Author: rjung
Date: Sat Dec 6 10:29:23 2014
New Revision: 1643515
URL: http://svn.apache.org/r1643515
Log:
Add optional use of connector port in allow
and deny expressions for RemoteAddrValve
and RemoteHostValve.
Allow RemoteAddreValve and RemoteHostValve to
trigger authentication instead of denying a
request with a status code.
Backports of r1642564, r1642595 and r1642606 from trunk
resp. r1643513 from tc8
(using request.SetContext() - deprecated in TC 8 -
instead of assigning to request.getMappingData().context
in TestRequestFilterValve).
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RemoteHostValve.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml
tomcat/tc7.0.x/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Dec 6 10:29:23 2014
@@ -1,2 +1,2 @@
-/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511
-/tomcat/trunk:1156115-1157160,1157162-1157859,1157862-1157942,1157945-1160347,1160349-1163716,1163718-1166689,1166691-1174340,1174342-1175596,1175598-1175611,1175613-1175932,1175934-1177783,1177785-1177980,1178006-1180720,1180722-1183094,1183096-1187753,1187755,1187775,1187801,1187806,1187809,1187826-1188312,1188314-1188401,1188646-1188840,1188842-1190176,1190178-1195223,1195225-1195953,1195955,1195957-1201238,1201240-1203345,1203347-1206623,1206625-1208046,1208073,1208096,1208114,1208145,1208772,1209194-1212125,1212127-1220291,1220293,1220295-1221321,1221323-1222329,1222332-1222401,1222405-1222795,1222850-1222950,1222969-1225326,1225328-1225463,1225465,1225627,1225629-1226534,1226536-1228908,1228911-1228923,1228927-1229532,1229534-1230766,1230768-1231625,1231627-1233414,1233419-1235207,1235209-1237425,1237427,1237429-1237977,1237981,1237985,1237995,1238070,1238073,1239024-1239048,1239050-1239062,1239135,1239256,1239258-1239485,1239785-1240046,1240101,1240106,1240109,1240112,1240114
,1240116,1240118,1240121,1240329,1240474-1240850,1240857,1241087,1241160,1241408-1241822,1241908-1241909,1241912-1242110,1242371-1292130,1292134-1292458,1292464-1292670,1292672-1292776,1292780-1293392,1293397-1297017,1297019-1297963,1297965-1299820,1300108,1300111-1300460,1300520-1300948,1300997,1301006,1301280,1302332,1302348,1302608-1302610,1302649,1302837,1303138,1303163,1303338,1303521,1303587,1303698,1303803,1303852,1304011,1304035,1304037,1304135,1304249,1304253,1304260,1304271,1304275,1304468,1304895,1304930-1304932,1305194,1305943,1305965,1306556,1306579-1306580,1307084,1307310,1307511-1307512,1307579,1307591,1307597,1310636,1310639-1310640,1310642,1310701,1311212,1311995,1327617,1327670,1331766,1333161,1333173,1333827,1334787,1335026,1335257,1335547,1335692,1335711,1335731,1336515,1336813,1336864,1336868,1336884,1337419,1337426,1337546,1337572,1337591-1337595,1337643,1337707,1337719,1337734,1337741,1337745,1338151-1338154,1338178,1342027,1342029,1342315,1342320,1342476,1342
498,1342503,1342717,1342795,1342805,1343044-1343046,1343335,1343394,1343400,1343629,1343708,1343718,1343895,1344063,1344068,1344250,1344266,1344515,1344528,1344612,1344629,1344725,1344868,1344890,1344893,1344896,1344901,1345020,1345029,1345039,1345287-1345290,1345294,1345309,1345325,1345357,1345367,1345579-1345580,1345582,1345688,1345699,1345704,1345731-1345732,1345737,1345744,1345752,1345754,1345779,1345781,1345846,1346107,1346365,1346376,1346404,1346510,1346514,1346519,1346581,1346635,1346644,1346683,1346794,1346885,1346932,1347034,1347047,1347087,1347108-1347109,1347583,1347737,1348105,1348357,1348398,1348425,1348461-1348495,1348498,1348752,1348762,1348772,1348776,1348859,1348968,1348973,1348989,1349007,1349237,1349298,1349317,1349410,1349473,1349539,1349879,1349887,1349893,1349922,1349984,1350124,1350241,1350243,1350294-1350295,1350299,1350864,1350900,1351010,1351054,1351056,1351068,1351134-1351135,1351148,1351259,1351604,1351636-1351640,1351991,1351993,1352011,1352056,1352059,1
352661,1352663,1352788,1352799,1353087,1353125,1353240,1353261,1353414,1353468,1353501,1353581,1353708,1354137,1354170,1354197,1354255,1354362,1354375,1354469,1354664,1354685,1354817,1354847,1354856,1355726,1355810,1356006-1356007,1356014,1356045,1356125,1356422,1356505,1356898,1357042,1357401,1357407,1358586,1358590,1358612-1358613,1359102,1359340,1359981,1360059,1360455,1360460,1360838,1360847,1360892,1360942,1361263,1361430,1361754-1361755,1361762,1361769,1361772,1361962,1361982,1361985,1361991,1364141,1364149,1364411-1364412,1364448,1366708,1366720,1366729,1366734,1366910,1366945,1366953,1366959,1367214,1370346,1370364,1370373,1370386,1370473,1370537,1370549,1370553,1370879,1370916,1370958,1370960,1370973,1371017,1371283,1371336,1371620,1371812,1371823,1371896,1371976,1371978,1371995,1371999,1372131,1372152,1372156,1372390,1373003,1373080,1373142,1373488,1373578,1373618,1373622,1373666,1373985,1373987,1373990,1373993,1374000,1374019,1374086,1374823,1376994,1377078,1377292,137731
1,1377342,1377433,1377444,1377516,1377518-1377519,1377532,1377535,1377544,1377689,1377785,1377794,1377811,1377824,1377827,1377831,1377852-1377853,1377887,1377900,1378322,1378361,1378394,1378699,1378715,1378818,1378868,1378918,1379047,1379090,1379178,1379206,1379213,1379418,1379580,1379590,1379639,1379647,1379649,1379665,1379733,1379735,1380066,1380073,1380075,1380376,1380635,1380637,1380838,1381411,1381623,1382314,1382343,1382366,1382515,1382832,1382842,1384051,1384055,1384063,1384068-1384069,1385336,1387937,1388709,1388890,1390882,1392098,1392619,1393071,1393115,1396615,1396723,1397086,1397464,1397466,1397472,1397482,1397484,1397839,1397868,1397944,1397950,1397953,1397957,1397960,1397962,1397964,1397969,1397971-1397974,1397976-1397980,1397985,1397988-1397989,1398089,1398107,1398109-1398110,1398112,1399022,1401472,1401792,1401808,1401814,1402113,1402122,1402345,1402348,1402350,1402428,1402573,1402576,1402600-1402601,1402622,1402643,1402683,1402837,1402855,1403099,1403468,1404374,140
4658,1404704,1404773,1404917-1404918,1405133,1405168,1405321,1405353,1405357,1405364,1405397,1405399-1405400,1405415,1405435,1405676,1405681,1406456,1406481,1406526,1407595,1407619,1408043,1408148,1408154,1408156,1408159,1408163-1408165,1408248,1408438,1408504,1408513-1408517,1408562-1408565,1408714,1408721,1408739,1408750,1408774,1408792,1408872-1408876,1408906,1408934,1409007,1409030,1410466,1410545,1410609,1410611,1410632,1410714,1410742,1410763-1410764,1410766,1411585,1411993,1412575,1413552,1413556,1413562,1414053,1414113,1414215,1414889,1415177-1415179,1415186,1416458,1416481,1416501,1416529,1416534-1416535,1416658,1417201,1417224,1417282,1417347-1417348,1417353,1417363,1417365,1417370-1417372,1417463,1417465,1417467,1417469,1417476,1424894,1425502,1425564,1425628,1426662,1427013,1427757,1427784,1427804,1427846,1428010,1428079,1428283,1428355,1428403,1428643,1428869,1428959,1428993,1429123,1429153,1429167,1429173,1429179-1429180,1429182,1429356,1429687,1429745,1429784,1429836,
1429863,1429946,1429969,1430079,1430147,1430165,1430445,1430448,1430481,1430487,1430508,1430550,1430567,1430771,1430773,1430775,1430791,1430799,1430806,1430809,1430921,1431164,1431171,1431206,1431221,1431293,1431298,1431302,1431308,1431310,1431320,1431661,1431920,1431990,1432517,1432867,1433976,1434403,1434428,1434438,1434447,1434456,1434463,1434500,1434598,1434660,1434685,1434725,1434757,1434882,1435126,1435505,1435509,1435600,1435606,1435636,1435642,1435759-1435760,1435765,1435767,1437317,1437337,1437505,1437637,1437649,1437743,1437891,1437897,1437903,1438411,1438463,1439054,1439334,1439434,1439442,1439445,1439667,1440095,1440622,1440911,1441342,1441348,1441403,1441416,1441428,1441807,1441895,1441916,1441920,1443350,1443405,1443427,1445111,1445125,1445190,1445208,1445212,1445328,1445337,1445520,1446108,1446137,1446357,1446612,1446640,1446650,1447012,1447178,1447791,1447817-1447818,1448117,1448121,1448125,1448826,1449225,1449406,1450990,1451053,1451061,1451105,1451408,1451434,14517
