Author: sai
Date: Fri Apr 16 14:42:54 2010
New Revision: 934935
URL: http://svn.apache.org/viewvc?rev=934935&view=rev
Log:
Implemented newly proposed changes to JIRA issue FTPSERVER-357
Added:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/MinaSessionFilter.java
(contents, props changed)
- copied, changed from r928769,
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/MinaIpFilter.java
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/RemoteIpFilter.java
(contents, props changed)
- copied, changed from r928769,
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/DefaultIpFilter.java
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/SessionFilter.java
(contents, props changed)
- copied, changed from r928769,
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/IpFilter.java
Removed:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/DefaultIpFilter.java
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/IpFilter.java
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/MinaIpFilter.java
Modified:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/config/spring/ListenerBeanDefinitionParser.java
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/Listener.java
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/ListenerFactory.java
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/nio/AbstractListener.java
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/nio/NioListener.java
mina/ftpserver/trunk/core/src/main/resources/org/apache/ftpserver/config/spring/ftpserver-1.0.xsd
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/IpFilterTest.java
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/config/spring/MyCustomListener.java
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/config/spring/SpringConfigTest.java
Modified:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/config/spring/ListenerBeanDefinitionParser.java
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/config/spring/ListenerBeanDefinitionParser.java?rev=934935&r1=934934&r2=934935&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/config/spring/ListenerBeanDefinitionParser.java
(original)
+++
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/config/spring/ListenerBeanDefinitionParser.java
Fri Apr 16 14:42:54 2010
@@ -19,18 +19,16 @@
package org.apache.ftpserver.config.spring;
-import java.net.InetAddress;
import java.net.UnknownHostException;
import org.apache.ftpserver.DataConnectionConfiguration;
import org.apache.ftpserver.DataConnectionConfigurationFactory;
import org.apache.ftpserver.FtpServerConfigurationException;
-import org.apache.ftpserver.ipfilter.DefaultIpFilter;
import org.apache.ftpserver.ipfilter.IpFilterType;
+import org.apache.ftpserver.ipfilter.RemoteIpFilter;
import org.apache.ftpserver.listener.ListenerFactory;
import org.apache.ftpserver.ssl.SslConfiguration;
import org.apache.ftpserver.ssl.SslConfigurationFactory;
-import org.apache.mina.filter.firewall.Subnet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.config.BeanDefinition;
@@ -101,29 +99,37 @@ public class ListenerBeanDefinitionParse
Element blacklistElm = SpringUtil.getChildElement(element,
FtpServerNamespaceHandler.FTPSERVER_NS, "blacklist");
if (blacklistElm != null) {
- LOG.warn("Element 'blacklist' is deprecated, and may be removed
in a future release. Please use 'ip-filter' instead. ");
- try {
- DefaultIpFilter ipFilter = new
DefaultIpFilter(IpFilterType.DENY, blacklistElm.getTextContent());
- factoryBuilder.addPropertyValue("ipFilter", ipFilter);
- }
- catch (UnknownHostException e) {
- throw new IllegalArgumentException("Invalid IP
address or subnet in the 'blacklist' element", e);
- }
+ LOG
+ .warn("Element 'blacklist' is deprecated, and may be
removed in a future release. Please use 'remote-ip-filter' instead. ");
+ try {
+ RemoteIpFilter remoteIpFilter = new
RemoteIpFilter(IpFilterType.DENY,
+ blacklistElm.getTextContent());
+ factoryBuilder.addPropertyValue("sessionFilter",
remoteIpFilter);
+ } catch (UnknownHostException e) {
+ throw new IllegalArgumentException(
+ "Invalid IP address or subnet in the 'blacklist'
element",
+ e);
+ }
}
-
- Element ipFilterElement = SpringUtil.getChildElement(element,
FtpServerNamespaceHandler.FTPSERVER_NS, "ip-filter");
- if(ipFilterElement != null) {
- if(blacklistElm != null) {
- throw new FtpServerConfigurationException("Element
'ipFilter' may not be used when 'blacklist' element is specified. ");
- }
- String filterType = ipFilterElement.getAttribute("type");
- try {
- DefaultIpFilter ipFilter = new
DefaultIpFilter(IpFilterType.parse(filterType),
ipFilterElement.getTextContent());
- factoryBuilder.addPropertyValue("ipFilter", ipFilter);
- }
- catch (UnknownHostException e) {
- throw new IllegalArgumentException("Invalid IP
address or subnet in the 'ip-filter' element");
- }
+
+ Element remoteIpFilterElement = SpringUtil.getChildElement(element,
+ FtpServerNamespaceHandler.FTPSERVER_NS, "remote-ip-filter");
+ if (remoteIpFilterElement != null) {
+ if (blacklistElm != null) {
+ throw new FtpServerConfigurationException(
+ "Element 'remote-ip-filter' may not be used when
'blacklist' element is specified. ");
+ }
+ String filterType = remoteIpFilterElement.getAttribute("type");
+ try {
+ RemoteIpFilter remoteIpFilter = new RemoteIpFilter(IpFilterType
+ .parse(filterType), remoteIpFilterElement
+ .getTextContent());
+ factoryBuilder
+ .addPropertyValue("sessionFilter", remoteIpFilter);
+ } catch (UnknownHostException e) {
+ throw new IllegalArgumentException(
+ "Invalid IP address or subnet in the
'remote-ip-filter' element");
+ }
}
BeanDefinition factoryDefinition = factoryBuilder.getBeanDefinition();
Copied:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/MinaSessionFilter.java
(from r928769,
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/MinaIpFilter.java)
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/MinaSessionFilter.java?p2=mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/MinaSessionFilter.java&p1=mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/MinaIpFilter.java&r1=928769&r2=934935&rev=934935&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/MinaIpFilter.java
(original)
+++
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/MinaSessionFilter.java
Fri Apr 16 14:42:54 2010
@@ -19,51 +19,40 @@
package org.apache.ftpserver.ipfilter;
-import java.net.InetAddress;
-import java.net.InetSocketAddress;
-import java.net.SocketAddress;
-
import org.apache.mina.core.filterchain.IoFilterAdapter;
import org.apache.mina.core.session.IoSession;
/**
- * An implementation of Mina Filter to filter clients based on the originating
- * IP address.
