diff options
| author | Robert Gemmell <robbie@apache.org> | 2010-06-17 14:37:59 +0000 |
|---|---|---|
| committer | Robert Gemmell <robbie@apache.org> | 2010-06-17 14:37:59 +0000 |
| commit | 097f6a0e13ac6a650b574329fc3b20bfe5553cdd (patch) | |
| tree | cdb7c89e62dd551bc83064641a9dd75199135c11 /java/broker-plugins/firewall | |
| parent | f383975c33ab31adc84383e75422314e1e2a03ce (diff) | |
| download | qpid-python-097f6a0e13ac6a650b574329fc3b20bfe5553cdd.tar.gz | |
QPID-2662: Use actual SocketAddress instead of the String representation
Applied patch from Andrew Kennedy <andrew.international@gmail.com>
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@955617 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'java/broker-plugins/firewall')
3 files changed, 38 insertions, 65 deletions
diff --git a/java/broker-plugins/firewall/src/main/java/org/apache/qpid/server/security/access/plugins/Firewall.java b/java/broker-plugins/firewall/src/main/java/org/apache/qpid/server/security/access/plugins/Firewall.java index ae2baa95ca..a6ea9d261e 100644 --- a/java/broker-plugins/firewall/src/main/java/org/apache/qpid/server/security/access/plugins/Firewall.java +++ b/java/broker-plugins/firewall/src/main/java/org/apache/qpid/server/security/access/plugins/Firewall.java @@ -21,13 +21,10 @@ package org.apache.qpid.server.security.access.plugins; import java.net.InetAddress; -import java.net.UnknownHostException; -import java.util.List; +import java.net.InetSocketAddress; -import org.apache.commons.configuration.CompositeConfiguration; import org.apache.commons.configuration.Configuration; import org.apache.commons.configuration.ConfigurationException; -import org.apache.commons.configuration.XMLConfiguration; import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin; import org.apache.qpid.server.security.AbstractPlugin; import org.apache.qpid.server.security.Result; @@ -87,28 +84,19 @@ public class Firewall extends AbstractPlugin { return Result.ABSTAIN; // We are only interested in access to virtualhosts } - - // TODO alter 0-10 code path to expose the SocketAddress object? - String address = (String) instance; - - if (address == null || address.trim().length() == 0) + + if (!(instance instanceof InetSocketAddress)) { - return Result.ABSTAIN; // We need an address + return Result.ABSTAIN; // We need an internet address } + InetAddress address = ((InetSocketAddress) instance).getAddress(); + try { - int slash = address.indexOf('/'); - int colon = address.indexOf(':'); - InetAddress addr = InetAddress.getByName(address.substring(slash == -1 ? 0 : slash + 1, colon == -1 ? address.length() : colon)); - if (addr == null) - { - return Result.ABSTAIN; // Not a real address - } - for (FirewallRule rule : _rules) { - boolean match = rule.match(addr); + boolean match = rule.match(address); if (match) { return rule.getAccess(); @@ -116,11 +104,6 @@ public class Firewall extends AbstractPlugin } return getDefault(); } - catch (UnknownHostException uhe) - { - _logger.error("Address format invalid: " + address, uhe); - return Result.DENIED; - } catch (FirewallException fe) { return Result.DENIED; diff --git a/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java b/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java index e688114461..ab8957e7ef 100644 --- a/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java +++ b/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java @@ -24,33 +24,16 @@ import java.io.File; import java.io.FileWriter; import java.io.IOException; import java.io.RandomAccessFile; +import java.net.InetSocketAddress; -import junit.framework.TestCase; - -import org.apache.qpid.server.protocol.AMQProtocolEngine; -import org.apache.qpid.server.protocol.AMQProtocolSession; import org.apache.qpid.server.registry.ApplicationRegistry; import org.apache.qpid.server.registry.ConfigurationFileApplicationRegistry; +import org.apache.qpid.server.util.InternalBrokerBaseCase; import org.apache.qpid.server.virtualhost.VirtualHost; import org.apache.qpid.server.virtualhost.VirtualHostRegistry; -import org.apache.qpid.transport.TestNetworkDriver; -public class FirewallConfigurationTest extends TestCase +public class FirewallConfigurationTest extends InternalBrokerBaseCase { - @Override - public void setUp() - { - //Highlight that this test will cause a new AR to be created - //ApplicationRegistry.getInstance(); - } - - @Override - public void tearDown() throws Exception - { - //Correctly Close the AR we created - //ApplicationRegistry.remove(); - } - public void testFirewallConfiguration() throws Exception { // Write out config @@ -65,8 +48,8 @@ public class FirewallConfigurationTest extends TestCase ApplicationRegistry.initialise(reg, 1); // Test config - assertFalse(reg.getSecurityManager().accessVirtualhost("test", "127.0.0.1")); - assertTrue(reg.getSecurityManager().accessVirtualhost("test", "127.1.2.3")); + assertFalse(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.0.0.1", 65535))); + assertTrue(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.1.2.3", 65535))); } finally { @@ -94,6 +77,7 @@ public class FirewallConfigurationTest extends TestCase out = new FileWriter(fileA); out.write("<broker>\n"); out.write("\t<plugin-directory>${QPID_HOME}/lib/plugins</plugin-directory>\n"); + out.write("\t<cache-directory>${QPID_WORK}/cache</cache-directory>\n"); out.write("\t<management><enabled>false</enabled></management>\n"); out.write("\t<security>\n"); out.write("\t\t<principal-databases>\n"); @@ -137,7 +121,7 @@ public class FirewallConfigurationTest extends TestCase ApplicationRegistry.initialise(reg, 1); // Test config - assertFalse(reg.getSecurityManager().accessVirtualhost("test", "127.0.0.1")); + assertFalse(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.0.0.1", 65535))); } finally { @@ -160,14 +144,14 @@ public class FirewallConfigurationTest extends TestCase ApplicationRegistry.initialise(reg, 1); // Test config - assertFalse(reg.getSecurityManager().accessVirtualhost("test", "127.0.0.1")); + assertFalse(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.0.0.1", 65535))); // Switch to deny the connection