69,1451938-1451939,1451947,1451955-1451956,1452295,1452501,1452707,1452719,1452721,1452752,1453105,1453112,1453435,1453439,1453490,1453544,1453549,1453621,1454828,1454832,1454953,1455344,1455854,1455973,1456083,1456440,1456453,1456491,1456494,1456657,1456666,1456678,1456706,1456713,1456716,1456721,1456740,1456762,1456766,1456822,1456844,1456863,1456872,1456882,1456885,1456895,1456899,1456904,1456916,1456920,1456926,1456932,1456959,1456963,1456970,1457299,1457301,1457362,1457382,1457402,1457452,1457748,1457968,1458187,1458192,1458200,1458221,1458562,1458564-1458565,1458694,1458726,1458738-1458739,1459010,1459028,1459031,1459061,1459074-1459075,1459085,1459218,1459223,1459289,1459389,1459523-1459524,1459673,1459681,1459761,1459769,1459933,1460107,1460115,1460234,1460313,1460330,1460342,1460533,1460633,1460679,1460873,1461026,1461110,1461341,1461349,1461849,1464781,1465795,1465807,1466051,1466072,1466106,1467091,1468415,1470400,1470435,1470765,1471371,1471632,1475750,1475791,1475900,14
75930,1475968,1476761,1476805,1476815,1476972,1477051,1479175,1479179,1479248,1479482,1479951,1481164,1481835,1482115,1482288,1482309,1482311,1482313,1482321,1482591,1482720,1482723,1482799,1482835,1482854,1483104,1483229,1483288,1483360-1483361,1483390,1483552,1483554,1483679,1483743-1483744,1483786-1483787,1483816-1483817,1483949,1484253,1484592,1484780,1484786,1484861-1484862,1484959,1485114,1485489,1485495,1485611,1485847,1485862,1486062,1486134,1486217,1486294,1486443,1486834,1486861,1486875,1486890,1486939,1487862,1487882,1488151,1488793,1489170,1489195-1489196,1489201,1489385,1489390,1489405,1489437,1489536,1489546,1489610,1489633,1489648,1489738,1489812,1489886,1491485,1491596,1491709,1491841,1491890,1491940,1491942,1492307,1492336,1492343,1492358,1492555,1492570,1493011,1493013-1493014,1493071,1493113,1493740,1493801,1493910,1494044,1494048,1494051,1494056,1494143,1495015,1495043,1495154,1495197,1495880,1495886,1496061,1496732,1496734,1497474,1497538,1497754,1498340,1498363
,1498368,1498409,1498475,1498482,1498498,1498669,1498698,1498808,1499371,1499388,1499513,1499953,1500003,1500062,1500371,1500380,1500577,1500590,1500663,1501176,1501266,1501719,1501738,1501823,1501910,1501927,1501929,1502254,1502349,1503851,1505843,1505929,1506053,1507013,1507052,1507096,1507870,1507872,1508196,1508259,1508346,1509128,1509151,1509156,1509161,1509806,1510246,1510271,1510488,1511212,1511217,1511434,1512034,1513148-1513149,1513665,1514281,1514291,1514305,1514368,1514470,1514485-1514486,1515841,1515926,1516113,1516295,1516419,1516710,1516953,1517536,1517898,1517941,1517970,1517980,1518189,1518210,1518328,1518381,1518536,1518540,1518578,1518581,1518589,1519611,1519623,1519627,1520273,1520349,1520632,1520655,1521023,1521025,1521027,1521030,1521032,1521034,1521040,1521043,1521049-1521050,1521059-1521061,1521073,1521075,1521271,1521276,1521444,1521687,1521829,1521831,1521834-1521835,1521837,1521839-1521840,1522016,1523555,1523646-1523647,1523674,1523781,1523788,1523830,1523
955,1523958,1523964,1523982,1524078,1524558,1524652,1524657,1524668,1524683,1524687,1524707,1524719,1524727,1524761,1524978,1524984,1525593,1525696,1526043,1526052,1527480,1527493,1527727-1527728,1527730-1527733,1528060,1528166,1528169,1528171-1528172,1528248,1528369,1528383,1528407,1528424,1528855,1529149,1529181,1529317,1529546,1529549,1529787,1530057,1530081,1530103,1530213,1530296,1530298,1530325,1530342,1530348,1530353,1530397,1530418,1530421,1530423,1530426,1530445,1530574,1530599,1530632,1530791,1530822,1530866,1530875,1530909,1530989,1531087,1531099,1531130,1531138,1531156,1531161,1531271,1531312,1531600,1532036,1532269,1532286,1532373,1532437,1532445,1532498-1532501,1532506,1532544,1532622,1532627,1532718-1532722,1532765-1532766,1533048-1533049,1533117,1533312,1533347,1533962,1533980,1534165,1534418,1534540,1534543-1534544,1534612,1534616,1534619,1534727,1534744,1534846,1536298,1536337,1536520,1536624,1536632,1536735,1536834,1536848,1536850,1536852,1537041,1537057,1537073,1
537404,1537835,1538533,1538781,1538798,1538921,1538923-1538924,1539133,1539157,1539173,1539445,1539452,1539702,1539716,1539887,1539953,1540374,1540383-1540386,1540396-1540398,1540400-1540413,1540539,1540641,1540647,1540670,1540687,1540765,1540807,1542267,1542339,1542769,1542841,1542845,1542856,1543383,1543753,1543772,1543815-1543817,1543897,1543943,1543948,1544072,1544075,1544082,1544165,1544208,1544210,1544453,1544455,1544460,1544472,1544589,1544593,1544606,1544679,1545075,1545078,1545082,1545213,1545215,1545261,1545284,1545288,1545377,1545416,1545471,1545480,1545558,1545619,1545665,1545750,1545799,1545814,1545832,1545847,1545863,1546172,1546372,1546382,1546631,1546656,1547032,1547760,1548169,1548182-1548183,1548185,1548498,1548695,1548961,1548966,1549522,1549525,1549528,1549909,1550387,1550541,1550743,1550920,1551298,1551300,1551323,1551481-1551482,1551953,1552042,1552071,1552080,1552287,1552804,1553126,1553608,1553650,1555163,1556725,1556783,1556788,1556807,1556823,1556836,155695
7,1557082,1557747,1557752,1558129,1558355,1558811,1559081,1559113,1559134,1559397,1559419,1559549-1559550,1559561-1559562,1559573,1559662,1559697,1559707,1559798,1560017,1560158,1560177,1560212-1560213,1560784,1560810,1560817,1560838,1560850,1560856,1560922,1560948,1561025,1561054-1561065,1561067-1561070,1561072-1561075,1561083,1561085,1561093-1561094,1561098,1561101,1561104,1561106,1561114-1561116,1561121-1561123,1561126-1561128,1561131-1561133,1561135-1561136,1561138,1561140,1561143-1561146,1561148-1561157,1561160-1561162,1561164-1561176,1561178-1561182,1561185-1561188,1561190-1561192,1561195,1561623,1561635,1561640,1561732,1562411,1562458,1562581,1562597,1562742,1562746,1563206,1563989,1564299,1564309,1564312,1564398,1564414,1564461,1564742-1564746,1565300-1565416,1565451,1565788,1566693,1566699,1567144,1567382,1567404,1567429,1567580,1567634,1567993,1568768,1568779-1568780,1568803,1568828,1568921,1568926,1568936,1569398,1569459,1569735,1569755,1570114,1570120,1570176,1570547,157
0601,1570629,1570713,1571196,1571725,1572574,1574004,1574479,1574923,1574936,1574943,1575012,1575262,1575545,1575885,1575910,1576104,1576271,1576288,1576628,1576722,1576768,1576810,1576908,1576923,1577182,1577195,1577315,1577324,1577463,1577544,1577557,1577565,1577581,1577714,1577873,1577944,1578309,1578329,1578337,1578610-1578611,1578636,1578810,1578812-1578813,1578817,1579174,1579214-1579215,1579626,1580030,1580080,1580194,1580514,1580598,1580658,1580821,1580849,1580869,1581061,1581529,1582009,1582453,1584915,1584922,1586644,1586658,1586890,1586894,1586951,1586959,1586961,1587272,1587378-1587379,1587723,1587859,1587865,1587870,1587886,1588102,1588193,1588197,1588269,1588462,1589035,1589039,1589043,1589100,1589102,1589165-1589166,1589170,1589523,1589630,1589633,1589668,1589698,1589726,1589737-1589738,1589763,1589837,1589842,1589967,1589980,1590018,1590060,1590076,1590120,1590128,1590283,1590300,1590302,1590322,1590329,1590339,1590345,1590377,1590402,1590422,1590438,1590451,1590461,
1590471,1590474,1590479,1590604,1590635,1590638,1590646,1590648,1590801,1590835,1590842,1590911,1593132,1593189,1593200,1593259,1593261,1593284,1593335,1593356,1593387,1593421,1593506,1593621,1593697,1593773,1593800,1593834,1593877,1593940,1593994,1594229,1594393,1594436,1594730,1594924,1595171,1595230,1595285,1595289,1595331,1595365,1595690,1595887,1595898,1596081,1596141,1596189,1596275,1596390,1597532,1597541,1597572-1597573,1597652,1597753-1597755,1597759,1597855,1598153,1598242,1598248,1598266-1598267,1598304,1598307,1598310-1598311,1598313,1599393,1599395,1599460,1599479,1599500,1599558,1599738-1599739,1600109,1600162,1600408,1600449,1600495,1600501,1600579-1600580,1600743,1600833,1600839,1600862,1600899,1600955,1600963,1600965,1600978,1600984,1601329-1601330,1601332,1601785,1601796,1601850,1601855,1601886,1601977,1602046,1602189,1602198,1602452,1602521,1602583,1602694,1602831,1602842,1602844,1602851,1602858,1602865,1602956,1603591,1603621,1603770,1603775,1603779,1603783,16039
47,1604024,1604165,1604484-1604496,1604605,1604661,1604768,1604776,1604781,1604788,1604810,1604818,1604822,1605054,1605061,1605066,1605402,1605417,1605454,1605528,1605821,1605823,1605890-1605891,1606072,1606103,1606114,1606653,1607592,1607675,1607740,1607930-1607931,1607934,1608301,1608428,1608443,1608481,1608645,1608963,1609061,1609175,1609334,1609593,1609920,1611506,1614163,1614169,1614179,1614197,1615710,1615724,1615876,1615911,1615947,1616441,1616452,1616458,1617362,1617365,1617383,1617445,1617456,1617461,1617469-1617470,1618112,1618169,1618565,1618688,1618704,1618830,1618832-1618835,1619056,1619106,1619114,1619361-1619362,1619583,1619585,1619738,1619742,1620743,1620915,1620917,1621698,1621725-1621727,1621729,1621731,1621929,1621975,1622163,1622187,1622228,1622233,1622251,1622259,1622263,1622297,1622312,1622342,1622470,1622713,1623236,1623384,1623392,1623685,1623693,1623695,1623779,1624110,1624112,1624115-1624116,1624119,1624122,1624124,1624126,1624129-1624130,1624132-1624133,16