+ * A wrapper for <code>SessionFilter</code> so it can be added to the MINA
+ * filter chain.
*
* @author <a href="http://mina.apache.org";>Apache MINA Project</a>
*
*/
-public class MinaIpFilter extends IoFilterAdapter {
+public class MinaSessionFilter extends IoFilterAdapter {
- /**
- * The actual <code>IpFilter</code> used by this filter.
- */
- private IpFilter filter = null;
-
- /**
- * Creates a new instance of <code>MinaIpFilter</code>.
- *
- * @param filter
- * the filter
- */
- public MinaIpFilter(IpFilter filter) {
- this.filter = filter;
- }
-
- @Override
- public void sessionCreated(NextFilter nextFilter, IoSession session) {
- SocketAddress remoteAddress = session.getRemoteAddress();
- if (remoteAddress instanceof InetSocketAddress) {
- InetAddress ipAddress = ((InetSocketAddress)
remoteAddress).getAddress();
- // TODO we probably have to check if the InetAddress is
a version 4
- // address, or else, the result would probably be
unknown.
- if (!filter.accept(ipAddress)) {
- session.close(true);
- }
- else {
- nextFilter.sessionCreated(session);
- }
- }
- }
+ /**
+ * The actual (or wrapped) <code>SessionFilter</code> used by this filter.
+ */
+ private SessionFilter filter = null;
+
+ /**
+ * Creates a new instance of <code>MinaSessionFilter</code>.
+ *
+ * @param filter
+ * the filter
+ */
+ public MinaSessionFilter(SessionFilter filter) {
+ this.filter = filter;
+ }
+
+ @Override
+ public void sessionCreated(NextFilter nextFilter, IoSession session) {
+ if (!filter.accept(session)) {
+ session.close(true);
+ } else {
+ nextFilter.sessionCreated(session);
+ }
+ }
}
Propchange:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/MinaSessionFilter.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Copied:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/RemoteIpFilter.java
(from r928769,
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/DefaultIpFilter.java)
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/RemoteIpFilter.java?p2=mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/RemoteIpFilter.java&p1=mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/DefaultIpFilter.java&r1=928769&r2=934935&rev=934935&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/DefaultIpFilter.java
(original)
+++
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/RemoteIpFilter.java
Fri Apr 16 14:42:54 2010
@@ -20,198 +20,204 @@
package org.apache.ftpserver.ipfilter;
import java.net.InetAddress;
+import java.net.InetSocketAddress;
import java.net.UnknownHostException;
import java.util.Collection;
import java.util.HashSet;
import java.util.concurrent.CopyOnWriteArraySet;
+import org.apache.mina.core.session.IoSession;
import org.apache.mina.filter.firewall.Subnet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
- * Default implementation of the <code>IpFilter</code> interface, which uses
- * specific IP addresses or ranges of IP addresses that can be blocked or
- * allowed.
+ * An implementation of the <code>SessionFilter</code> interface, to filter
+ * sessions based on the remote IP address.
*
* @author <a href="http://mina.apache.org";>Apache MINA Project</a>
*
*/
-public class DefaultIpFilter extends CopyOnWriteArraySet<Subnet> implements
- IpFilter {
+public class RemoteIpFilter extends CopyOnWriteArraySet<Subnet> implements
+ SessionFilter {
- /**
- * Logger
- */
- Logger LOGGER = LoggerFactory.getLogger(DefaultIpFilter.class);
-
- /**
- * Serial version UID
- */
- private static final long serialVersionUID = 4887092372700628783L;
-
- /**
- * filter type
- */
- private IpFilterType type = null;
-
- /**
- * Creates a new instance of <code>DefaultIpFilter</code>.
- *
- * @param type
- * the filter type
- */
- public DefaultIpFilter(IpFilterType type) {
- this(type, new HashSet<Subnet>(0));
- }
-
- /**
- * Creates a new instance of <code>DefaultIpFilter</code>.
- *
- * @param type
- * the filter type
- * @param collection
- * a collection of <code>Subnet</code>s to filter out/in.
