Repository: incubator-unomi Updated Branches: refs/heads/master cdaa8613c -> 3af055403
UNOMI-70 : Removed unused plugin Project: http://git-wip-us.apache.org/repos/asf/incubator-unomi/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-unomi/commit/3af05540 Tree: http://git-wip-us.apache.org/repos/asf/incubator-unomi/tree/3af05540 Diff: http://git-wip-us.apache.org/repos/asf/incubator-unomi/diff/3af05540 Branch: refs/heads/master Commit: 3af055403cdbc58952ffa46902570fa257df9c6c Parents: cdaa861 Author: Thomas Draier <[email protected]> Authored: Wed Aug 30 14:01:32 2017 +0200 Committer: Thomas Draier <[email protected]> Committed: Wed Aug 30 14:01:32 2017 +0200 ---------------------------------------------------------------------- persistence-elasticsearch/plugins/pom.xml | 37 ----- .../plugins/security/pom.xml | 99 ------------ .../security/src/main/assembly/plugin.xml | 43 ----- .../plugin/security/IPRangeMatcher.java | 158 ------------------- .../plugin/security/SecurityPlugin.java | 53 ------- .../plugin/security/SecurityPluginModule.java | 32 ---- .../plugin/security/SecurityPluginService.java | 158 ------------------- .../src/main/resources/es-plugin.properties | 18 --- 8 files changed, 598 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-unomi/blob/3af05540/persistence-elasticsearch/plugins/pom.xml ---------------------------------------------------------------------- diff --git a/persistence-elasticsearch/plugins/pom.xml b/persistence-elasticsearch/plugins/pom.xml deleted file mode 100644 index 9114ece..0000000 --- a/persistence-elasticsearch/plugins/pom.xml +++ /dev/null @@ -1,37 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - ~ Licensed to the Apache Software Foundation (ASF) under one or more - ~ contributor license agreements. See the NOTICE file distributed with - ~ this work for additional information regarding copyright ownership. - ~ The ASF licenses this file to You under the Apache License, Version 2.0 - ~ (the "License"); you may not use this file except in compliance with - ~ the License. You may obtain a copy of the License at - ~ - ~ http://www.apache.org/licenses/LICENSE-2.0 - ~ - ~ Unless required by applicable law or agreed to in writing, software - ~ distributed under the License is distributed on an "AS IS" BASIS, - ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ~ See the License for the specific language governing permissions and - ~ limitations under the License. - --> - -<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> - <modelVersion>4.0.0</modelVersion> - - <parent> - <groupId>org.apache.unomi</groupId> - <artifactId>unomi-persistence-elasticsearch</artifactId> - <version>1.2.0-incubating-SNAPSHOT</version> - </parent> - - <artifactId>unomi-persistence-elasticsearch-plugins</artifactId> - <name>Apache Unomi :: Persistence :: ElasticSearch :: Plugins</name> - <description>ElasticSearch persistence implementation plugins for the Apache Unomi Context Server</description> - <packaging>pom</packaging> - - <modules> - <module>security</module> - </modules> - -</project> http://git-wip-us.apache.org/repos/asf/incubator-unomi/blob/3af05540/persistence-elasticsearch/plugins/security/pom.xml ---------------------------------------------------------------------- diff --git a/persistence-elasticsearch/plugins/security/pom.xml b/persistence-elasticsearch/plugins/security/pom.xml deleted file mode 100644 index c980ba2..0000000 --- a/persistence-elasticsearch/plugins/security/pom.xml +++ /dev/null @@ -1,99 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - ~ Licensed to the Apache Software Foundation (ASF) under one or more - ~ contributor license agreements. See the NOTICE file distributed with - ~ this work for additional information regarding copyright ownership. - ~ The ASF licenses this file to You under the Apache License, Version 2.0 - ~ (the "License"); you may not use this file except in compliance with - ~ the License. You may obtain a copy of the License at - ~ - ~ http://www.apache.org/licenses/LICENSE-2.0 - ~ - ~ Unless required by applicable law or agreed to in writing, software - ~ distributed under the License is distributed on an "AS IS" BASIS, - ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ~ See the License for the specific language governing permissions and - ~ limitations under the License. - --> - -<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> - <modelVersion>4.0.0</modelVersion> - - <parent> - <groupId>org.apache.unomi</groupId> - <artifactId>unomi-persistence-elasticsearch-plugins</artifactId> - <version>1.2.0-incubating-SNAPSHOT</version> - </parent> - - <artifactId>unomi-persistence-elasticsearch-plugins-security</artifactId> - <name>Apache