24135,1624139,1624142-1624143,1624147,1624150,1624152,1624155-1624157,1624162-1624165,1624220,1624233,1624235,1624246-1624247,1624252,1624254,1624396,1624408,1624422,1624476,1624486-1624487,1624497-1624498,1624542,1624563-1624565,1624568-1624569,1624571,1624573,1624580,1624583,1624586,1624588,1624592,1624598,1624605,1624614,1624636,1624642,1624645,1624647-1624648,1624655,1624657,1624679,1624959,1624984,1625501,1625504,1625563,1625599,1625842,1625854,1626579,1626741,1626747-1626748,1626764-1626765,1626779,1626893,1626905,1626991,1627033,1627296,1627323,1627370,1627525,1627531,1627569,1627629,1628517,1628524,1628541,1628984,1629293,1630088,1630094,1630110,1630216,1630407,1631347,1631381,1631568,1631628,1631717,1631730,1631817-1631818,1631839,1631852,1631987,1631992-1631993,1632251,1632290,1632307,1632411,1632423-1632425,1632512,1632523,1632584,1632600-1632601,1632604,1632965,1632975,1632988,1633128,1633342,1633346,1633369,1633447-1633448,1633500,1633688,1633785,1633824-1633825,1633936
,1633974,1634229,1634250,1634257-1634258,1634260,1634312,1634326-1634327,1634329,1634690,1635215,1635301,1635308,1635310,1636524,1637331,1637684,1637695,1638720-1638725,1639653,1640088,1640275,1640322,1640347,1640361,1640365,1640652,1640655-1640658,1640688,1640700-1640883,1641000,1641058,1641064,1641374,1641634,1641656-1641692,1641722,1641735,1641981,1642554,1642668,1642679,1642697,1642699,1643002,1643121,1643206,1643209-1643210,1643216,1643270,1643283,1643309-1643310
+/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513
+/tomcat/trunk:1156115-1157160,1157162-1157859,1157862-1157942,1157945-1160347,1160349-1163716,1163718-1166689,1166691-1174340,1174342-1175596,1175598-1175611,1175613-1175932,1175934-1177783,1177785-1177980,1178006-1180720,1180722-1183094,1183096-1187753,1187755,1187775,1187801,1187806,1187809,1187826-1188312,1188314-1188401,1188646-1188840,1188842-1190176,1190178-1195223,1195225-1195953,1195955,1195957-1201238,1201240-1203345,1203347-1206623,1206625-1208046,1208073,1208096,1208114,1208145,1208772,1209194-1212125,1212127-1220291,1220293,1220295-1221321,1221323-1222329,1222332-1222401,1222405-1222795,1222850-1222950,1222969-1225326,1225328-1225463,1225465,1225627,1225629-1226534,1226536-1228908,1228911-1228923,1228927-1229532,1229534-1230766,1230768-1231625,1231627-1233414,1233419-1235207,1235209-1237425,1237427,1237429-1237977,1237981,1237985,1237995,1238070,1238073,1239024-1239048,1239050-1239062,1239135,1239256,1239258-1239485,1239785-1240046,1240101,1240106,1240109,1240112,1240114
,1240116,1240118,1240121,1240329,1240474-1240850,1240857,1241087,1241160,1241408-1241822,1241908-1241909,1241912-1242110,1242371-1292130,1292134-1292458,1292464-1292670,1292672-1292776,1292780-1293392,1293397-1297017,1297019-1297963,1297965-1299820,1300108,1300111-1300460,1300520-1300948,1300997,1301006,1301280,1302332,1302348,1302608-1302610,1302649,1302837,1303138,1303163,1303338,1303521,1303587,1303698,1303803,1303852,1304011,1304035,1304037,1304135,1304249,1304253,1304260,1304271,1304275,1304468,1304895,1304930-1304932,1305194,1305943,1305965,1306556,1306579-1306580,1307084,1307310,1307511-1307512,1307579,1307591,1307597,1310636,1310639-1310640,1310642,1310701,1311212,1311995,1327617,1327670,1331766,1333161,1333173,1333827,1334787,1335026,1335257,1335547,1335692,1335711,1335731,1336515,1336813,1336864,1336868,1336884,1337419,1337426,1337546,1337572,1337591-1337595,1337643,1337707,1337719,1337734,1337741,1337745,1338151-1338154,1338178,1342027,1342029,1342315,1342320,1342476,1342
498,1342503,1342717,1342795,1342805,1343044-1343046,1343335,1343394,1343400,1343629,1343708,1343718,1343895,1344063,1344068,1344250,1344266,1344515,1344528,1344612,1344629,1344725,1344868,1344890,1344893,1344896,1344901,1345020,1345029,1345039,1345287-1345290,1345294,1345309,1345325,1345357,1345367,1345579-1345580,1345582,1345688,1345699,1345704,1345731-1345732,1345737,1345744,1345752,1345754,1345779,1345781,1345846,1346107,1346365,1346376,1346404,1346510,1346514,1346519,1346581,1346635,1346644,1346683,1346794,1346885,1346932,1347034,1347047,1347087,1347108-1347109,1347583,1347737,1348105,1348357,1348398,1348425,1348461-1348495,1348498,1348752,1348762,1348772,1348776,1348859,1348968,1348973,1348989,1349007,1349237,1349298,1349317,1349410,1349473,1349539,1349879,1349887,1349893,1349922,1349984,1350124,1350241,1350243,1350294-1350295,1350299,1350864,1350900,1351010,1351054,1351056,1351068,1351134-1351135,1351148,1351259,1351604,1351636-1351640,1351991,1351993,1352011,1352056,1352059,1
352661,1352663,1352788,1352799,1353087,1353125,1353240,1353261,1353414,1353468,1353501,1353581,1353708,1354137,1354170,1354197,1354255,1354362,1354375,1354469,1354664,1354685,1354817,1354847,1354856,1355726,1355810,1356006-1356007,1356014,1356045,1356125,1356422,1356505,1356898,1357042,1357401,1357407,1358586,1358590,1358612-1358613,1359102,1359340,1359981,1360059,1360455,1360460,1360838,1360847,1360892,1360942,1361263,1361430,1361754-1361755,1361762,1361769,1361772,1361962,1361982,1361985,1361991,1364141,1364149,1364411-1364412,1364448,1366708,1366720,1366729,1366734,1366910,1366945,1366953,1366959,1367214,1370346,1370364,1370373,1370386,1370473,1370537,1370549,1370553,1370879,1370916,1370958,1370960,1370973,1371017,1371283,1371336,1371620,1371812,1371823,1371896,1371976,1371978,1371995,1371999,1372131,1372152,1372156,1372390,1373003,1373080,1373142,1373488,1373578,1373618,1373622,1373666,1373985,1373987,1373990,1373993,1374000,1374019,1374086,1374823,1376994,1377078,1377292,137731
1,1377342,1377433,1377444,1377516,1377518-1377519,1377532,1377535,1377544,1377689,1377785,1377794,1377811,1377824,1377827,1377831,1377852-1377853,1377887,1377900,1378322,1378361,1378394,1378699,1378715,1378818,1378868,1378918,1379047,1379090,1379178,1379206,1379213,1379418,1379580,1379590,1379639,1379647,1379649,1379665,1379733,1379735,1380066,1380073,1380075,1380376,1380635,1380637,1380838,1381411,1381623,1382314,1382343,1382366,1382515,1382832,1382842,1384051,1384055,1384063,1384068-1384069,1385336,1387937,1388709,1388890,1390882,1392098,1392619,1393071,1393115,1396615,1396723,1397086,1397464,1397466,1397472,1397482,1397484,1397839,1397868,1397944,1397950,1397953,1397957,1397960,1397962,1397964,1397969,1397971-1397974,1397976-1397980,1397985,1397988-1397989,1398089,1398107,1398109-1398110,1398112,1399022,1401472,1401792,1401808,1401814,1402113,1402122,1402345,1402348,1402350,1402428,1402573,1402576,1402600-1402601,1402622,1402643,1402683,1402837,1402855,1403099,1403468,1404374,140
4658,1404704,1404773,1404917-1404918,1405133,1405168,1405321,1405353,1405357,1405364,1405397,1405399-1405400,1405415,1405435,1405676,1405681,1406456,1406481,1406526,1407595,1407619,1408043,1408148,1408154,1408156,1408159,1408163-1408165,1408248,1408438,1408504,1408513-1408517,1408562-1408565,1408714,1408721,1408739,1408750,1408774,1408792,1408872-1408876,1408906,1408934,1409007,1409030,1410466,1410545,1410609,1410611,1410632,1410714,1410742,1410763-1410764,1410766,1411585,1411993,1412575,1413552,1413556,1413562,1414053,1414113,1414215,1414889,1415177-1415179,1415186,1416458,1416481,1416501,1416529,1416534-1416535,1416658,1417201,1417224,1417282,1417347-1417348,1417353,1417363,1417365,1417370-1417372,1417463,1417465,1417467,1417469,1417476,1424894,1425502,1425564,1425628,1426662,1427013,1427757,1427784,1427804,1427846,1428010,1428079,1428283,1428355,1428403,1428643,1428869,1428959,1428993,1429123,1429153,1429167,1429173,1429179-1429180,1429182,1429356,1429687,1429745,1429784,1429836,