- */
- public DefaultIpFilter(IpFilterType type,
- Collection<? extends Subnet> collection) {
- super(collection);
- this.type = type;
- }
-
- /**
- * Creates a new instance of <code>DefaultIpFilter</code>.
- *
- * @param type
- * the filter type
- * @param addresses
- * a comma, space, tab, LF separated list of IP
addresses/CIDRs.
- * @throws UnknownHostException
- * propagated
- * @throws NumberFormatException
- * propagated
- */
- public DefaultIpFilter(IpFilterType type, String addresses)
- throws NumberFormatException, UnknownHostException {
- super();
- this.type = type;
- if (addresses != null) {
- String[] tokens = addresses.split("[\\s,]+");
- for (String token : tokens) {
- if (token.trim().length() > 0) {
- add(token);
- }
- }
- }
- if (LOGGER.isDebugEnabled()) {
- LOGGER.debug(
- "Created DefaultIpFilter of type {} with the
subnets {}", type,
- this);
- }
- }
-
- /**
- * Returns the type of this filter.
- *
- * @return the type of this filter.
- */
- public IpFilterType getType() {
- return type;
- }
-
- /**
- * Sets the type of this filter.
- *
- * @param type
- * the type of this filter.
- */
- // TODO should we allow changing the filter type once it is created? I
don't
- // think we should.
- public void setType(IpFilterType type) {
- this.type = type;
- }
-
- /**
- * Adds the given string representation of InetAddress or CIDR notation
to
- * this filter.
- *
- * @param str
- * the string representation of InetAddress or CIDR notation
- * @return if the given element was added or not. <code>true</code>, if
the
- * given element was added to the filter; <code>false</code>,
if the
- * element already exists in the filter.
- * @throws NumberFormatException
- * propagated
- * @throws UnknownHostException
- * propagated
- */
- public boolean add(String str) throws NumberFormatException,
- UnknownHostException {
- // This is required so we do not block loopback address if some
one adds
- // a string with blanks as the InetAddress class assumes
loopback
- // address on blank string.
- if (str.trim().length() < 1) {
- throw new IllegalArgumentException("Invalid IP Address
or Subnet: "
- + str);
- }
- String[] tokens = str.split("/");
- if (tokens.length == 2) {
- return add(new Subnet(InetAddress.getByName(tokens[0]),
- Integer.parseInt(tokens[1])));
- }
- else {
- return add(new Subnet(InetAddress.getByName(tokens[0]),
32));
- }
- }
-
- public boolean accept(InetAddress address) {
- switch (type) {
- case ALLOW:
- for (Subnet subnet : this) {
- if (subnet.inSubnet(address)) {
- if (LOGGER.isDebugEnabled()) {
- LOGGER.debug(
- "Allowing
connection from {} because it matches with the whitelist subnet {}",
- new Object[] {
address, subnet });
- }
- return true;
- }
- }
- if (LOGGER.isDebugEnabled()) {
- LOGGER.debug(
- "Denying connection from {}
because it does not match any of the whitelist subnets",
- new Object[] { address });
- }
- return false;
- case DENY:
- if (isEmpty()) {
- if (LOGGER.isDebugEnabled()) {
- LOGGER.debug(
- "Allowing connection
from {} because blacklist is empty",
- new Object[] { address
});
- }
- return true;
- }
- for (Subnet subnet : this) {
- if (subnet.inSubnet(address)) {
- if (LOGGER.isDebugEnabled()) {
- LOGGER.debug(
- "Denying
connection from {} because it matches with the blacklist subnet {}",
- new Object[] {
address, subnet });
- }
- return false;
- }
- }
- if (LOGGER.isDebugEnabled()) {
- LOGGER.debug(
- "Allowing connection from {}
because it does not match any of the blacklist subnets",
- new Object[] { address });
- }
- return true;
- default:
- throw new RuntimeException(
- "Unknown or unimplemented filter type:
" + type);
- }
- }
+ /**
+ * Logger
+ */
+ Logger LOGGER = LoggerFactory.getLogger(RemoteIpFilter.class);
+
+ /**
+ * Serial version UID
+ */
+ private static final long serialVersionUID = 4887092372700628783L;
+
+ /**
+ * filter type
+ */
+ private IpFilterType type = null;
+
+ /**
+ * Creates a new instance of <code>RemoteIpFilter</code>.
+ *
+ * @param type
+ * the filter type
+ */
+ public RemoteIpFilter(IpFilterType type) {
+ this(type, new HashSet<Subnet>(0));
+ }
+
+ /**
+ * Creates a new instance of <code>RemoteIpFilter</code>.
+ *
+ * @param type
+ * the filter type
+ * @param collection
+ * a collection of <code>Subnet</code>s to filter out/in.
+ */
+ public RemoteIpFilter(IpFilterType type,
+ Collection<? extends Subnet> collection) {
+ super(collection);
+ this.type = type;
+ }
+
+ /**
+ * Creates a new instance of <code>RemoteIpFilter</code>.
+ *
+ * @param type
+ * the filter type
+ * @param addresses
+ * a comma, space, tab, CR, LF separated list of IP
+ * addresses/CIDRs.