Unomi :: Persistence :: ElasticSearch :: Plugins :: Security</name> - <description>ElasticSearch persistence implementation security plugin for the Apache Unomi Context Server</description> - <packaging>bundle</packaging> - - <dependencies> - <dependency> - <groupId>org.elasticsearch</groupId> - <artifactId>elasticsearch</artifactId> - <version>${elasticsearch.version}</version> - <scope>provided</scope> - </dependency> - </dependencies> - - <build> - <resources> - <resource> - <directory>src/main/resources</directory> - <filtering>true</filtering> - <includes> - <include>**/*.properties</include> - </includes> - </resource> - </resources> - <plugins> - <plugin> - <groupId>org.apache.felix</groupId> - <artifactId>maven-bundle-plugin</artifactId> - <extensions>true</extensions> - <configuration> - <instructions> - <Fragment-Host> - org.apache.unomi.unomi-persistence-elasticsearch-core;bundle-version="[1,2)" - </Fragment-Host> - </instructions> - </configuration> - </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-source-plugin</artifactId> - <executions> - <execution> - <id>attach-sources</id> - <goals> - <goal>jar</goal> - </goals> - </execution> - </executions> - </plugin> - <plugin> - <artifactId>maven-assembly-plugin</artifactId> - <configuration> - <appendAssemblyId>false</appendAssemblyId> - <outputDirectory>${project.build.directory}/releases/</outputDirectory> - <descriptors> - <descriptor>${basedir}/src/main/assembly/plugin.xml</descriptor> - </descriptors> - </configuration> - <executions> - <execution> - <phase>package</phase> - <goals> - <goal>single</goal> - </goals> - </execution> - </executions> - </plugin> - </plugins> - - </build> - -</project> http://git-wip-us.apache.org/repos/asf/incubator-unomi/blob/3af05540/persistence-elasticsearch/plugins/security/src/main/assembly/plugin.xml ---------------------------------------------------------------------- diff --git a/persistence-elasticsearch/plugins/security/src/main/assembly/plugin.xml b/persistence-elasticsearch/plugins/security/src/main/assembly/plugin.xml deleted file mode 100644 index b7b44ee..0000000 --- a/persistence-elasticsearch/plugins/security/src/main/assembly/plugin.xml +++ /dev/null @@ -1,43 +0,0 @@ -<?xml version="1.0"?> -<!-- - ~ Licensed to the Apache Software Foundation (ASF) under one or more - ~ contributor license agreements. See the NOTICE file distributed with - ~ this work for additional information regarding copyright ownership. - ~ The ASF licenses this file to You under the Apache License, Version 2.0 - ~ (the "License"); you may not use this file except in compliance with - ~ the License. You may obtain a copy of the License at - ~ - ~ http://www.apache.org/licenses/LICENSE-2.0 - ~ - ~ Unless required by applicable law or agreed to in writing, software - ~ distributed under the License is distributed on an "AS IS" BASIS, - ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ~ See the License for the specific language governing permissions and - ~ limitations under the License. - --> - -<assembly> - <id>plugin</id> - <formats> - <format>zip</format> - </formats> - <includeBaseDirectory>false</includeBaseDirectory> - <dependencySets> - <dependencySet> - <outputDirectory>/</outputDirectory> - <useProjectArtifact>true</useProjectArtifact> - <useTransitiveFiltering>true</useTransitiveFiltering> - <excludes> - <exclude>org.elasticsearch:elasticsearch</exclude> - </excludes> - </dependencySet> - <dependencySet> - <outputDirectory>/</outputDirectory> - <useProjectArtifact>true</useProjectArtifact> - <useTransitiveFiltering>true</useTransitiveFiltering> - <includes> - <include>org.mozilla:rhino</include> - </includes> - </dependencySet> - </dependencySets> -</assembly> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-unomi/blob/3af05540/persistence-elasticsearch/plugins/security/src/main/java/org/apache/unomi/elasticsearch/plugin/security/IPRangeMatcher.java ---------------------------------------------------------------------- diff --git a/persistence-elasticsearch/plugins/security/src/main/java/org/apache/unomi/elasticsearch/plugin/security/IPRangeMatcher.java b/persistence-elasticsearch/plugins/security/src/main/java/org/apache/unomi/elasticsearch/plugin/security/IPRangeMatcher.java deleted file mode 100644 index e1cfbde..0000000 --- a/persistence-elasticsearch/plugins/security/src/main/java/org/apache/unomi/elasticsearch/plugin/security/IPRangeMatcher.java +++ /dev/null @@ -1,158 +0,0 @@ -/* - * The MIT License - * - * Copyright (c) 2013 Edin Dazdarevic ([email protected]) - - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - * - * - */ - -package org.apache.unomi.elasticsearch.plugin.security; - -import java.math.BigInteger; -import java.net.InetAddress; -import java.net.UnknownHostException; -import java.nio.ByteBuffer; -import java.util.ArrayList; -import java.util.List; - -/** - * A class that enables to get an IP range from CIDR specification. It supports - * both IPv4 and IPv6. - * <p> - * This class was adapted from the CIDRUtils code at https://github.com/edazdarevic/CIDRUtils - * and support for IP ranges was added. - */ -public class IPRangeMatcher { - - private InetAddress inetAddress; - private InetAddress startAddress; - private InetAddress endAddress; - private int prefixLength; - - public IPRangeMatcher(String cidrOrIPRange) throws UnknownHostException { - - if (cidrOrIPRange.contains("/")) { - /* split CIDR to address and prefix part */ - int index = cidrOrIPRange.indexOf("/"); - String addressPart = cidrOrIPRange.substring(0, index); - String networkPart = cidrOrIPRange.substring(index + 1); - - inetAddress = InetAddress.getByName(addressPart); - prefixLength = Integer.parseInt(networkPart); - - calculate(); - } else if (cidrOrIPRange.contains("-")) { - String[] rangeParts = cidrOrIPRange.split("-"); - this.startAddress = InetAddress.getByName(rangeParts[0].trim()); - this.endAddress = InetAddress.getByName(rangeParts[1].trim()); - } else { - // we don't handle a range, we just match a single IP address - this.startAddress = InetAddress.getByName(cidrOrIPRange); - this.endAddress = this.startAddress; - } - } - - public IPRangeMatcher(InetAddress startAddress, InetAddress endAddress) { - this.startAddress = startAddress; - this.endAddress = endAddress; - } - - public IPRangeMatcher(String startAddress, String endAddress) throws UnknownHostException { - this.startAddress = InetAddress.getByName(startAddress); - this.endAddress = InetAddress.getByName(endAddress); - } - - - private void calculate() throws UnknownHostException { - - ByteBuffer maskBuffer; - int targetSize; - if (inetAddress.getAddress().length == 4) { - maskBuffer = - ByteBuffer - .allocate(4) - .putInt(-1); - targetSize = 4; - } else { - maskBuffer = ByteBuffer.allocate(16) - .putLong(-1L) - .putLong(-1L); - targetSize = 16; - } - - BigInteger mask = (new BigInteger(1, maskBuffer.array())).not().shiftRight(prefixLength); - - ByteBuffer buffer = ByteBuffer.wrap(inetAddress.getAddress()); - BigInteger ipVal = new BigInteger(1, buffer.array()); - - BigInteger startIp = ipVal.and(mask); - BigInteger endIp = startIp.add(mask.not()); - - byte[] startIpArr = toBytes(startIp.toByteArray(), targetSize); - byte[] endIpArr = toBytes(endIp.toByteArray(), targetSize); - - this.startAddress = InetAddress.getByAddress(startIpArr); - this.endAddress = InetAddress.getByAddress(endIpArr); - - } - - private byte[] toBytes(byte[] array, int targetSize) { - int counter = 0; - List<Byte> newArr = new ArrayList<Byte>(); - while (counter < targetSize && (array.length - 1 - counter >= 0)) { - newArr.add(0, array[array.length - 1 - counter]); - counter++; - } - - int size = newArr.size(); - for (int i = 0; i < (targetSize - size); i++) { - - newArr.add(0, (byte) 0); - } - - byte[] ret = new byte[newArr.size()]; - for (int i = 0; i < newArr.size(); i++) { - ret[i] = newArr.get(i); - } - return ret; - } - - public String getNetworkAddress() { - - return this.startAddress.getHostAddress(); - } - - public String getBroadcastAddress() { - return this.endAddress.getHostAddress(); - } - - public boolean isInRange(String ipAddress) throws UnknownHostException { - InetAddress address = InetAddress.getByName(ipAddress); - BigInteger start = new BigInteger(1, this.startAddress.getAddress()); - BigInteger end = new BigInteger(1, this.endAddress.getAddress()); - BigInteger target = new BigInteger(1, address.getAddress()); - - int st = start.compareTo(target); - int te = target.compareTo(end); - - return (st == -1 || st == 0) && (te == -1 || te == 0); - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-unomi/blob/3af05540/persistence-elasticsearch/plugins/security/src/main/java/org/apache/unomi/elasticsearch/plugin/security/SecurityPlugin.java ---------------------------------------------------------------------- diff --git a/persistence-elasticsearch/plugins/security/src/main/java/org/apache/unomi/elasticsearch/plugin/security/SecurityPlugin.java