1429863,1429946,1429969,1430079,1430147,1430165,1430445,1430448,1430481,1430487,1430508,1430550,1430567,1430771,1430773,1430775,1430791,1430799,1430806,1430809,1430921,1431164,1431171,1431206,1431221,1431293,1431298,1431302,1431308,1431310,1431320,1431661,1431920,1431990,1432517,1432867,1433976,1434403,1434428,1434438,1434447,1434456,1434463,1434500,1434598,1434660,1434685,1434725,1434757,1434882,1435126,1435505,1435509,1435600,1435606,1435636,1435642,1435759-1435760,1435765,1435767,1437317,1437337,1437505,1437637,1437649,1437743,1437891,1437897,1437903,1438411,1438463,1439054,1439334,1439434,1439442,1439445,1439667,1440095,1440622,1440911,1441342,1441348,1441403,1441416,1441428,1441807,1441895,1441916,1441920,1443350,1443405,1443427,1445111,1445125,1445190,1445208,1445212,1445328,1445337,1445520,1446108,1446137,1446357,1446612,1446640,1446650,1447012,1447178,1447791,1447817-1447818,1448117,1448121,1448125,1448826,1449225,1449406,1450990,1451053,1451061,1451105,1451408,1451434,14517
69,1451938-1451939,1451947,1451955-1451956,1452295,1452501,1452707,1452719,1452721,1452752,1453105,1453112,1453435,1453439,1453490,1453544,1453549,1453621,1454828,1454832,1454953,1455344,1455854,1455973,1456083,1456440,1456453,1456491,1456494,1456657,1456666,1456678,1456706,1456713,1456716,1456721,1456740,1456762,1456766,1456822,1456844,1456863,1456872,1456882,1456885,1456895,1456899,1456904,1456916,1456920,1456926,1456932,1456959,1456963,1456970,1457299,1457301,1457362,1457382,1457402,1457452,1457748,1457968,1458187,1458192,1458200,1458221,1458562,1458564-1458565,1458694,1458726,1458738-1458739,1459010,1459028,1459031,1459061,1459074-1459075,1459085,1459218,1459223,1459289,1459389,1459523-1459524,1459673,1459681,1459761,1459769,1459933,1460107,1460115,1460234,1460313,1460330,1460342,1460533,1460633,1460679,1460873,1461026,1461110,1461341,1461349,1461849,1464781,1465795,1465807,1466051,1466072,1466106,1467091,1468415,1470400,1470435,1470765,1471371,1471632,1475750,1475791,1475900,14
75930,1475968,1476761,1476805,1476815,1476972,1477051,1479175,1479179,1479248,1479482,1479951,1481164,1481835,1482115,1482288,1482309,1482311,1482313,1482321,1482591,1482720,1482723,1482799,1482835,1482854,1483104,1483229,1483288,1483360-1483361,1483390,1483552,1483554,1483679,1483743-1483744,1483786-1483787,1483816-1483817,1483949,1484253,1484592,1484780,1484786,1484861-1484862,1484959,1485114,1485489,1485495,1485611,1485847,1485862,1486062,1486134,1486217,1486294,1486443,1486834,1486861,1486875,1486890,1486939,1487862,1487882,1488151,1488793,1489170,1489195-1489196,1489201,1489385,1489390,1489405,1489437,1489536,1489546,1489610,1489633,1489648,1489738,1489812,1489886,1491485,1491596,1491709,1491841,1491890,1491940,1491942,1492307,1492336,1492343,1492358,1492555,1492570,1493011,1493013-1493014,1493071,1493113,1493740,1493801,1493910,1494044,1494048,1494051,1494056,1494143,1495015,1495043,1495154,1495197,1495880,1495886,1496061,1496732,1496734,1497474,1497538,1497754,1498340,1498363
,1498368,1498409,1498475,1498482,1498498,1498669,1498698,1498808,1499371,1499388,1499513,1499953,1500003,1500062,1500371,1500380,1500577,1500590,1500663,1501176,1501266,1501719,1501738,1501823,1501910,1501927,1501929,1502254,1502349,1503851,1505843,1505929,1506053,1507013,1507052,1507096,1507870,1507872,1508196,1508259,1508346,1509128,1509151,1509156,1509161,1509806,1510246,1510271,1510488,1511212,1511217,1511434,1512034,1513148-1513149,1513665,1514281,1514291,1514305,1514368,1514470,1514485-1514486,1515841,1515926,1516113,1516295,1516419,1516710,1516953,1517536,1517898,1517941,1517970,1517980,1518189,1518210,1518328,1518381,1518536,1518540,1518578,1518581,1518589,1519611,1519623,1519627,1520273,1520349,1520632,1520655,1521023,1521025,1521027,1521030,1521032,1521034,1521040,1521043,1521049-1521050,1521059-1521061,1521073,1521075,1521271,1521276,1521444,1521687,1521829,1521831,1521834-1521835,1521837,1521839-1521840,1522016,1523555,1523646-1523647,1523674,1523781,1523788,1523830,1523
955,1523958,1523964,1523982,1524078,1524558,1524652,1524657,1524668,1524683,1524687,1524707,1524719,1524727,1524761,1524978,1524984,1525593,1525696,1526043,1526052,1527480,1527493,1527727-1527728,1527730-1527733,1528060,1528166,1528169,1528171-1528172,1528248,1528369,1528383,1528407,1528424,1528855,1529149,1529181,1529317,1529546,1529549,1529787,1530057,1530081,1530103,1530213,1530296,1530298,1530325,1530342,1530348,1530353,1530397,1530418,1530421,1530423,1530426,1530445,1530574,1530599,1530632,1530791,1530822,1530866,1530875,1530909,1530989,1531087,1531099,1531130,1531138,1531156,1531161,1531271,1531312,1531600,1532036,1532269,1532286,1532373,1532437,1532445,1532498-1532501,1532506,1532544,1532622,1532627,1532718-1532722,1532765-1532766,1533048-1533049,1533117,1533312,1533347,1533962,1533980,1534165,1534418,1534540,1534543-1534544,1534612,1534616,1534619,1534727,1534744,1534846,1536298,1536337,1536520,1536624,1536632,1536735,1536834,1536848,1536850,1536852,1537041,1537057,1537073,1
537404,1537835,1538533,1538781,1538798,1538921,1538923-1538924,1539133,1539157,1539173,1539445,1539452,1539702,1539716,1539887,1539953,1540374,1540383-1540386,1540396-1540398,1540400-1540413,1540539,1540641,1540647,1540670,1540687,1540765,1540807,1542267,1542339,1542769,1542841,1542845,1542856,1543383,1543753,1543772,1543815-1543817,1543897,1543943,1543948,1544072,1544075,1544082,1544165,1544208,1544210,1544453,1544455,1544460,1544472,1544589,1544593,1544606,1544679,1545075,1545078,1545082,1545213,1545215,1545261,1545284,1545288,1545377,1545416,1545471,1545480,1545558,1545619,1545665,1545750,1545799,1545814,1545832,1545847,1545863,1546172,1546372,1546382,1546631,1546656,1547032,1547760,1548169,1548182-1548183,1548185,1548498,1548695,1548961,1548966,1549522,1549525,1549528,1549909,1550387,1550541,1550743,1550920,1551298,1551300,1551323,1551481-1551482,1551953,1552042,1552071,1552080,1552287,1552804,1553126,1553608,1553650,1555163,1556725,1556783,1556788,1556807,1556823,1556836,155695
7,1557082,1557747,1557752,1558129,1558355,1558811,1559081,1559113,1559134,1559397,1559419,1559549-1559550,1559561-1559562,1559573,1559662,1559697,1559707,1559798,1560017,1560158,1560177,1560212-1560213,1560784,1560810,1560817,1560838,1560850,1560856,1560922,1560948,1561025,1561054-1561065,1561067-1561070,1561072-1561075,1561083,1561085,1561093-1561094,1561098,1561101,1561104,1561106,1561114-1561116,1561121-1561123,1561126-1561128,1561131-1561133,1561135-1561136,1561138,1561140,1561143-1561146,1561148-1561157,1561160-1561162,1561164-1561176,1561178-1561182,1561185-1561188,1561190-1561192,1561195,1561623,1561635,1561640,1561732,1562411,1562458,1562581,1562597,1562742,1562746,1563206,1563989,1564299,1564309,1564312,1564398,1564414,1564461,1564742-1564746,1565300-1565416,1565451,1565788,1566693,1566699,1567144,1567382,1567404,1567429,1567580,1567634,1567993,1568768,1568779-1568780,1568803,1568828,1568921,1568926,1568936,1569398,1569459,1569735,1569755,1570114,1570120,1570176,1570547,157
0601,1570629,1570713,1571196,1571725,1572574,1574004,1574479,1574923,1574936,1574943,1575012,1575262,1575545,1575885,1575910,1576104,1576271,1576288,1576628,1576722,1576768,1576810,1576908,1576923,1577182,1577195,1577315,1577324,1577463,1577544,1577557,1577565,1577581,1577714,1577873,1577944,1578309,1578329,1578337,1578610-1578611,1578636,1578810,1578812-1578813,1578817,1579174,1579214-1579215,1579626,1580030,1580080,1580194,1580514,1580598,1580658,1580821,1580849,1580869,1581061,1581529,1582009,1582453,1584915,1584922,1586644,1586658,1586890,1586894,1586951,1586959,1586961,1587272,1587378-1587379,1587723,1587859,1587865,1587870,1587886,1588102,1588193,1588197,1588269,1588462,1589035,1589039,1589043,1589100,1589102,1589165-1589166,1589170,1589523,1589630,1589633,1589668,1589698,1589726,1589737-1589738,1589763,1589837,1589842,1589967,1589980,1590018,1590060,1590076,1590120,1590128,1590283,1590300,1590302,1590322,1590329,1590339,1590345,1590377,1590402,1590422,1590438,1590451,1590461,
1590471,1590474,1590479,1590604,1590635,1590638,1590646,1590648,1590801,1590835,1590842,1590911,1593132,1593189,1593200,1593259,1593261,1593284,1593335,1593356,1593387,1593421,1593506,1593621,1593697,1593773,1593800,1593834,1593877,1593940,1593994,1594229,1594393,1594436,1594730,1594924,1595171,1595230,1595285,1595289,1595331,1595365,1595690,1595887,1595898,1596081,1596141,1596189,1596275,1596390,1597532,1597541,1597572-1597573,1597652,1597753-1597755,1597759,1597855,1598153,1598242,1598248,1598266-1598267,1598304,1598307,1598310-1598311,1598313,1599393,1599395,1599460,1599479,1599500,1599558,1599738-1599739,1600109,1600162,1600408,1600449,1600495,1600501,1600579-1600580,1600743,1600833,1600839,1600862,1600899,1600955,1600963,1600965,1600978,1600984,1601329-1601330,1601332,1601785,1601796,1601850,1601855,1601886,1601977,1602046,1602189,1602198,1602452,1602521,1602583,1602694,1602831,1602842,1602844,1602851,1602858,1602865,1602956,1603591,1603621,1603770,1603775,1603779,1603783,16039
