From ca57d6ca9f260c6332d0bf0ab3ff37c476ec9fb3 Mon Sep 17 00:00:00 2001
From: Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Mon, 18 Mar 2013 17:06:12 +0000
Subject: [PATCH] OPENDJ-808 Implement a simple commons REST based HTTP connection handler
---
opends/src/server/org/opends/server/types/AddressMask.java | 9 +-
opends/src/server/org/opends/server/loggers/AbstractTextAccessLogPublisher.java | 29 ++++-----
opends/src/server/org/opends/server/core/networkgroups/IPConnectionCriteria.java | 30 ++++-----
opends/tests/unit-tests-testng/src/server/org/opends/server/types/TestAddressMask.java | 96 ++++++++++++++-----------------
opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java | 16 ++--
5 files changed, 82 insertions(+), 98 deletions(-)
diff --git a/opends/src/server/org/opends/server/core/networkgroups/IPConnectionCriteria.java b/opends/src/server/org/opends/server/core/networkgroups/IPConnectionCriteria.java
index b67e15e..0abc89f 100644
--- a/opends/src/server/org/opends/server/core/networkgroups/IPConnectionCriteria.java
+++ b/opends/src/server/org/opends/server/core/networkgroups/IPConnectionCriteria.java
@@ -23,7 +23,7 @@
*
*
* Copyright 2009 Sun Microsystems, Inc.
- * Portions copyright 2011 ForgeRock AS.
+ * Portions copyright 2011-2013 ForgeRock AS.
*/
package org.opends.server.core.networkgroups;
@@ -46,11 +46,11 @@
final class IPConnectionCriteria implements ConnectionCriteria
{
- // The list of allowed client address masks.
- private final AddressMask[] allowedClients;
+ /** The collection of allowed client address masks. */
+ private final Collection<AddressMask> allowedClients;
- // The list of denied client address masks.
- private final AddressMask[] deniedClients;
+ /** The collection of denied client address masks. */
+ private final Collection<AddressMask> deniedClients;
@@ -66,8 +66,8 @@
public IPConnectionCriteria(Collection<AddressMask> allowedClients,
Collection<AddressMask> deniedClients)
{
- this.allowedClients = allowedClients.toArray(new AddressMask[0]);
- this.deniedClients = deniedClients.toArray(new AddressMask[0]);
+ this.allowedClients = allowedClients;
+ this.deniedClients = deniedClients;
}
@@ -79,20 +79,16 @@
{
InetAddress ipAddr = connection.getRemoteAddress();
- if (deniedClients.length > 0)
+ if (!deniedClients.isEmpty()
+ && AddressMask.maskListContains(ipAddr, deniedClients))
{
- if (AddressMask.maskListContains(ipAddr, deniedClients))
- {
- return false;
- }
+ return false;
}
- if (allowedClients.length > 0)
+ if (!allowedClients.isEmpty()
+ && !AddressMask.maskListContains(ipAddr, allowedClients))
{
- if (!AddressMask.maskListContains(ipAddr, allowedClients))
- {
- return false;
- }
+ return false;
}
return true;
diff --git a/opends/src/server/org/opends/server/loggers/AbstractTextAccessLogPublisher.java b/opends/src/server/org/opends/server/loggers/AbstractTextAccessLogPublisher.java
index ad856b5..0ff5563 100644
--- a/opends/src/server/org/opends/server/loggers/AbstractTextAccessLogPublisher.java
+++ b/opends/src/server/org/opends/server/loggers/AbstractTextAccessLogPublisher.java
@@ -22,7 +22,7 @@
* CDDL HEADER END
*
*
- * Copyright 2011 ForgeRock AS
+ * Copyright 2011-2013 ForgeRock AS
*/
package org.opends.server.loggers;
@@ -35,6 +35,7 @@
import java.net.InetAddress;
import java.util.ArrayList;
+import java.util.Collection;
import java.util.EnumSet;
import java.util.List;
@@ -76,8 +77,8 @@
private final boolean logConnectRecords;
private final boolean logDisconnectRecords;
private final EnumSet<OperationType> logOperationRecords;
- private final AddressMask[] clientAddressEqualTo;
- private final AddressMask[] clientAddressNotEqualTo;
+ private final Collection<AddressMask> clientAddressEqualTo;
+ private final Collection<AddressMask> clientAddressNotEqualTo;
private final int[] clientPorts;
private final String[] clientProtocols;
private final PatternDN[] userDNEqualTo;
@@ -179,10 +180,8 @@
clientProtocols[i++] = toLowerCase(protocol);
}
- clientAddressEqualTo = cfg.getConnectionClientAddressEqualTo().toArray(
- new AddressMask[0]);
- clientAddressNotEqualTo = cfg.getConnectionClientAddressNotEqualTo()
- .toArray(new AddressMask[0]);
+ clientAddressEqualTo = cfg.getConnectionClientAddressEqualTo();
+ clientAddressNotEqualTo = cfg.getConnectionClientAddressNotEqualTo();
userDNEqualTo = new PatternDN[cfg.getUserDNEqualTo().size()];
i = 0;
@@ -402,19 +401,15 @@
// Check client address.
