Author: kkolinko
Date: Mon Nov 7 04:42:42 2011
New Revision: 1198622
URL: http://svn.apache.org/viewvc?rev=1198622&view=rev
Log:
RequestFilterValve (RemoteAddrValve, RemoteHostValve):
- Refactor process() method separating value testing logic into a new method,
isAllowed(String)
- Expose isAllowValid, isDenyValid properties and the new isAllowed(String)
method through JXM
Modified:
tomcat/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
tomcat/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml
Modified: tomcat/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/RequestFilterValve.java?rev=1198622&r1=1198621&r2=1198622&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/valves/RequestFilterValve.java Mon
Nov 7 04:42:42 2011
@@ -181,6 +181,26 @@ public abstract class RequestFilterValve
}
+ /**
+ * Returns {@code false} if the last change to the {@code allow} pattern
did
+ * not apply successfully. E.g. if the pattern is syntactically
+ * invalid.
+ */
+ public final boolean isAllowValid() {
+ return allowValid;
+ }
+
+
+ /**
+ * Returns {@code false} if the last change to the {@code deny} pattern did
+ * not apply successfully. E.g. if the pattern is syntactically
+ * invalid.
+ */
+ public final boolean isDenyValid() {
+ return denyValid;
+ }
+
+
// --------------------------------------------------------- Public Methods
/**
@@ -234,34 +254,49 @@ public abstract class RequestFilterValve
* @exception IOException if an input/output error occurs
* @exception ServletException if a servlet error occurs
*/
- protected void process(String property,
- Request request, Response response)
- throws IOException, ServletException {
+ protected void process(String property, Request request, Response response)
+ throws IOException, ServletException {
+ if (isAllowed(property)) {
+ getNext().invoke(request, response);
+ return;
+ }
+
+ // Deny this request
+ response.sendError(HttpServletResponse.SC_FORBIDDEN);
+
+ }
+
+ /**
+ * Perform the test implemented by this Valve, matching against the
+ * specified request property value. This method is public so that it can
be
+ * called through JMX, e.g. to test whether certain IP address is allowed
or
+ * denied by the valve configuration.
+ *
+ * @param property
+ * The request property value on which to filter
+ */
+ public boolean isAllowed(String property) {
// Use local copies for thread safety
Pattern deny = this.deny;
Pattern allow = this.allow;
// Check the deny patterns, if any
if (deny != null && deny.matcher(property).matches()) {
- response.sendError(HttpServletResponse.SC_FORBIDDEN);
- return;
+ return false;
}
// Check the allow patterns, if any
if (allow != null && allow.matcher(property).matches()) {
- getNext().invoke(request, response);
- return;
+ return true;
}
// Allow if denies specified but not allows
if (deny != null && allow == null) {
- getNext().invoke(request, response);
- return;
+ return true;
}
// Deny this request
- response.sendError(HttpServletResponse.SC_FORBIDDEN);
-
+ return false;
}
}
Modified: tomcat/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml?rev=1198622&r1=1198621&r2=1198622&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml
(original)
+++ tomcat/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml Mon Nov
7 04:42:42 2011
@@ -316,6 +316,12 @@
description="The allow expression"
type="java.lang.String"/>
+ <attribute name="allowValid"
+ description="Becomes false if assigned value of allow
expression is not syntactically correct"
+ is="true"
+ type="boolean"
+ writeable="false"/>
+
<attribute name="asyncSupported"
description="Does this valve support async reporting."
is="true"
@@ -330,11 +336,25 @@
description="The deny expression"
type="java.lang.String"/>
+ <attribute name="denyValid"
+ description="Becomes false if assigned value of deny expression
is not syntactically correct"
+ is="true"
+ type="boolean"
+ writeable="false"/>
+
<attribute name="stateName"
description="The name of the LifecycleState that this component
is currently in"
type="java.lang.String"
writeable="false"/>
+ <operation name="isAllowed"
+ description="Tests whether a client with this IP address value
is allowed access by the current valve configuration"
+ impact="INFO"
+ returnType="boolean">
+ <parameter name="ipAddress"
+ description="IP address to be tested"
+ type="java.lang.String"/>
+ </operation>
</mbean>
<mbean name="RemoteHostValve"
@@ -347,6 +367,12 @@
description="The allow expression"
type="java.lang.String"/>
+ <attribute name="allowValid"
+ description="Becomes false if assigned value of allow
expression is not syntactically correct"
+ is="true"
+ type="boolean"
+ writeable="false"/>
+
<attribute name="asyncSupported"
description="Does this valve support async reporting."
is="true"
@@ -361,11 +387,25 @@
description="The deny expression"
type="java.lang.String"/>
+ <attribute name="denyValid"
+ description="Becomes false if assigned value of deny expression
is not syntactically correct"
+ is="true"
+ type="boolean"
+ writeable="false"/>
+
<attribute name="stateName"
description="The name of the LifecycleState that this component
is currently in"
type="java.lang.String"
writeable="false"/>
+ <operation name="isAllowed"
+ description="Tests whether a client with this host name is
allowed access by the current valve configuration"
+ impact="INFO"
+ returnType="boolean">
+ <parameter name="hostName"
+ description="host name to be tested"
+ type="java.lang.String"/>
+ </operation>
</mbean>
<mbean name="RemoteIpValve"
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