47,1604024,1604165,1604484-1604496,1604605,1604661,1604768,1604776,1604781,1604788,1604810,1604818,1604822,1605054,1605061,1605066,1605402,1605417,1605454,1605528,1605821,1605823,1605890-1605891,1606072,1606103,1606114,1606653,1607592,1607675,1607740,1607930-1607931,1607934,1608301,1608428,1608443,1608481,1608645,1608963,1609061,1609175,1609334,1609593,1609920,1611506,1614163,1614169,1614179,1614197,1615710,1615724,1615876,1615911,1615947,1616441,1616452,1616458,1617362,1617365,1617383,1617445,1617456,1617461,1617469-1617470,1618112,1618169,1618565,1618688,1618704,1618830,1618832-1618835,1619056,1619106,1619114,1619361-1619362,1619583,1619585,1619738,1619742,1620743,1620915,1620917,1621698,1621725-1621727,1621729,1621731,1621929,1621975,1622163,1622187,1622228,1622233,1622251,1622259,1622263,1622297,1622312,1622342,1622470,1622713,1623236,1623384,1623392,1623685,1623693,1623695,1623779,1624110,1624112,1624115-1624116,1624119,1624122,1624124,1624126,1624129-1624130,1624132-1624133,16
24135,1624139,1624142-1624143,1624147,1624150,1624152,1624155-1624157,1624162-1624165,1624220,1624233,1624235,1624246-1624247,1624252,1624254,1624396,1624408,1624422,1624476,1624486-1624487,1624497-1624498,1624542,1624563-1624565,1624568-1624569,1624571,1624573,1624580,1624583,1624586,1624588,1624592,1624598,1624605,1624614,1624636,1624642,1624645,1624647-1624648,1624655,1624657,1624679,1624959,1624984,1625501,1625504,1625563,1625599,1625842,1625854,1626579,1626741,1626747-1626748,1626764-1626765,1626779,1626893,1626905,1626991,1627033,1627296,1627323,1627370,1627525,1627531,1627569,1627629,1628517,1628524,1628541,1628984,1629293,1630088,1630094,1630110,1630216,1630407,1631347,1631381,1631568,1631628,1631717,1631730,1631817-1631818,1631839,1631852,1631987,1631992-1631993,1632251,1632290,1632307,1632411,1632423-1632425,1632512,1632523,1632584,1632600-1632601,1632604,1632965,1632975,1632988,1633128,1633342,1633346,1633369,1633447-1633448,1633500,1633688,1633785,1633824-1633825,1633936
,1633974,1634229,1634250,1634257-1634258,1634260,1634312,1634326-1634327,1634329,1634690,1635215,1635301,1635308,1635310,1636524,1637331,1637684,1637695,1638720-1638725,1639653,1640088,1640275,1640322,1640347,1640361,1640365,1640652,1640655-1640658,1640688,1640700-1640883,1641000,1641058,1641064,1641374,1641634,1641656-1641692,1641722,1641735,1641981,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1643002,1643121,1643206,1643209-1643210,1643216,1643270,1643283,1643309-1643310
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java?rev=1643515&r1=1643514&r2=1643515&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java
Sat Dec 6 10:29:23 2014
@@ -27,7 +27,8 @@ import org.apache.catalina.connector.Res
/**
* Concrete implementation of <code>RequestFilterValve</code> that filters
- * based on the string representation of the remote client's IP address.
+ * based on the string representation of the remote client's IP address
+ * optionally combined with the server connector port number.
*
* @author Craig R. McClanahan
*/
@@ -46,6 +47,14 @@ public final class RemoteAddrValve
"org.apache.catalina.valves.RemoteAddrValve/1.0";
+ /**
+ * Flag deciding whether we add the server connector port to the property
+ * compared in the filtering method. The port will be appended
+ * using a ";" as a separator.
+ */
+ protected volatile boolean addConnectorPort = false;
+
+
// ------------------------------------------------------------- Properties
@@ -60,6 +69,28 @@ public final class RemoteAddrValve
}
+ /**
+ * Get the flag deciding whether we add the server connector port to the
+ * property compared in the filtering method. The port will be appended
+ * using a ";" as a separator.
+ */
+ public boolean getAddConnectorPort() {
+ return addConnectorPort;
+ }
+
+
+ /**
+ * Set the flag deciding whether we add the server connector port to the
+ * property compared in the filtering method. The port will be appended
+ * using a ";" as a separator.
+ *
+ * @param addConnectorPort The new flag
+ */
+ public void setAddConnectorPort(boolean addConnectorPort) {
+ this.addConnectorPort = addConnectorPort;
+ }
+
+
// --------------------------------------------------------- Public Methods
@@ -79,7 +110,13 @@ public final class RemoteAddrValve
public void invoke(Request request, Response response)
throws IOException, ServletException {
- process(request.getRequest().getRemoteAddr(), request, response);
+ String property;
+ if (addConnectorPort) {
+ property = request.getRequest().getRemoteAddr() + ";" +
request.getConnector().getPort();
+ } else {
+ property = request.getRequest().getRemoteAddr();
+ }
+ process(property, request, response);
}
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RemoteHostValve.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RemoteHostValve.java?rev=1643515&r1=1643514&r2=1643515&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RemoteHostValve.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RemoteHostValve.java
Sat Dec 6 10:29:23 2014
@@ -27,7 +27,8 @@ import org.apache.catalina.connector.Res
/**
* Concrete implementation of <code>RequestFilterValve</code> that filters
- * based on the remote client's host name.
+ * based on the remote client's host name optionally combined with the
+ * server connector port number.
*
* @author Craig R. McClanahan
*/
@@ -46,6 +47,14 @@ public final class RemoteHostValve
"org.apache.catalina.valves.RemoteHostValve/1.0";
+ /**
+ * Flag deciding whether we add the server connector port to the property
+ * compared in the filtering method. The port will be appended
+ * using a ";" as a separator.
+ */
+ protected volatile boolean addConnectorPort = false;
+
+
// ------------------------------------------------------------- Properties
@@ -60,6 +69,28 @@ public final class RemoteHostValve
}
+ /**
+ * Get the flag deciding whether we add the server connector port to the
+ * property compared in the filtering method. The port will be appended
+ * using a ";" as a separator.
+ */
+ public boolean getAddConnectorPort() {
+ return addConnectorPort;
+ }
+
+
+ /**
+ * Set the flag deciding whether we add the server connector port to the
+ * property compared in the filtering method. The port will be appended
+ * using a ";" as a separator.
+ *
+ * @param addConnectorPort The new flag
+ */
+ public void setAddConnectorPort(boolean addConnectorPort) {
+ this.addConnectorPort = addConnectorPort;
+ }
+
+
// --------------------------------------------------------- Public Methods
@@ -79,7 +110,13 @@ public final class RemoteHostValve
public void invoke(Request request, Response response)
throws IOException, ServletException {
- process(request.getRequest().getRemoteHost(), request, response);
+ String property;
+ if (addConnectorPort) {
+ property = request.getRequest().getRemoteHost() + ";" +
request.getConnector().getPort();
+ } else {
+ property = request.getRequest().getRemoteHost();
+ }
+ process(property, request, response);
}
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java?rev=1643515&r1=1643514&r2=1643515&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
Sat Dec 6 10:29:23 2014
@@ -23,6 +23,7 @@ import java.util.regex.Pattern;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
+import org.apache.catalina.Context;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
@@ -52,6 +53,11 @@ import org.apache.catalina.connector.Res
* <li>The request will be rejected with a "Forbidden" HTTP response.</li>
* </ul>
* <p>
+ * As an option the valve can generate an invalid <code>authenticate</code>
+ * header instead of denying the request. This can be combined with the
+ * context attribute <code>preemptiveAuthentication="true"</code> and an
+ * authenticator to force authentication instead of denial.