writeConfigFile(mainFile, true); reg.getConfiguration().reparseConfigFileSecuritySections(); - assertTrue(reg.getSecurityManager().accessVirtualhost("test", "127.0.0.1")); + assertTrue(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.0.0.1", 65535))); } finally { @@ -238,7 +222,7 @@ public class FirewallConfigurationTest extends TestCase ApplicationRegistry.initialise(reg, 1); // Test config - assertFalse(reg.getSecurityManager().accessVirtualhost("test", "127.0.0.1")); + assertFalse(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.0.0.1", 65535))); RandomAccessFile fileBRandom = new RandomAccessFile(fileB, "rw"); fileBRandom.setLength(0); @@ -253,7 +237,7 @@ public class FirewallConfigurationTest extends TestCase reg.getConfiguration().reparseConfigFileSecuritySections(); - assertTrue(reg.getSecurityManager().accessVirtualhost("test", "127.0.0.1")); + assertTrue(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.0.0.1", 65535))); fileBRandom = new RandomAccessFile(fileB, "rw"); fileBRandom.setLength(0); @@ -268,7 +252,7 @@ public class FirewallConfigurationTest extends TestCase reg.getConfiguration().reparseConfigFileSecuritySections(); - assertFalse(reg.getSecurityManager().accessVirtualhost("test", "127.0.0.1")); + assertFalse(reg.getSecurityManager().accessVirtualhost("test", new InetSocketAddress("127.0.0.1", 65535))); } finally { diff --git a/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallPluginTest.java b/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallPluginTest.java index 89dba035e4..2b04962c89 100644 --- a/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallPluginTest.java +++ b/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallPluginTest.java @@ -23,11 +23,10 @@ import java.io.File; import java.io.FileWriter; import java.io.IOException; import java.net.InetSocketAddress; - +import java.net.SocketAddress; import org.apache.commons.configuration.ConfigurationException; import org.apache.commons.configuration.XMLConfiguration; -import org.apache.qpid.server.configuration.ServerConfiguration; import org.apache.qpid.server.security.Result; import org.apache.qpid.server.security.access.plugins.Firewall; import org.apache.qpid.server.security.access.plugins.FirewallConfiguration; @@ -73,8 +72,15 @@ public class FirewallPluginTest extends InternalBrokerBaseCase } // IP address - private String _address= "127.0.0.1"; + private SocketAddress _address; + @Override + public void setUp() throws Exception + { + super.setUp(); + + _address = new InetSocketAddress("127.0.0.1", 65535); + } private Firewall initialisePlugin(String defaultAction, RuleInfo[] rules) throws IOException, ConfigurationException { @@ -139,7 +145,7 @@ public class FirewallPluginTest extends InternalBrokerBaseCase assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address)); // Set IP so that we're connected from the right address - _address = "192.168.23.23"; + _address = new InetSocketAddress("192.168.23.23", 65535); assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address)); } @@ -154,7 +160,7 @@ public class FirewallPluginTest extends InternalBrokerBaseCase assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address)); // Set IP so that we're connected from the right address - _address = "192.168.23.23"; + _address = new InetSocketAddress("192.168.23.23", 65535); assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address)); } @@ -167,7 +173,7 @@ public class FirewallPluginTest extends InternalBrokerBaseCase Firewall plugin = initialisePlugin("deny", new RuleInfo[]{rule}); // Set IP so that we're connected from the right address - _address = "127.0.0.1"; + _address = new InetSocketAddress("127.0.0.1", 65535); assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address)); } @@ -180,7 +186,7 @@ public class FirewallPluginTest extends InternalBrokerBaseCase Firewall plugin = initialisePlugin("deny", new RuleInfo[]{rule}); // Set IP so that we're connected from the right address - _address = "127.0.0.1"; + _address = new InetSocketAddress("127.0.0.1", 65535); assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address)); } @@ -203,7 +209,7 @@ public class FirewallPluginTest extends InternalBrokerBaseCase assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address)); // Set IP so that we're connected from the right address - _address = "192.168.23.23"; + _address = new InetSocketAddress("192.168.23.23", 65535); assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address)); } @@ -226,7 +232,7 @@ public class FirewallPluginTest extends InternalBrokerBaseCase assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address)); // Set IP so that we're connected from the right address - _address = "192.168.23.23"; + _address = new InetSocketAddress("192.168.23.23", 65535); assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address)); } @@ -240,7 +246,7 @@ public class FirewallPluginTest extends InternalBrokerBaseCase assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address)); // Set IP so that we're connected from the right address - _address = "192.168.23.23"; + _address = new InetSocketAddress("192.168.23.23", 65535); assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address)); } @@ -254,7 +260,7 @@ public class FirewallPluginTest extends InternalBrokerBaseCase assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address)); // Set IP so that we're connected from the right address - _address = "192.168.23.23"; + _address = new InetSocketAddress("192.168.23.23", 65535); assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address)); } @@ -266,11 +272,11 @@ public class FirewallPluginTest extends InternalBrokerBaseCase Firewall plugin = initialisePlugin("deny", new RuleInfo[]{firstRule}); // Set IP so that we're connected from the right address - _address = "10.0.0.1"; + _address = new InetSocketAddress("10.0.0.1", 65535); assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address)); // Set IP so that we're connected from the right address - _address = "127.0.0.1"; + _address = new InetSocketAddress("127.0.0.1", 65535); assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address)); } } |