You're absolutely right. The SshServer has a method that can be overriden, but not the TcpipForwardSupport nor the X11ForwardSupport. Using a factory for creating all NioSocketAcceptor would definitely be a good idea. There's already a Factory<T> class that can be used for that, so adding Factory<IoAcceptor> getIoAcceptorFactory(); to the ServerFactoryManager (and maybe a getIoConnectorFactory() on the ClientFactoryManager) is the way to go. Wanna raise a JIRA and eventually provide a patch?
On Mon, Apr 18, 2011 at 15:45, Bill Kuker <[email protected]> wrote: > I had looked into that, but I could not figure out where to add it. The > entire process of accepting the connection and doing the necessary SSH > things to get the port forward working is handled entirely by Mina / SSHD; > there is no place for my application code to get into that process and mess > with the IoSession or SocketAcceptor. > > I had thought down the filter road before, and I believe I would need > something like an NioSocketAcceptorFactory (a new interface) that the > TcpipForwardSupport uses in initialize(), giving me a chance to wire in > whatever additional Filters I want? > > -Bill > > On Mon, Apr 18, 2011 at 9:36 AM, Ashish <[email protected]> wrote: > >> IMHO, using BlacklistFilter would be a better option >> >> Check out org.apache.mina.filter.firewall.BlacklistFilter >> >> thanks >> ashish >> >> On Mon, Apr 18, 2011 at 6:49 PM, Bill Kuker <[email protected]> >> wrote: >> > Hello. >> > >> > I am currently using the ForwardingFilter's canListen() & canConnect() >> > functions in my application to control which port forwards SSH clients >> are >> > allowed to create. I would like to also be able to filter incoming >> > connections to listening port forwards. For the moment I added a method >> to >> > the ForwardingFilter interface: >> > >> > boolean isAllowed(InetSocketAddress sourceAddress, InetSocketAddress >> > destinationAddress, ServerSession session); >> > >> > And check with it from TcpipForwardSupport's sessionCreated() function. >> > >> > >> > I think this is a useful capability for applications with embedded SSH >> > servers, and would like to submit a patch, rather than re-applying it to >> > each release, but I wanted to ask if there would be a better, more likely >> to >> > be accepted, design for it, and also ask if I have just missed a less >> > obvious way to accomplish this with the existing code. >> > >> > Thanks, >> > >> > Bill >> > >> >> >> >> -- >> thanks >> ashish >> >> Blog: http://www.ashishpaliwal.com/blog >> My Photo Galleries: http://www.pbase.com/ashishpaliwal >> > -- Cheers, Guillaume Nodet ------------------------ Blog: http://gnodet.blogspot.com/ ------------------------ Open Source SOA http://fusesource.com Connect at CamelOne May 24-26 The Open Source Integration Conference http://camelone.com/