b/persistence-elasticsearch/plugins/security/src/main/java/org/apache/unomi/elasticsearch/plugin/security/SecurityPlugin.java deleted file mode 100644 index b293527..0000000 --- a/persistence-elasticsearch/plugins/security/src/main/java/org/apache/unomi/elasticsearch/plugin/security/SecurityPlugin.java +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.unomi.elasticsearch.plugin.security; - -import org.elasticsearch.common.component.LifecycleComponent; -import org.elasticsearch.common.inject.Module; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.plugins.Plugin; - -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; - -public class SecurityPlugin extends Plugin { - - public SecurityPlugin(Settings settings) { - super(); - } - - @Override - public Collection<Module> createGuiceModules() { - return Collections.<Module>singletonList(new SecurityPluginModule()); - } - - @Override - @SuppressWarnings("rawtypes") // Plugin use a rawtype - public Collection<Class<? extends LifecycleComponent>> getGuiceServiceClasses() { - Collection<Class<? extends LifecycleComponent>> services = new ArrayList<>(); - services.add(SecurityPluginService.class); - return services; - } - - @Override - public Settings additionalSettings() { - return Settings.EMPTY; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-unomi/blob/3af05540/persistence-elasticsearch/plugins/security/src/main/java/org/apache/unomi/elasticsearch/plugin/security/SecurityPluginModule.java ---------------------------------------------------------------------- diff --git a/persistence-elasticsearch/plugins/security/src/main/java/org/apache/unomi/elasticsearch/plugin/security/SecurityPluginModule.java b/persistence-elasticsearch/plugins/security/src/main/java/org/apache/unomi/elasticsearch/plugin/security/SecurityPluginModule.java deleted file mode 100644 index 353c05f..0000000 --- a/persistence-elasticsearch/plugins/security/src/main/java/org/apache/unomi/elasticsearch/plugin/security/SecurityPluginModule.java +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.unomi.elasticsearch.plugin.security; - -import org.elasticsearch.common.inject.AbstractModule; - -public class SecurityPluginModule extends AbstractModule { - - public SecurityPluginModule() { - super(); - } - - @Override - protected void configure() { - bind(SecurityPluginService.class).asEagerSingleton(); - } -} http://git-wip-us.apache.org/repos/asf/incubator-unomi/blob/3af05540/persistence-elasticsearch/plugins/security/src/main/java/org/apache/unomi/elasticsearch/plugin/security/SecurityPluginService.java ---------------------------------------------------------------------- diff --git a/persistence-elasticsearch/plugins/security/src/main/java/org/apache/unomi/elasticsearch/plugin/security/SecurityPluginService.java b/persistence-elasticsearch/plugins/security/src/main/java/org/apache/unomi/elasticsearch/plugin/security/SecurityPluginService.java deleted file mode 100644 index 7c99439..0000000 --- a/persistence-elasticsearch/plugins/security/src/main/java/org/apache/unomi/elasticsearch/plugin/security/SecurityPluginService.java +++ /dev/null @@ -1,158 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.unomi.elasticsearch.plugin.security; - -import org.elasticsearch.ElasticsearchException; -import org.elasticsearch.client.node.NodeClient; -import org.elasticsearch.cluster.node.DiscoveryNode; -import org.elasticsearch.common.component.AbstractLifecycleComponent; -import org.elasticsearch.common.inject.Inject; -import org.elasticsearch.common.network.NetworkService; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.rest.*; -import org.elasticsearch.transport.TransportConnectionListener; -import org.elasticsearch.transport.TransportService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.io.IOException; -import java.net.*; -import java.util.ArrayList; -import java.util.List; - -/** - * ElasticSearch plugin that simply rejects connection from non-authorized IP ranges - */ -public class SecurityPluginService extends AbstractLifecycleComponent { - - private static final Logger logger = LoggerFactory.getLogger(SecurityPluginService.class.getName()); - - RestController restController; - TransportService transportService; - RestFilter restFilter; - TransportConnectionListener transportConnectionListener; - String publishHost; - List<IPRangeMatcher> ipRangeMatchers = new ArrayList<IPRangeMatcher>(); - - @Inject - public SecurityPluginService(Settings settings, - RestController restController, - TransportService transportService, - NetworkService