+ * @throws UnknownHostException
+ * propagated
+ * @throws NumberFormatException
+ * propagated
+ */
+ public RemoteIpFilter(IpFilterType type, String addresses)
+ throws NumberFormatException, UnknownHostException {
+ super();
+ this.type = type;
+ if (addresses != null) {
+ String[] tokens = addresses.split("[\\s,]+");
+ for (String token : tokens) {
+ if (token.trim().length() > 0) {
+ add(token);
+ }
+ }
+ }
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER.debug(
+ "Created DefaultIpFilter of type {} with the subnets {}",
+ type, this);
+ }
+ }
+
+ /**
+ * Returns the type of this filter.
+ *
+ * @return the type of this filter.
+ */
+ public IpFilterType getType() {
+ return type;
+ }
+
+ /**
+ * Sets the type of this filter.
+ *
+ * @param type
+ * the type of this filter.
+ */
+ public void setType(IpFilterType type) {
+ this.type = type;
+ }
+
+ /**
+ * Adds the given string representation of InetAddress or CIDR notation to
+ * this filter.
+ *
+ * @param str
+ * the string representation of InetAddress or CIDR notation
+ * @return if the given element was added or not. <code>true</code>, if the
+ * given element was added to the filter; <code>false</code>, if
the
+ * element already exists in the filter.
+ * @throws NumberFormatException
+ * propagated
+ * @throws UnknownHostException
+ * propagated
+ */
+ public boolean add(String str) throws NumberFormatException,
+ UnknownHostException {
+ // This is required so we do not block loopback address if some one
adds
+ // a string with blanks as the InetAddress class assumes loopback
+ // address on a blank string.
+ if (str.trim().length() < 1) {
+ throw new IllegalArgumentException("Invalid IP Address or Subnet: "
+ + str);
+ }
+ String[] tokens = str.split("/");
+ if (tokens.length == 2) {
+ return add(new Subnet(InetAddress.getByName(tokens[0]), Integer
+ .parseInt(tokens[1])));
+ } else {
+ return add(new Subnet(InetAddress.getByName(tokens[0]), 32));
+ }
+ }
+
+ public boolean accept(IoSession session) {
+ InetAddress address = ((InetSocketAddress) session.getRemoteAddress())
+ .getAddress();
+ switch (type) {
+ case ALLOW:
+ for (Subnet subnet : this) {
+ if (subnet.inSubnet(address)) {
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER
+ .debug(
+ "Allowing connection from {} because
it matches with the whitelist subnet {}",
+ new Object[] { address, subnet });
+ }
+ return true;
+ }
+ }
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER
+ .debug(
+ "Denying connection from {} because it does
not match any of the whitelist subnets",
+ new Object[] { address });
+ }
+ return false;
+ case DENY:
+ if (isEmpty()) {
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER
+ .debug(
+ "Allowing connection from {} because
blacklist is empty",
+ new Object[] { address });
+ }
+ return true;
+ }
+ for (Subnet subnet : this) {
+ if (subnet.inSubnet(address)) {
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER
+ .debug(
+ "Denying connection from {} because it
matches with the blacklist subnet {}",
+ new Object[] { address, subnet });
+ }
+ return false;
+ }
+ }
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER
+ .debug(
+ "Allowing connection from {} because it does
not match any of the blacklist subnets",
+ new Object[] { address });
+ }
+ return true;
+ default:
+ throw new RuntimeException("Unknown or unimplemented filter type: "
+ + type);
+ }
+ }
}
Propchange:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/RemoteIpFilter.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Copied:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/SessionFilter.java
(from r928769,
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/IpFilter.java)
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/SessionFilter.java?p2=mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/SessionFilter.java&p1=mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/IpFilter.java&r1=928769&r2=934935&rev=934935&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/IpFilter.java
(original)
+++
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/SessionFilter.java
Fri Apr 16 14:42:54 2010
@@ -19,25 +19,25 @@
package org.apache.ftpserver.ipfilter;
-import java.net.InetAddress;
+import org.apache.mina.core.session.IoSession;
/**
- * The interface for filtering connections based on the client's IP address.
+ * The interface for filtering sessions based on various session attributes.
*
* @author <a href="http://mina.apache.org";>Apache MINA Project</a>
*
*/
-public interface IpFilter {
+public interface SessionFilter {
- /**
- * Tells whether or not the given IP address is accepted by this filter.
- *
- * @param address
- * the IP address to check
- * @return <code>true</code>, if the given IP address is accepted by
this
- * filter; <code>false</code>, otherwise.
- */
- public boolean accept(InetAddress address);
+ /**
+ * Tells whether or not the given session is accepted by this filter.
+ *
+ * @param session
+ * the session to check
+ * @return <code>true</code>, if the given session is accepted by this
+ * filter; <code>false</code>, otherwise.
+ */
+ public boolean accept(IoSession session);
}
Propchange:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ipfilter/SessionFilter.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/Listener.java
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/Listener.java?rev=934935&r1=934934&r2=934935&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/Listener.java
(original)
+++
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/Listener.java
Fri Apr 16 14:42:54 2010
@@ -26,7 +26,7 @@ import java.util.Set;
import org.apache.ftpserver.DataConnectionConfiguration;
import org.apache.ftpserver.impl.FtpIoSession;
import org.apache.ftpserver.impl.FtpServerContext;
-import org.apache.ftpserver.ipfilter.IpFilter;
+import org.apache.ftpserver.ipfilter.SessionFilter;
import org.apache.ftpserver.ssl.SslConfiguration;
import org.apache.mina.filter.firewall.Subnet;
@@ -139,36 +139,36 @@ public interface Listener {
int getIdleTimeout();
/**
- * @deprecated Replaced by IpFilter. Retrieves the {...@link
InetAddress} for
- * which this listener blocks connections.