+ * <p>
* This Valve may be attached to any Container, depending on the granularity
* of the filtering you wish to perform.
*
@@ -127,6 +133,14 @@ public abstract class RequestFilterValve
*/
protected int denyStatus = HttpServletResponse.SC_FORBIDDEN;
+ /**
+ * <p>If <code>invalidAuthenticationWhenDeny</code> is true
+ * and the context has <code>preemptiveAuthentication</code>
+ * set, set an invalid authorization header to trigger basic auth
+ * instead of denying the request..
+ */
+ private boolean invalidAuthenticationWhenDeny = false;
+
// ------------------------------------------------------------- Properties
@@ -243,6 +257,22 @@ public abstract class RequestFilterValve
}
+ /**
+ * Return true if a deny is handled by setting an invalid auth header.
+ */
+ public boolean getInvalidAuthenticationWhenDeny() {
+ return invalidAuthenticationWhenDeny;
+ }
+
+
+ /**
+ * Set invalidAuthenticationWhenDeny property.
+ */
+ public void setInvalidAuthenticationWhenDeny(boolean value) {
+ invalidAuthenticationWhenDeny = value;
+ }
+
+
// --------------------------------------------------------- Public Methods
@@ -313,6 +343,9 @@ public abstract class RequestFilterValve
/**
* Reject the request that was denied by this valve.
+ * <p>If <code>invalidAuthenticationWhenDeny</code> is true
+ * and the context has <code>preemptiveAuthentication</code>
+ * set, set an invalid authorization header to trigger basic auth.
*
* @param request The servlet request to be processed
* @param response The servlet response to be processed
@@ -321,6 +354,16 @@ public abstract class RequestFilterValve
*/
protected void denyRequest(Request request, Response response)
throws IOException, ServletException {
+ if (invalidAuthenticationWhenDeny) {
+ Context context = request.getContext();
+ if (context != null && context.getPreemptiveAuthentication()) {
+ if
(request.getCoyoteRequest().getMimeHeaders().getValue("authorization") == null)
{
+
request.getCoyoteRequest().getMimeHeaders().addValue("authorization").setString("invalid");
+ }
+ getNext().invoke(request, response);
+ return;
+ }
+ }
response.sendError(denyStatus);
}
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml?rev=1643515&r1=1643514&r2=1643515&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml
Sat Dec 6 10:29:23 2014
@@ -359,11 +359,16 @@
</mbean>
<mbean name="RemoteAddrValve"
- description="Concrete implementation of RequestFilterValve that
filters based on the string representation of the remote client's IP address"
+ description="Concrete implementation of RequestFilterValve that
filters based on the string representation of the remote client's IP address"
domain="Catalina"
group="Valve"
type="org.apache.catalina.valves.RemoteAddrValve">
+ <attribute name="addConnectorPort"
+ description="Append the server connector port to the client IP
separated by a semicolon"
+ is="true"
+ type="boolean"/>
+
<attribute name="allow"
description="The allow expression"
type="java.lang.String"/>
@@ -379,12 +384,12 @@
is="true"
type="boolean"/>
- <attribute name="className"
+ <attribute name="className"
description="Fully qualified class name of the managed object"
type="java.lang.String"
writeable="false"/>
- <attribute name="deny"
+ <attribute name="deny"
description="The deny expression"
type="java.lang.String"/>
@@ -403,6 +408,11 @@
type="java.lang.String"
writeable="false"/>
+ <attribute name="invalidAuthenticationWhenDeny"
+ description="Send an invalid authentication header instead of
deny"
+ is="true"
+ type="boolean"/>
+
<attribute name="stateName"
description="The name of the LifecycleState that this component
is currently in"
type="java.lang.String"
@@ -424,6 +434,11 @@
group="Valve"
type="org.apache.catalina.valves.RemoteHostValve">
+ <attribute name="addConnectorPort"
+ description="Append the server connector port to the client IP
separated by a semicolon"
+ is="true"
+ type="boolean"/>
+
<attribute name="allow"
description="The allow expression"
type="java.lang.String"/>
@@ -439,12 +454,12 @@
is="true"
type="boolean"/>
- <attribute name="className"
+ <attribute name="className"
description="Fully qualified class name of the managed object"
type="java.lang.String"
writeable="false"/>
- <attribute name="deny"
+ <attribute name="deny"
description="The deny expression"
type="java.lang.String"/>
@@ -463,6 +478,11 @@
type="java.lang.String"
writeable="false"/>
+ <attribute name="invalidAuthenticationWhenDeny"
+ description="Send an invalid authentication header instead of
deny"
+ is="true"
+ type="boolean"/>
+
<attribute name="stateName"
description="The name of the LifecycleState that this component
is currently in"
type="java.lang.String"
Modified:
tomcat/tc7.0.x/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java?rev=1643515&r1=1643514&r2=1643515&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java
(original)
+++
tomcat/tc7.0.x/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java
Sat Dec 6 10:29:23 2014
@@ -26,8 +26,11 @@ import static org.junit.Assert.fail;
import org.junit.Test;
+import org.apache.catalina.Context;
+import org.apache.catalina.connector.Connector;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
+import org.apache.catalina.core.StandardContext;
/**
* {@link RequestFilterValve} Tests
@@ -38,20 +41,24 @@ public class TestRequestFilterValve {
private static final int FORBIDDEN = 403;
private static final int CUSTOM = 499;
- private static final String ADDR_ALLOW_PAT = "127\\..*";
- private static final String ADDR_DENY_PAT = ".*\\.1";
+ private static final String ADDR_ALLOW_PAT =
"127\\.\\d*\\.\\d*\\.\\d*";
+ private static final String ADDR_DENY_PAT =
"\\d*\\.\\d*\\.\\d*\\.1";
private static final String ADDR_ONLY_ALLOW = "127.0.0.2";
private static final String ADDR_ONLY_DENY = "192.168.0.1";
private static final String ADDR_ALLOW_AND_DENY = "127.0.0.1";
private static final String ADDR_NO_ALLOW_NO_DENY = "192.168.0.2";
- private static final String HOST_ALLOW_PAT = "www\\.example\\..*";
+ private static final String HOST_ALLOW_PAT =
"www\\.example\\.[a-zA-Z0-9-]*";
private static final String HOST_DENY_PAT = ".*\\.org";
private static final String HOST_ONLY_ALLOW = "www.example.com";
private static final String HOST_ONLY_DENY = "host.example.org";
private static final String HOST_ALLOW_AND_DENY = "www.example.org";
private static final String HOST_NO_ALLOW_NO_DENY = "host.example.com";
+ private static final int PORT = 8080;
+ private static final String PORT_MATCH_PATTERN = ";\\d*";
+ private static final String PORT_NO_MATCH_PATTERN = ";8081";
+
static class TerminatingValve extends ValveBase {
@Override
@@ -74,14 +81,22 @@ public class TestRequestFilterValve {
}
private void oneTest(String allow, String deny, boolean denyStatus,
+ boolean addConnectorPort, boolean auth,
String property, String type, boolean allowed) {
// PREPARE
RequestFilterValve valve = null;
+ Connector connector = new Connector();
+ Context context = new StandardContext();
Request request = new Request();
Response response = new MockResponse();
StringBuilder msg = new StringBuilder();
int expected = allowed ? OK : FORBIDDEN;
+ connector.setPort(PORT);
+ request.setConnector(connector);
+ request.setContext(context);
+ request.setCoyoteRequest(new org.apache.coyote.Request());
+
if (type == null) {
fail("Invalid test with null type");
}
@@ -115,6 +130,21 @@ public class TestRequestFilterValve {
expected = CUSTOM;
}
}
+ if (addConnectorPort) {
+ if (valve instanceof RemoteAddrValve) {
+ ((RemoteAddrValve)valve).setAddConnectorPort(true);
+ } else if (valve instanceof RemoteHostValve) {
+ ((RemoteHostValve)valve).setAddConnectorPort(true);
+ } else {
+ fail("Can only set 'addConnectorPort' for RemoteAddrValve and
RemoteHostValve");
+ }
+ msg.append(" addConnectorPort='true'");
+ }
+ if (auth) {
+ context.setPreemptiveAuthentication(true);
+ valve.setInvalidAuthenticationWhenDeny(true);
+ msg.append(" auth='true'");
+ }
// TEST
try {
@@ -126,30 +156,174 @@ public class TestRequestFilterValve {
}
// VERIFY
- assertEquals(msg.toString(), expected, response.getStatus());
+ if (!allowed && auth) {
+ assertEquals(msg.toString(), OK, response.getStatus());
+ assertEquals(msg.toString(), "invalid",
request.getHeader("authorization"));
+ } else {
+ assertEquals(msg.toString(), expected, response.getStatus());
+ }
}
private void standardTests(String allow_pat, String deny_pat,
String OnlyAllow, String OnlyDeny,
String AllowAndDeny, String NoAllowNoDeny,
- String type) {
- oneTest(null, null, false, AllowAndDeny, type, false);
- oneTest(allow_pat, null, false, AllowAndDeny, type, true);
- oneTest(allow_pat, null, false, NoAllowNoDeny, type, false);
- oneTest(allow_pat, null, true, AllowAndDeny, type, true);
- oneTest(allow_pat, null, true, NoAllowNoDeny, type, false);
- oneTest(null, deny_pat, false, AllowAndDeny, type, false);
- oneTest(null, deny_pat, false, NoAllowNoDeny, type, true);