final InetAddress ipAddr = connection.getRemoteAddress();
- if (clientAddressNotEqualTo.length > 0)
+ if (!clientAddressNotEqualTo.isEmpty()
+ && AddressMask.maskListContains(ipAddr, clientAddressNotEqualTo))
{
- if (AddressMask.maskListContains(ipAddr, clientAddressNotEqualTo))
- {
- return false;
- }
+ return false;
}
- if (clientAddressEqualTo.length > 0)
+ if (!clientAddressEqualTo.isEmpty()
+ && !AddressMask.maskListContains(ipAddr, clientAddressEqualTo))
{
- if (!AddressMask.maskListContains(ipAddr, clientAddressEqualTo))
- {
- return false;
- }
+ return false;
}
return true;
diff --git a/opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java b/opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java
index bb65828..62ce09b 100644
--- a/opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java
+++ b/opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java
@@ -171,12 +171,12 @@
private boolean enabled;
/** The set of clients that are explicitly allowed access to the server. */
- private AddressMask[] allowedClients;
+ private Collection<AddressMask> allowedClients;
/**
* The set of clients that have been explicitly denied access to the server.
*/
- private AddressMask[] deniedClients;
+ private Collection<AddressMask> deniedClients;
/**
* The index to the request handler that will be used for the next connection
@@ -348,8 +348,8 @@
// Apply the changes.
currentConfig = config;
enabled = config.isEnabled();
- allowedClients = config.getAllowedClient().toArray(new AddressMask[0]);
- deniedClients = config.getDeniedClient().toArray(new AddressMask[0]);
+ allowedClients = config.getAllowedClient();
+ deniedClients = config.getDeniedClient();
// Reconfigure SSL if needed.
protocol = config.isUseSSL() ? "LDAPS" : "LDAP";
@@ -712,8 +712,8 @@
currentConfig = config;
enabled = config.isEnabled();
requestHandlerIndex = 0;
- allowedClients = config.getAllowedClient().toArray(new AddressMask[0]);
- deniedClients = config.getDeniedClient().toArray(new AddressMask[0]);
+ allowedClients = config.getAllowedClient();
+ deniedClients = config.getDeniedClient();
// Configure SSL if needed.
protocol = config.isUseSSL() ? "LDAPS" : "LDAP";
@@ -1251,7 +1251,7 @@
InetAddress clientAddr = clientConnection.getRemoteAddress();
// Check to see if the client is on the denied list.
// If so, then reject it immediately.
- if ((deniedClients.length > 0)
+ if ((!deniedClients.isEmpty())
&& AddressMask.maskListContains(clientAddr, deniedClients))
{
clientConnection.disconnect(
@@ -1265,7 +1265,7 @@
// Check to see if there is an allowed list and if
// there is whether the client is on that list. If
// not, then reject the connection.
- if ((allowedClients.length > 0)
+ if ((!allowedClients.isEmpty())
&& (!AddressMask.maskListContains(clientAddr, allowedClients)))
{
clientConnection.disconnect(
diff --git a/opends/src/server/org/opends/server/types/AddressMask.java b/opends/src/server/org/opends/server/types/AddressMask.java
index 4739b94..75c2403 100644
--- a/opends/src/server/org/opends/server/types/AddressMask.java
+++ b/opends/src/server/org/opends/server/types/AddressMask.java
@@ -23,7 +23,7 @@
*
*
* Copyright 2006-2009 Sun Microsystems, Inc.
- * Portions copyright 2011 ForgeRock AS.
+ * Portions copyright 2011-2013 ForgeRock AS
*/
package org.opends.server.types;
import org.opends.messages.Message;
@@ -31,6 +31,7 @@
import org.opends.server.config.ConfigException;
import static org.opends.messages.ProtocolMessages.*;
import java.util.BitSet;
+import java.util.Collection;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.UnknownHostException;
@@ -381,17 +382,17 @@
/**
* Indicates whether provided address matches one of the address masks in
- * the provided array.
+ * the provided collection.
*
* @param address
* The address to check.
* @param masks
- * An array of address masks to check.
+ * A collection of address masks to check.
* @return <CODE>true</CODE> if the provided address matches one of the
* given address masks, or <CODE>false</CODE> if it does not.
*/
public static boolean maskListContains(InetAddress address,
- AddressMask[] masks)
+ Collection<AddressMask> masks)
{
for (AddressMask mask : masks)
{
diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/types/TestAddressMask.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/types/TestAddressMask.java
index 8ba667e..b23b53f 100644
--- a/opends/tests/unit-tests-testng/src/server/org/opends/server/types/TestAddressMask.java
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/types/TestAddressMask.java
@@ -23,7 +23,7 @@
*
*
* Copyright 2006-2008 Sun Microsystems, Inc.