- *
- * @return The list of {...@link InetAddress}es. This method returns a
valid
- * list if and only if there is an <code>IpFilter</code> set,
and,
- * if it is an instance of <code>DefaultIpFilter</code> and it
is of
- * type <code>IpFilterType.DENY</code>. This functionality is
- * provided for backward compatibility purpose only.
- */
- @Deprecated
- List<InetAddress> getBlockedAddresses();
-
- /**
- * @deprecated Replaced by IpFilter.
- * Retrieves the {...@link Subnet}s for this listener blocks connections.
- *
- * @return The list of {...@link Subnet}s. This method returns a valid
- * list if and only if there is an <code>IpFilter</code> set,
and,
- * if it is an instance of <code>DefaultIpFilter</code> and it
is of
- * type <code>IpFilterType.DENY</code>. This functionality is
- * provided for backward compatibility purpose only.
+ * @deprecated Replaced by IpFilter. Retrieves the {...@link InetAddress}
for
+ * which this listener blocks connections.
+ *
+ * @return The list of {...@link InetAddress}es. This method returns a
valid
+ * list if and only if there is an <code>IpFilter</code> set, and,
+ * if it is an instance of <code>DefaultIpFilter</code> and it is
of
+ * type <code>IpFilterType.DENY</code>. This functionality is
+ * provided for backward compatibility purpose only.
+ */
+ @Deprecated
+ List<InetAddress> getBlockedAddresses();
+
+ /**
+ * @deprecated Replaced by IpFilter. Retrieves the {...@link Subnet}s for
this
+ * listener blocks connections.
+ *
+ * @return The list of {...@link Subnet}s. This method returns a valid
list if
+ * and only if there is an <code>IpFilter</code> set, and, if it is
+ * an instance of <code>DefaultIpFilter</code> and it is of type
+ * <code>IpFilterType.DENY</code>. This functionality is provided
+ * for backward compatibility purpose only.
*/
List<Subnet> getBlockedSubnets();
-
+
/**
- * Returns the IP filter associated with this listener. May return
- * <code>null</code>.
- *
- * @return the IP filter associated with this listener. May return
- * <code>null</code>.
- */
- IpFilter getIpFilter();
+ * Returns the <code>SessionFilter</code> associated with this listener.
May
+ * return <code>null</code>.
+ *
+ * @return the <code>SessionFilter</code> associated with this listener.
May
+ * return <code>null</code>.
+ */
+ SessionFilter getSessionFilter();
}
\ No newline at end of file
Modified:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/ListenerFactory.java
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/ListenerFactory.java?rev=934935&r1=934934&r2=934935&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/ListenerFactory.java
(original)
+++
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/ListenerFactory.java
Fri Apr 16 14:42:54 2010
@@ -26,7 +26,7 @@ import java.util.List;
import org.apache.ftpserver.DataConnectionConfiguration;
import org.apache.ftpserver.DataConnectionConfigurationFactory;
import org.apache.ftpserver.FtpServerConfigurationException;
-import org.apache.ftpserver.ipfilter.IpFilter;
+import org.apache.ftpserver.ipfilter.SessionFilter;
import org.apache.ftpserver.listener.nio.NioListener;
import org.apache.ftpserver.ssl.SslConfiguration;
import org.apache.mina.filter.firewall.Subnet;
@@ -57,9 +57,9 @@ public class ListenerFactory {
private List<Subnet> blockedSubnets;
/**
- * The IP filter
+ * The Session filter
*/
- private IpFilter ipFilter = null;
+ private SessionFilter sessionFilter = null;
/**
* Default constructor
@@ -79,10 +79,11 @@ public class ListenerFactory {
implicitSsl = listener.isImplicitSsl();
dataConnectionConfig = listener.getDataConnectionConfiguration();
idleTimeout = listener.getIdleTimeout();
- //TODO remove the next two lines if and when we remove the deprecated
methods.
+ // TODO remove the next two lines if and when we remove the deprecated
+ // methods.
blockedAddresses = listener.getBlockedAddresses();
blockedSubnets = listener.getBlockedSubnets();
- this.ipFilter = listener.getIpFilter();
+ this.sessionFilter = listener.getSessionFilter();
}
/**
@@ -90,25 +91,26 @@ public class ListenerFactory {
* @return The created listener
*/
public Listener createListener() {
- try{
- InetAddress.getByName(serverAddress);
- }catch(UnknownHostException e){
- throw new FtpServerConfigurationException("Unknown host",e);
- }
- //Deal with the old style black list and new IP Filter here.
