Inperpetuammemoriam commented on code in PR #885:
URL: https://github.com/apache/guacamole-client/pull/885#discussion_r1225875908
##########
extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/RequestValidationService.java:
##########
@@ -77,23 +81,18 @@ public boolean isAuthenticationAllowed(HttpServletRequest
request) {
return true;
}
- // Build matchers for each trusted network
- Collection<IpAddressMatcher> matchers = new
ArrayList<>(trustedNetworks.size());
- for (String network : trustedNetworks)
- matchers.add(new IpAddressMatcher(network));
-
- // Otherwise ensure at least one subnet matches
- for (IpAddressMatcher matcher : matchers) {
+ // Otherwise ensure that the remote address is part of a trusted
network
+ for (String network : trustedNetworks) {
// Request is allowed if any subnet matches
- if (matcher.matches(request)) {
+ if (new IPAddressString(network).contains(new
IPAddressString(request.getRemoteAddr()))) {
logger.debug("Authentication request from \"{}\" is ALLOWED
(matched subnet).", request.getRemoteAddr());
return true;
}
}
- // Otherwise request is denied - no subnets matched
+ // Otherwise request is denied
Review Comment:
Yes, it still is. I'm going to revert this.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
