"
+ type="boolean"
+ writeable="false"/>
+
<attribute name="stateName"
description="The name of the LifecycleState that this component is currently in"
type="java.lang.String"
writeable="false"/>
+ <operation name="isAllowed"
+ description="Tests whether a client with this host name is allowed access by the current valve configuration"
+ impact="INFO"
+ returnType="boolean">
+ <parameter name="hostName"
+ description="host name to be tested"
+ type="java.lang.String"/>
+ </operation>
</mbean>
<mbean name="RemoteIpValve"
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1198623&r1=1198622&r2=1198623&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Mon Nov 7 04:54:38 2011
@@ -132,7 +132,7 @@
</fix>
<fix>
Ensure changes to the configuration of the RemoteHostValve and the
- RemoteIpValve via JMX are thread-safe. (markt)
+ RemoteAddrValve via JMX are thread-safe. (markt)
</fix>
<fix>
Ensure the the memory leak protection for the HttpClient keep-alive
@@ -173,6 +173,12 @@
<bug>52113</bug>: Don't assume presence of context.xml file with JMX
deployment. (markt)
</fix>
+ <update>
+ In <code>RequestFilterValve</code> (<code>RemoteAddrValve</code>,
+ <code>RemoteHostValve</code>): refactor value matching logic into
+ separate method and expose this new method <code>isAllowed</code>
+ through JMX. (kkolinko)
+ </update>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org