- if(ipFilter != null) {
- if(blockedAddresses != null || blockedSubnets != null) {
- throw new IllegalStateException("Usage of IPFilter in
combination with blockedAddesses/subnets is not supported. ");
- }
- }
- if(blockedAddresses != null || blockedSubnets != null) {
+ try {
+ InetAddress.getByName(serverAddress);
+ } catch (UnknownHostException e) {
+ throw new FtpServerConfigurationException("Unknown host", e);
+ }
+ // Deal with the old style black list and new session Filter here.
+ if (sessionFilter != null) {
+ if (blockedAddresses != null || blockedSubnets != null) {
+ throw new IllegalStateException(
+ "Usage of SessionFilter in combination with
blockedAddesses/subnets is not supported. ");
+ }
+ }
+ if (blockedAddresses != null || blockedSubnets != null) {
return new NioListener(serverAddress, port, implicitSsl, ssl,
- dataConnectionConfig, idleTimeout, blockedAddresses,
blockedSubnets);
- }
- else {
- return new NioListener(serverAddress, port, implicitSsl, ssl,
- dataConnectionConfig, idleTimeout, ipFilter);
- }
+ dataConnectionConfig, idleTimeout, blockedAddresses,
+ blockedSubnets);
+ } else {
+ return new NioListener(serverAddress, port, implicitSsl, ssl,
+ dataConnectionConfig, idleTimeout, sessionFilter);
+ }
}
/**
@@ -280,22 +282,23 @@ public class ListenerFactory {
}
/**
- * Returns the currently configured IP filter, if any.
- *
- * @return the currently configured IP filter, if any. Returns
- * <code>null</code>, if no IP filter is configured.
- */
- public IpFilter getIpFilter() {
- return ipFilter;
- }
-
- /**
- * Sets the IP filter to the given filter.
- *
- * @param ipFilter
- * the IP filter.
- */
- public void setIpFilter(IpFilter ipFilter) {
- this.ipFilter = ipFilter;
- }
+ * Returns the currently configured <code>SessionFilter</code>, if any.
+ *
+ * @return the currently configured <code>SessionFilter</code>, if any.
+ * Returns <code>null</code>, if no <code>SessionFilter</code> is
+ * configured.
+ */
+ public SessionFilter getSessionFilter() {
+ return sessionFilter;
+ }
+
+ /**
+ * Sets the session filter to the given filter.
+ *
+ * @param sessionFilter
+ * the session filter.
+ */
+ public void setSessionFilter(SessionFilter sessionFilter) {
+ this.sessionFilter = sessionFilter;
+ }
}
\ No newline at end of file
Modified:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/nio/AbstractListener.java
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/nio/AbstractListener.java?rev=934935&r1=934934&r2=934935&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/nio/AbstractListener.java
(original)
+++
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/nio/AbstractListener.java
Fri Apr 16 14:42:54 2010
@@ -23,9 +23,9 @@ import java.net.InetAddress;
import java.util.List;
import org.apache.ftpserver.DataConnectionConfiguration;
-import org.apache.ftpserver.ipfilter.DefaultIpFilter;
-import org.apache.ftpserver.ipfilter.IpFilter;
import org.apache.ftpserver.ipfilter.IpFilterType;
+import org.apache.ftpserver.ipfilter.RemoteIpFilter;
+import org.apache.ftpserver.ipfilter.SessionFilter;
import org.apache.ftpserver.listener.Listener;
import org.apache.ftpserver.listener.ListenerFactory;
import org.apache.ftpserver.ssl.SslConfiguration;
@@ -53,8 +53,8 @@ public abstract class AbstractListener i
private List<InetAddress> blockedAddresses;
private List<Subnet> blockedSubnets;
-
- private IpFilter ipFilter = null;
+
+ private SessionFilter sessionFilter = null;
private DataConnectionConfiguration dataConnectionConfig;
@@ -75,42 +75,48 @@ public abstract class AbstractListener i
/**
* Constructor for internal use, do not use directly. Instead use
{...@link ListenerFactory}
*/
- public AbstractListener(String serverAddress, int port, boolean
implicitSsl,
- SslConfiguration sslConfiguration, DataConnectionConfiguration
dataConnectionConfig,
- int idleTimeout, IpFilter ipFilter) {
+ public AbstractListener(String serverAddress, int port,
+ boolean implicitSsl, SslConfiguration sslConfiguration,
+ DataConnectionConfiguration dataConnectionConfig, int idleTimeout,
+ SessionFilter sessionFilter) {
this.serverAddress = serverAddress;
this.port = port;
this.implicitSsl = implicitSsl;
this.dataConnectionConfig = dataConnectionConfig;
this.ssl = sslConfiguration;
this.idleTimeout = idleTimeout;
- this.ipFilter = ipFilter;
+ this.sessionFilter = sessionFilter;
}
/**
- * Creates an IpFilter that blacklists the given IP addresses and/or
Subnets.
- * @param blockedAddresses the addresses to block
- * @param blockedSubnets the subnets to block
- * @return an IpFilter that blacklists the given IP addresses and/or
Subnets.
- */
- private static IpFilter createBlackListFilter(List<InetAddress>
blockedAddresses,
- List<Subnet> blockedSubnets) {
- if(blockedAddresses == null && blockedSubnets == null) {
- return null;
- }
- //Initialize the IP filter with Deny type
- DefaultIpFilter ipFilter = new
DefaultIpFilter(IpFilterType.DENY);
- if(blockedSubnets != null) {
- ipFilter.addAll(blockedSubnets);
- }
- if(blockedAddresses != null) {
- for(InetAddress address:blockedAddresses) {
- ipFilter.add(new Subnet(address, 32));
- }
- }
- return ipFilter;
+ * Creates a SessionFilter that blacklists the given IP addresses and/or
+ * Subnets.