- * Portions copyright 2011 ForgeRock AS.
+ * Portions copyright 2011-2013 ForgeRock AS
*/
package org.opends.server.types;
@@ -33,7 +33,8 @@
import static org.testng.Assert.*;
import java.net.InetAddress;
-import java.net.UnknownHostException;
+import java.util.ArrayList;
+import java.util.Collection;
public class TestAddressMask extends TypesTestCase {
@@ -206,49 +207,43 @@
};
}
- @Test(dataProvider = "matchRules")
- public void testMatch(String[] rules, String[] addrs, String[]hostNames) {
- boolean ret;
- ret=match(rules,addrs,hostNames);
- assertTrue(ret);
- }
+ @Test(dataProvider = "matchRules")
+ public void testMatch(String[] rules, String[] addrs, String[] hostNames)
+ throws Exception
+ {
+ assertTrue(match(rules, addrs, hostNames));
+ }
- @Test(dataProvider = "matchWCRules")
- public void testWildCardMatch(String[] rules, String[] addrs,
- String[]hostNames) {
- boolean ret;
- ret=match(rules,addrs,hostNames);
- assertTrue(ret);
- }
+ @Test(dataProvider = "matchWCRules")
+ public void testWildCardMatch(String[] rules, String[] addrs,
+ String[] hostNames) throws Exception
+ {
+ assertTrue(match(rules, addrs, hostNames));
+ }
- @Test(dataProvider = "noMatchRules")
- public void testNoMatch(String[] rules, String[] addrs,
- String[] hostNames) {
- boolean ret;
- ret=match(rules,addrs,hostNames);
- assertFalse(ret);
- }
+ @Test(dataProvider = "noMatchRules")
+ public void testNoMatch(String[] rules, String[] addrs, String[] hostNames)
+ throws Exception
+ {
+ assertFalse(match(rules, addrs, hostNames));
+ }
- @Test(dataProvider="toStringRule")
- public void testToString(String rule) {
- try {
- AddressMask m = AddressMask.decode(rule);
- assertEquals(rule, m.toString());
- } catch (ConfigException ce) {
- throw new RuntimeException(
- "Invalid mask <" + rule +
- "> all data should be valid for this test");
- }
- }
+ @Test(dataProvider = "toStringRule")
+ public void testToString(String rule) throws Exception
+ {
+ AddressMask m = AddressMask.decode(rule);
+ assertEquals(rule, m.toString());
+ }
- private boolean match(String[] rules, String[] addrs, String[]hostNames) {
- boolean ret=true;
+ private boolean match(String[] rules, String[] addrs, String[] hostNames)
+ throws Exception
+ {
int i=0;
- AddressMask[] m = new AddressMask[rules.length];
+ Collection<AddressMask> m = new ArrayList<AddressMask>(rules.length);
try {
for (i = 0; i < rules.length; i++) {
- m[i] = AddressMask.decode(rules[i]);
+ m.add(AddressMask.decode(rules[i]));
}
} catch (ConfigException ce) {
throw new RuntimeException(
@@ -256,18 +251,15 @@
"> all data must be valid for this test");
}
for(int j = 0; j < addrs.length; j++) {
- try {
- InetAddress addr = InetAddress.getByAddress(hostNames[j], InetAddress
- .getByName(addrs[j]).getAddress());
- if(!AddressMask.maskListContains(addr, m)) {
- ret=false;
- break;
- }
- } catch (UnknownHostException ex) {
- ret=false;
+ InetAddress addr =
+ InetAddress.getByAddress(hostNames[j], InetAddress
+ .getByName(addrs[j]).getAddress());
+ if (!AddressMask.maskListContains(addr, m))
+ {
+ return false;
}
}
- return ret;
+ return true;
}
/*
@@ -286,7 +278,7 @@
{"0:0:0:0:0:0:101.45.75.700"},
{"1080::8:800:200C:417A/500"},
{"1080::8:800:*:417A/66"},
- {"2001:fecd:ba23:cd1ff:dcb1:1010:202.45.66.20"},
+ {"2001:fecd:ba23:cd1ff:dcb1:1010:202.45.66.20"},
};
}
@@ -358,9 +350,9 @@
}
@Test(dataProvider = "match6Rules")
- public void testMatch6(String[] rules, String[] addrs, String[]hostNames) {
- boolean ret;
- ret=match(rules,addrs,hostNames);
- assertTrue(ret);
+ public void testMatch6(String[] rules, String[] addrs, String[] hostNames)
+ throws Exception
+ {
+ assertTrue(match(rules, addrs, hostNames));
}
}
--
Gitblit v1.10.0