- oneTest(null, deny_pat, true, AllowAndDeny, type, false);
- oneTest(null, deny_pat, true, NoAllowNoDeny, type, true);
- oneTest(allow_pat, deny_pat, false, NoAllowNoDeny, type, false);
- oneTest(allow_pat, deny_pat, false, OnlyAllow, type, true);
- oneTest(allow_pat, deny_pat, false, OnlyDeny, type, false);
- oneTest(allow_pat, deny_pat, false, AllowAndDeny, type, false);
- oneTest(allow_pat, deny_pat, true, NoAllowNoDeny, type, false);
- oneTest(allow_pat, deny_pat, true, OnlyAllow, type, true);
- oneTest(allow_pat, deny_pat, true, OnlyDeny, type, false);
- oneTest(allow_pat, deny_pat, true, AllowAndDeny, type, false);
+ boolean auth, String type) {
+ String apat;
+ String dpat;
+
+ // Test without ports
+ apat = allow_pat;
+ dpat = deny_pat;
+ oneTest(null, null, false, false, auth, AllowAndDeny, type, false);
+ oneTest(null, null, true, false, auth, AllowAndDeny, type, false);
+ oneTest(apat, null, false, false, auth, AllowAndDeny, type, true);
+ oneTest(apat, null, false, false, auth, NoAllowNoDeny, type, false);
+ oneTest(apat, null, true, false, auth, AllowAndDeny, type, true);
+ oneTest(apat, null, true, false, auth, NoAllowNoDeny, type, false);
+ oneTest(null, dpat, false, false, auth, AllowAndDeny, type, false);
+ oneTest(null, dpat, false, false, auth, NoAllowNoDeny, type, true);
+ oneTest(null, dpat, true, false, auth, AllowAndDeny, type, false);
+ oneTest(null, dpat, true, false, auth, NoAllowNoDeny, type, true);
+ oneTest(apat, dpat, false, false, auth, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, false, false, auth, OnlyAllow, type, true);
+ oneTest(apat, dpat, false, false, auth, OnlyDeny, type, false);
+ oneTest(apat, dpat, false, false, auth, AllowAndDeny, type, false);
+ oneTest(apat, dpat, true, false, auth, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, true, false, auth, OnlyAllow, type, true);
+ oneTest(apat, dpat, true, false, auth, OnlyDeny, type, false);
+ oneTest(apat, dpat, true, false, auth, AllowAndDeny, type, false);
+
+ // Test with port in pattern but forgotten "addConnectorPort"
+ apat = allow_pat + PORT_MATCH_PATTERN;
+ dpat = deny_pat + PORT_MATCH_PATTERN;
+ oneTest(null, null, false, false, auth, AllowAndDeny, type, false);
+ oneTest(null, null, true, false, auth, AllowAndDeny, type, false);
+ oneTest(apat, null, false, false, auth, AllowAndDeny, type, false);
+ oneTest(apat, null, false, false, auth, NoAllowNoDeny, type, false);
+ oneTest(apat, null, true, false, auth, AllowAndDeny, type, false);
+ oneTest(apat, null, true, false, auth, NoAllowNoDeny, type, false);
+ oneTest(null, dpat, false, false, auth, AllowAndDeny, type, true);
+ oneTest(null, dpat, false, false, auth, NoAllowNoDeny, type, true);
+ oneTest(null, dpat, true, false, auth, AllowAndDeny, type, true);
+ oneTest(null, dpat, true, false, auth, NoAllowNoDeny, type, true);
+ oneTest(apat, dpat, false, false, auth, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, false, false, auth, OnlyAllow, type, false);
+ oneTest(apat, dpat, false, false, auth, OnlyDeny, type, false);
+ oneTest(apat, dpat, false, false, auth, AllowAndDeny, type, false);
+ oneTest(apat, dpat, true, false, auth, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, true, false, auth, OnlyAllow, type, false);
+ oneTest(apat, dpat, true, false, auth, OnlyDeny, type, false);
+ oneTest(apat, dpat, true, false, auth, AllowAndDeny, type, false);
+
+ // Test with "addConnectorPort" but port not in pattern
+ apat = allow_pat;
+ dpat = deny_pat;
+ oneTest(null, null, false, true, auth, AllowAndDeny, type, false);
+ oneTest(null, null, true, true, auth, AllowAndDeny, type, false);
+ oneTest(apat, null, false, true, auth, AllowAndDeny, type, false);
+ oneTest(apat, null, false, true, auth, NoAllowNoDeny, type, false);
+ oneTest(apat, null, true, true, auth, AllowAndDeny, type, false);
+ oneTest(apat, null, true, true, auth, NoAllowNoDeny, type, false);
+ oneTest(null, dpat, false, true, auth, AllowAndDeny, type, true);
+ oneTest(null, dpat, false, true, auth, NoAllowNoDeny, type, true);
+ oneTest(null, dpat, true, true, auth, AllowAndDeny, type, true);
+ oneTest(null, dpat, true, true, auth, NoAllowNoDeny, type, true);
+ oneTest(apat, dpat, false, true, auth, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, false, true, auth, OnlyAllow, type, false);
+ oneTest(apat, dpat, false, true, auth, OnlyDeny, type, false);
+ oneTest(apat, dpat, false, true, auth, AllowAndDeny, type, false);
+ oneTest(apat, dpat, true, true, auth, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, true, true, auth, OnlyAllow, type, false);
+ oneTest(apat, dpat, true, true, auth, OnlyDeny, type, false);
+ oneTest(apat, dpat, true, true, auth, AllowAndDeny, type, false);
+
+ // Test "addConnectorPort" and with port matching in both patterns
+ apat = allow_pat + PORT_MATCH_PATTERN;
+ dpat = deny_pat + PORT_MATCH_PATTERN;
+ oneTest(null, null, false, true, auth, AllowAndDeny, type, false);
+ oneTest(null, null, true, true, auth, AllowAndDeny, type, false);
+ oneTest(apat, null, false, true, auth, AllowAndDeny, type, true);
+ oneTest(apat, null, false, true, auth, NoAllowNoDeny, type, false);
+ oneTest(apat, null, true, true, auth, AllowAndDeny, type, true);
+ oneTest(apat, null, true, true, auth, NoAllowNoDeny, type, false);
+ oneTest(null, dpat, false, true, auth, AllowAndDeny, type, false);
+ oneTest(null, dpat, false, true, auth, NoAllowNoDeny, type, true);
+ oneTest(null, dpat, true, true, auth, AllowAndDeny, type, false);
+ oneTest(null, dpat, true, true, auth, NoAllowNoDeny, type, true);
+ oneTest(apat, dpat, false, true, auth, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, false, true, auth, OnlyAllow, type, true);
+ oneTest(apat, dpat, false, true, auth, OnlyDeny, type, false);
+ oneTest(apat, dpat, false, true, auth, AllowAndDeny, type, false);
+ oneTest(apat, dpat, true, true, auth, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, true, true, auth, OnlyAllow, type, true);
+ oneTest(apat, dpat, true, true, auth, OnlyDeny, type, false);
+ oneTest(apat, dpat, true, true, auth, AllowAndDeny, type, false);
+
+ // Test "addConnectorPort" and with port not matching in both patterns
+ apat = allow_pat + PORT_NO_MATCH_PATTERN;
+ dpat = deny_pat + PORT_NO_MATCH_PATTERN;
+ oneTest(null, null, false, true, auth, AllowAndDeny, type, false);
+ oneTest(null, null, true, true, auth, AllowAndDeny, type, false);
+ oneTest(apat, null, false, true, auth, AllowAndDeny, type, false);
+ oneTest(apat, null, false, true, auth, NoAllowNoDeny, type, false);
+ oneTest(apat, null, true, true, auth, AllowAndDeny, type, false);
+ oneTest(apat, null, true, true, auth, NoAllowNoDeny, type, false);
+ oneTest(null, dpat, false, true, auth, AllowAndDeny, type, true);
+ oneTest(null, dpat, false, true, auth, NoAllowNoDeny, type, true);
+ oneTest(null, dpat, true, true, auth, AllowAndDeny, type, true);
+ oneTest(null, dpat, true, true, auth, NoAllowNoDeny, type, true);
+ oneTest(apat, dpat, false, true, auth, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, false, true, auth, OnlyAllow, type, false);
+ oneTest(apat, dpat, false, true, auth, OnlyDeny, type, false);
+ oneTest(apat, dpat, false, true, auth, AllowAndDeny, type, false);
+ oneTest(apat, dpat, true, true, auth, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, true, true, auth, OnlyAllow, type, false);
+ oneTest(apat, dpat, true, true, auth, OnlyDeny, type, false);
+ oneTest(apat, dpat, true, true, auth, AllowAndDeny, type, false);
+
+ // Test "addConnectorPort" and with port matching only in allow
+ apat = allow_pat + PORT_MATCH_PATTERN;
+ dpat = deny_pat + PORT_NO_MATCH_PATTERN;
+ oneTest(null, null, false, true, auth, AllowAndDeny, type, false);
+ oneTest(null, null, true, true, auth, AllowAndDeny, type, false);
+ oneTest(apat, null, false, true, auth, AllowAndDeny, type, true);
+ oneTest(apat, null, false, true, auth, NoAllowNoDeny, type, false);
+ oneTest(apat, null, true, true, auth, AllowAndDeny, type, true);
+ oneTest(apat, null, true, true, auth, NoAllowNoDeny, type, false);
+ oneTest(null, dpat, false, true, auth, AllowAndDeny, type, true);
+ oneTest(null, dpat, false, true, auth, NoAllowNoDeny, type, true);
+ oneTest(null, dpat, true, true, auth, AllowAndDeny, type, true);
+ oneTest(null, dpat, true, true, auth, NoAllowNoDeny, type, true);
+ oneTest(apat, dpat, false, true, auth, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, false, true, auth, OnlyAllow, type, true);
+ oneTest(apat, dpat, false, true, auth, OnlyDeny, type, false);
+ oneTest(apat, dpat, false, true, auth, AllowAndDeny, type, true);
+ oneTest(apat, dpat, true, true, auth, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, true, true, auth, OnlyAllow, type, true);
+ oneTest(apat, dpat, true, true, auth, OnlyDeny, type, false);
+ oneTest(apat, dpat, true, true, auth, AllowAndDeny, type, true);
+
+ // Test "addConnectorPort" and with port matching only in deny
+ apat = allow_pat + PORT_NO_MATCH_PATTERN;