+ *
+ * @param blockedAddresses
+ * the addresses to block
+ * @param blockedSubnets
+ * the subnets to block
+ * @return a SessionFilter that blacklists the given IP addresses and/or
+ * Subnets.
+ */
+ private static SessionFilter createBlackListFilter(
+ List<InetAddress> blockedAddresses, List<Subnet> blockedSubnets) {
+ if (blockedAddresses == null && blockedSubnets == null) {
+ return null;
+ }
+ // Initialize the IP filter with Deny type
+ RemoteIpFilter ipFilter = new RemoteIpFilter(IpFilterType.DENY);
+ if (blockedSubnets != null) {
+ ipFilter.addAll(blockedSubnets);
+ }
+ if (blockedAddresses != null) {
+ for (InetAddress address : blockedAddresses) {
+ ipFilter.add(new Subnet(address, 32));
+ }
+ }
+ return ipFilter;
}
-
+
/**
* {...@inheritdoc}
*/
@@ -181,8 +187,8 @@ public abstract class AbstractListener i
public List<Subnet> getBlockedSubnets() {
return blockedSubnets;
}
-
- public IpFilter getIpFilter() {
- return ipFilter;
+
+ public SessionFilter getSessionFilter() {
+ return sessionFilter;
}
}
Modified:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/nio/NioListener.java
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/nio/NioListener.java?rev=934935&r1=934934&r2=934935&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/nio/NioListener.java
(original)
+++
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/listener/nio/NioListener.java
Fri Apr 16 14:42:54 2010
@@ -27,8 +27,6 @@ import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.TimeUnit;
import org.apache.ftpserver.DataConnectionConfiguration;
import org.apache.ftpserver.FtpServerConfigurationException;
@@ -36,8 +34,8 @@ import org.apache.ftpserver.impl.Default
import org.apache.ftpserver.impl.FtpHandler;
import org.apache.ftpserver.impl.FtpIoSession;
import org.apache.ftpserver.impl.FtpServerContext;
-import org.apache.ftpserver.ipfilter.IpFilter;
-import org.apache.ftpserver.ipfilter.MinaIpFilter;
+import org.apache.ftpserver.ipfilter.MinaSessionFilter;
+import org.apache.ftpserver.ipfilter.SessionFilter;
import org.apache.ftpserver.listener.Listener;
import org.apache.ftpserver.listener.ListenerFactory;
import org.apache.ftpserver.ssl.ClientAuth;
@@ -46,7 +44,6 @@ import org.apache.mina.core.session.Idle
import org.apache.mina.core.session.IoSession;
import org.apache.mina.filter.codec.ProtocolCodecFilter;
import org.apache.mina.filter.executor.ExecutorFilter;
-import org.apache.mina.filter.executor.OrderedThreadPoolExecutor;
import org.apache.mina.filter.firewall.Subnet;
import org.apache.mina.filter.logging.MdcInjectionFilter;
import org.apache.mina.filter.ssl.SslFilter;
@@ -94,13 +91,12 @@ public class NioListener extends Abstrac
/**
* Constructor for internal use, do not use directly. Instead use
{...@link ListenerFactory}
*/
- public NioListener(String serverAddress, int port,
- boolean implicitSsl,
+ public NioListener(String serverAddress, int port, boolean implicitSsl,
SslConfiguration sslConfiguration,
- DataConnectionConfiguration dataConnectionConfig,
- int idleTimeout, IpFilter ipFilter) {
- super(serverAddress, port, implicitSsl, sslConfiguration,
dataConnectionConfig,
- idleTimeout, ipFilter);
+ DataConnectionConfiguration dataConnectionConfig, int idleTimeout,
+ SessionFilter sessionFilter) {
+ super(serverAddress, port, implicitSsl, sslConfiguration,
+ dataConnectionConfig, idleTimeout, sessionFilter);
}
/**
@@ -131,11 +127,12 @@ public class NioListener extends Abstrac
MdcInjectionFilter mdcFilter = new MdcInjectionFilter();
acceptor.getFilterChain().addLast("mdcFilter", mdcFilter);
-
- IpFilter ipFilter = getIpFilter();
- if(ipFilter != null) {
- // add and IP filter to the filter chain.
- acceptor.getFilterChain().addLast("ipFilter", new
MinaIpFilter(ipFilter));
+
+ SessionFilter sessionFilter = getSessionFilter();
+ if (sessionFilter != null) {
+ // add and IP filter to the filter chain.