networkService) { - super(settings); - this.restController = restController; - this.transportService = transportService; - this.publishHost = settings.get("publish_host", settings.get("transport.publish_host", settings.get("transport.host"))); - InetAddress publishHostAddress = null; - try { - publishHostAddress = networkService.resolvePublishHostAddresses(new String[] { publishHost }); - } catch (IOException e) { - logger.error("Error trying to resolve publish host address " + publishHost); - } - - initIPRangeMatcher(settings, publishHostAddress); - } - - protected void initIPRangeMatcher(Settings settings, InetAddress publishHostAddress) { - String hostAddressRange = null; - if (publishHostAddress != null) { - String hostAddress = publishHostAddress.getHostAddress(); - if (publishHostAddress instanceof Inet4Address) { - int lastDotPos = hostAddress.lastIndexOf("."); - if (lastDotPos > -1) { - hostAddressRange = hostAddress.substring(0, lastDotPos) + ".0-" + hostAddress.substring(0, lastDotPos) + ".255"; - } - } else if (publishHostAddress instanceof Inet6Address) { - int lastColonPos = hostAddress.lastIndexOf(":"); - if (lastColonPos > -1) { - hostAddressRange = hostAddress.substring(0, lastColonPos) + ":0-" + hostAddress.substring(0, lastColonPos) + ":ffff"; - } - } - } - String defaultIpRanges = "localhost,127.0.0.1,127.0.1.1,::1"; - if (hostAddressRange != null) { - defaultIpRanges += "," + hostAddressRange; - } - String[] ipRanges = settings.get("security.ipranges", defaultIpRanges).split(","); - for (String ipRange : ipRanges) { - try { - IPRangeMatcher iprangeMatcher = new IPRangeMatcher(ipRange.trim()); - ipRangeMatchers.add(iprangeMatcher); - } catch (UnknownHostException e) { - logger.error("Error in specified IP range " + ipRange, e); - } - } - } - - @Override - protected void doStart() throws ElasticsearchException { - restFilter = new RestFilter() { - @Override - public void process(RestRequest request, RestChannel channel, NodeClient client, RestFilterChain filterChain) throws Exception { - logger.info("Processing REST request=" + request + " channel=" + channel); - if (request.getRemoteAddress() instanceof InetSocketAddress) { - InetSocketAddress inetSocketAddress = (InetSocketAddress) request.getRemoteAddress(); - if (!isIPAllowed(inetSocketAddress.getHostName())) { - logger.warn("Rejecting request from unauthorized IP " + request.getRemoteAddress()); - return; - } - } else { - logger.warn("Unexpected SocketAddress that is not an InetSocketAddress (but an instance of " + request.getRemoteAddress().getClass().getName() + "), IP range filtering is DISABLED !"); - } - filterChain.continueProcessing(request, channel, client); - } - }; - restController.registerFilter(restFilter); - transportConnectionListener = new TransportConnectionListener() { - public void onNodeConnected(DiscoveryNode node) { - logger.info("Node connected " + node); - if (!isIPAllowed(node.getHostAddress())) { - logger.warn("Rejecting connection from unauthorized IP " + node.getHostAddress()); - transportService.disconnectFromNode(node); - } - } - - public void onNodeDisconnected(DiscoveryNode node) { - } - }; - transportService.addConnectionListener(transportConnectionListener); - } - - @Override - protected void doStop() throws ElasticsearchException { - transportService.removeConnectionListener(transportConnectionListener); - } - - @Override - protected void doClose() throws ElasticsearchException { - - } - - public boolean isIPAllowed(String ipAddress) { - for (IPRangeMatcher ipRangeMatcher : ipRangeMatchers) { - try { - if (ipRangeMatcher.isInRange(ipAddress)) { - return true; - } - } catch (UnknownHostException e) { - logger.error("Error checking IP range for " + ipAddress + " connection will NOT be allowed", e); - } - } - return false; - } -} http://git-wip-us.apache.org/repos/asf/incubator-unomi/blob/3af05540/persistence-elasticsearch/plugins/security/src/main/resources/es-plugin.properties ---------------------------------------------------------------------- diff --git a/persistence-elasticsearch/plugins/security/src/main/resources/es-plugin.properties b/persistence-elasticsearch/plugins/security/src/main/resources/es-plugin.properties deleted file mode 100644 index 0ac5643..0000000 --- a/persistence-elasticsearch/plugins/security/src/main/resources/es-plugin.properties +++ /dev/null @@ -1,18 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -plugin=org.apache.unomi.elasticsearch.plugin.security.SecurityPlugin -version=${project.version} \ No newline at end of file