+ dpat = deny_pat + PORT_MATCH_PATTERN;
+ oneTest(null, null, false, true, auth, AllowAndDeny, type, false);
+ oneTest(null, null, true, true, auth, AllowAndDeny, type, false);
+ oneTest(apat, null, false, true, auth, AllowAndDeny, type, false);
+ oneTest(apat, null, false, true, auth, NoAllowNoDeny, type, false);
+ oneTest(apat, null, true, true, auth, AllowAndDeny, type, false);
+ oneTest(apat, null, true, true, auth, NoAllowNoDeny, type, false);
+ oneTest(null, dpat, false, true, auth, AllowAndDeny, type, false);
+ oneTest(null, dpat, false, true, auth, NoAllowNoDeny, type, true);
+ oneTest(null, dpat, true, true, auth, AllowAndDeny, type, false);
+ oneTest(null, dpat, true, true, auth, NoAllowNoDeny, type, true);
+ oneTest(apat, dpat, false, true, auth, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, false, true, auth, OnlyAllow, type, false);
+ oneTest(apat, dpat, false, true, auth, OnlyDeny, type, false);
+ oneTest(apat, dpat, false, true, auth, AllowAndDeny, type, false);
+ oneTest(apat, dpat, true, true, auth, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, true, true, auth, OnlyAllow, type, false);
+ oneTest(apat, dpat, true, true, auth, OnlyDeny, type, false);
+ oneTest(apat, dpat, true, true, auth, AllowAndDeny, type, false);
}
@Test
@@ -157,7 +331,11 @@ public class TestRequestFilterValve {
standardTests(ADDR_ALLOW_PAT, ADDR_DENY_PAT,
ADDR_ONLY_ALLOW, ADDR_ONLY_DENY,
ADDR_ALLOW_AND_DENY, ADDR_NO_ALLOW_NO_DENY,
- "Addr");
+ false, "Addr");
+ standardTests(ADDR_ALLOW_PAT, ADDR_DENY_PAT,
+ ADDR_ONLY_ALLOW, ADDR_ONLY_DENY,
+ ADDR_ALLOW_AND_DENY, ADDR_NO_ALLOW_NO_DENY,
+ true, "Addr");
}
@Test
@@ -165,6 +343,10 @@ public class TestRequestFilterValve {
standardTests(HOST_ALLOW_PAT, HOST_DENY_PAT,
HOST_ONLY_ALLOW, HOST_ONLY_DENY,
HOST_ALLOW_AND_DENY, HOST_NO_ALLOW_NO_DENY,
- "Host");
+ false, "Host");
+ standardTests(HOST_ALLOW_PAT, HOST_DENY_PAT,
+ HOST_ONLY_ALLOW, HOST_ONLY_DENY,
+ HOST_ALLOW_AND_DENY, HOST_NO_ALLOW_NO_DENY,
+ true, "Host");
}
}
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1643515&r1=1643514&r2=1643515&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Sat Dec 6 10:29:23 2014
@@ -127,6 +127,19 @@
<add>
Add unit tests for RemoteAddrValve and RemoteHostValve. (rjung)
</add>
+ <add>
+ Allow to configure RemoteAddrValve and RemoteHostValve to
+ adopt behavior depending on the connector port. Implemented
+ by optionally adding the connector port to the string compared
+ with the patterns <code>allow</code> and <code>deny</code>
+ (using <code>addConnectorPort</code>). (rjung)
+ </add>
+ <add>
+ Optionally trigger authentication intead of denial in
+ RemoteAddrValve and RemoteHostValve. This only works in
+ combination with <code>preemptiveAuthentication</code>
+ on the application context. (rjung)
+ </add>
</changelog>
</subsection>
<subsection name="Coyote">
Modified: tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml?rev=1643515&r1=1643514&r2=1643515&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml Sat Dec 6 10:29:23 2014
@@ -466,6 +466,14 @@
package. Please consult the Java documentation for details of the
expressions supported.</p>
+ <p>Optionally one can append the server connector port separated with a
+ comma (";") to allow different expressions for each connector.</p>
+
+ <p>The behavior when a request is refused can be changed
+ to not deny but instead set an invalid <code>authentication</code>
+ header. This is useful in combination with the context attribute
+ <code>preemptiveAuthentication="true"</code>.</p>
+
<p><strong>Note:</strong> There is a caveat when using this valve with
IPv6 addresses. Format of the IP address that this valve is processing
depends on the API that was used to obtain it. If the address was obtained
@@ -504,7 +512,7 @@
remote client's IP address is compared to. If this attribute
is specified, the remote address MUST NOT match for this request to be
accepted. If this attribute is not specified, request acceptance is
- governed solely by the <code>accept</code> attribute.</p>
+ governed solely by the <code>allow</code> attribute.</p>
</attribute>
<attribute name="denyStatus" required="false">
@@ -513,6 +521,27 @@
it can be set to the value <code>404</code>.</p>
</attribute>
+ <attribute name="addConnectorPort" required="false">
+ <p>Append the server connector port to the client IP address separated
+ with a semicolon (";"). If this is set to <code>true</code>, the
+ expressions configured with <code>allow</code> and
+ <code>deny</code> is compared against <code>ADDRESS;PORT</code>
+ where <code>ADDRESS</code> is the client IP address and
+ <code>PORT</code> is the Tomcat connector port which received the
+ request. The default value is <code>false</code>.</p>
+ </attribute>
+
+ <attribute name="invalidAuthenticationWhenDeny" required="false">
+ <p>When a request should be denied, do not deny but instead
+ set an invalid <code>authentication</code> header. This only works
+ if the context has the attribute
<code>preemptiveAuthentication="true"</code>
+ set. An already existing <code>authentication</code> header will not be
+ overwritten. In effect this will trigger authentication instead of deny
+ even if the application does not have a security constraint
configured.</p>
+ <p>This can be combined with <code>addConnectorPort</code> to trigger
authentication
+ depending on the client and the connector that is used to access an
application.</p>
+ </attribute>
+
</attributes>
</subsection>
@@ -523,6 +552,28 @@
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"/>]]></source>
</subsection>
+ <subsection name="Example">
+ <p>To allow unrestricted access for the clients connecting from localhost
+ but for all other clients only to port 8443:</p>
+ <source><![CDATA[<Valve
className="org.apache.catalina.valves.RemoteAddrValve"
+ addConnectorPort="true"
+
allow="127\.\d+\.\d+\.\d+;\d*|::1;\d*|0:0:0:0:0:0:0:1;\d*|.*;8443"/>]]></source>
+ </subsection>
+
+ <subsection name="Example">
+ <p>To allow unrestricted access to port 8009, but trigger basic
+ authentication if the application is access on another port:</p>
+<source><![CDATA[<Context>
+ ...
+ <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+ addConnectorPort="true"
+ invalidAuthenticationWhenDeny="true"
+ allow=".*;8009"/>
+ <Valve className="org.apache.catalina.authenticator.BasicAuthenticator" />
+ ...
+</Context>]]></source>
+ </subsection>
+
</subsection>
@@ -544,6 +595,14 @@
package. Please consult the Java documentation for details of the
expressions supported.</p>
+ <p>Optionally one can append the server connector port separated with a
+ comma (";") to allow different expressions for each connector.</p>
+
+ <p>The behavior when a request is refused can be changed
+ to not deny but instead set an invalid <code>authentication</code>
+ header. This is useful in combination with the context attribute
+ <code>preemptiveAuthentication="true"</code>.</p>
+
<p><strong>Note:</strong> This filter processes the value returned by
method <code>ServletRequest.getRemoteHost()</code>. To allow the method
to return proper host names, you have to enable "DNS lookups" feature on
@@ -579,7 +638,7 @@
remote client's hostname is compared to. If this attribute
is specified, the remote hostname MUST NOT match for this request to be
accepted. If this attribute is not specified, request acceptance is
- governed solely by the <code>accept</code> attribute.</p>
+ governed solely by the <code>allow</code> attribute.</p>
</attribute>
<attribute name="denyStatus" required="false">
@@ -588,6 +647,27 @@
it can be set to the value <code>404</code>.</p>
</attribute>
+ <attribute name="addConnectorPort" required="false">
+ <p>Append the server connector port to the client hostname separated
+ with a comma (";"). If this is set to <code>true</code>, the
+ expressions configured with <code>allow</code> and
+ <code>deny</code> is compared against <code>HOSTNAME;PORT</code>
+ where <code>HOSTNAME</code> is the client hostname and
+ <code>PORT</code> is the Tomcat connector port which received the
+ request. The default value is <code>false</code>.</p>
+ </attribute>
+
+ <attribute name="invalidAuthenticationWhenDeny" required="false">
+ <p>When a request should be denied, do not deny but instead
+ set an invalid <code>authentication</code> header. This only works
+ if the context has the attribute
<code>preemptiveAuthentication="true"</code>
+ set. An already existing <code>authentication</code> header will not be
+ overwritten. In effect this will trigger authentication instead of deny
+ even if the application does not have a security constraint
configured.</p>
+ <p>This can be combined with <code>addConnectorPort</code> to trigger
authentication
+ depending on the client and the connector that is used to access an
application.</p>
+ </attribute>
+
</attributes>
</subsection>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