+ acceptor.getFilterChain().addLast("sessionFilter",
+ new MinaSessionFilter(sessionFilter));
}
acceptor.getFilterChain().addLast("threadPool",
Modified:
mina/ftpserver/trunk/core/src/main/resources/org/apache/ftpserver/config/spring/ftpserver-1.0.xsd
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/resources/org/apache/ftpserver/config/spring/ftpserver-1.0.xsd?rev=934935&r1=934934&r2=934935&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/main/resources/org/apache/ftpserver/config/spring/ftpserver-1.0.xsd
(original)
+++
mina/ftpserver/trunk/core/src/main/resources/org/apache/ftpserver/config/spring/ftpserver-1.0.xsd
Fri Apr 16 14:42:54 2010
@@ -100,8 +100,8 @@
</xs:complexType>
</xs:element>
- <!-- Element used to configure the IP Filtering -->
- <xs:element name="ip-filter">
+ <!-- Element used to configure the remote IP Filtering -->
+ <xs:element name="remote-ip-filter">
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:string">
@@ -149,7 +149,7 @@
</xs:complexType>
</xs:element>
<xs:element minOccurs="0" name="blacklist"
type="xs:string" />
- <xs:element ref="ip-filter" minOccurs="0"
maxOccurs="1" />
+ <xs:element ref="remote-ip-filter"
minOccurs="0" maxOccurs="1" />
</xs:sequence>
<xs:attribute name="name" use="required"
type="xs:string" />
<xs:attribute name="local-address" />
Modified:
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/IpFilterTest.java
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/IpFilterTest.java?rev=934935&r1=934934&r2=934935&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/IpFilterTest.java
(original)
+++
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/IpFilterTest.java
Fri Apr 16 14:42:54 2010
@@ -23,11 +23,10 @@ import java.net.InetAddress;
import org.apache.commons.net.ftp.FTPConnectionClosedException;
import org.apache.ftpserver.FtpServerFactory;
-import org.apache.ftpserver.ipfilter.DefaultIpFilter;
import org.apache.ftpserver.ipfilter.IpFilterType;
+import org.apache.ftpserver.ipfilter.RemoteIpFilter;
import org.apache.ftpserver.listener.ListenerFactory;
import org.apache.mina.filter.firewall.Subnet;
-import org.springframework.context.annotation.FilterType;
/**
*
@@ -35,15 +34,15 @@ import org.springframework.context.annot
*
*/
public class IpFilterTest extends ClientTestTemplate {
-
- private DefaultIpFilter filter = new DefaultIpFilter(IpFilterType.DENY);
-
+
+ private RemoteIpFilter filter = new RemoteIpFilter(IpFilterType.DENY);
+
protected FtpServerFactory createServer() throws Exception {
FtpServerFactory server = super.createServer();
ListenerFactory factory = new
ListenerFactory(server.getListener("default"));
- factory.setIpFilter(filter);
+ factory.setSessionFilter(filter);
server.addListener("default", factory.createListener());
return server;
Modified:
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/config/spring/MyCustomListener.java
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/config/spring/MyCustomListener.java?rev=934935&r1=934934&r2=934935&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/config/spring/MyCustomListener.java
(original)
+++
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/config/spring/MyCustomListener.java
Fri Apr 16 14:42:54 2010
@@ -26,7 +26,7 @@ import java.util.Set;
import org.apache.ftpserver.DataConnectionConfiguration;
import org.apache.ftpserver.impl.FtpIoSession;
import org.apache.ftpserver.impl.FtpServerContext;
-import org.apache.ftpserver.ipfilter.IpFilter;
+import org.apache.ftpserver.ipfilter.SessionFilter;
import org.apache.ftpserver.listener.Listener;
import org.apache.ftpserver.ssl.SslConfiguration;
import org.apache.mina.filter.firewall.Subnet;
@@ -105,8 +105,8 @@ public class MyCustomListener implements
return null;
}
- public IpFilter getIpFilter() {
- return null;
- }
+ public SessionFilter getSessionFilter() {
+ return null;
+ }
}
Modified:
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/config/spring/SpringConfigTest.java
URL:
http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/config/spring/SpringConfigTest.java?rev=934935&r1=934934&r2=934935&view=diff
==============================================================================
---
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/config/spring/SpringConfigTest.java
(original)
+++
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/config/spring/SpringConfigTest.java
Fri Apr 16 14:42:54 2010
@@ -30,7 +30,7 @@ import org.apache.ftpserver.command.impl
import org.apache.ftpserver.command.impl.STAT;
import org.apache.ftpserver.filesystem.nativefs.NativeFileSystemFactory;
import org.apache.ftpserver.impl.DefaultFtpServer;
-import org.apache.ftpserver.ipfilter.DefaultIpFilter;
+import org.apache.ftpserver.ipfilter.RemoteIpFilter;
import org.apache.ftpserver.listener.Listener;
import org.apache.ftpserver.listener.nio.NioListener;
import org.apache.mina.filter.firewall.Subnet;
@@ -81,7 +81,7 @@ public class SpringConfigTest extends Te
assertEquals(false, ((NioListener) listener)
.getDataConnectionConfiguration().isPassiveIpCheck());
- DefaultIpFilter filter = (DefaultIpFilter) listener.getIpFilter();
+ RemoteIpFilter filter = (RemoteIpFilter) listener.getSessionFilter();
assertEquals(3, filter.size());
assertTrue(filter.contains(new
Subnet(InetAddress.getByName("1.2.3.0"), 16)));
assertTrue(filter.contains(new
Subnet(InetAddress.getByName("1.2.4.0"), 16)));
