summaryrefslogtreecommitdiffstatsabout
diff options
context:
space:
mode:
authorConstantine Linnick2013-10-05 07:16:49 (EDT)
committer Gerrit Code Review @ Eclipse.org2013-10-18 01:10:35 (EDT)
commitf451a14e0407463a2d44e8de80107a340d0c72b6 (patch)
tree3b218a46ea3a74c1630f6ba0ef4973a97c1543d1
parentb4052a2b535c54ff4013450b5a603f86dfad20b9 (diff)
downloadorg.eclipse.jetty.project-f451a14e0407463a2d44e8de80107a340d0c72b6.zip
org.eclipse.jetty.project-f451a14e0407463a2d44e8de80107a340d0c72b6.tar.gz
org.eclipse.jetty.project-f451a14e0407463a2d44e8de80107a340d0c72b6.tar.bz2
[Bug 418732] Add whiteListByPath mode to IPAccessHandlerrefs/changes/71/17071/2
Signed-off-by: Constantine Linnick <theaspect@gmail.com>
-rw-r--r--jetty-server/src/main/config/etc/jetty-ipaccess.xml1
-rw-r--r--jetty-server/src/main/java/org/eclipse/jetty/server/handler/IPAccessHandler.java27
-rw-r--r--jetty-server/src/test/java/org/eclipse/jetty/server/handler/IPAccessHandlerTest.java429
3 files changed, 320 insertions, 137 deletions
diff --git a/jetty-server/src/main/config/etc/jetty-ipaccess.xml b/jetty-server/src/main/config/etc/jetty-ipaccess.xml
index deef173..33a43be 100644
--- a/jetty-server/src/main/config/etc/jetty-ipaccess.xml
+++ b/jetty-server/src/main/config/etc/jetty-ipaccess.xml
@@ -25,6 +25,7 @@
<Item>127.0.0.2/black.html</Item>
</Array>
</Set>
+ <Set name="whiteListByPath">false</Set>
</New>
</Set>
diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/IPAccessHandler.java b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/IPAccessHandler.java
index 5b1f013..acb3c8b 100644
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/IPAccessHandler.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/IPAccessHandler.java
@@ -54,11 +54,17 @@ import org.eclipse.jetty.util.log.Logger;
* entries, that are then further refined by several specific black list exceptions
* </ul>
* <p>
- * An empty white list is treated as match all. If there is at least one entry in
+ * By default an empty white list is treated as match all. If there is at least one entry in
* the white list, then a request must match a white list entry. Black list entries
* are always applied, so that even if an entry matches the white list, a black list
* entry will override it.
* <p>
+ * <p>
+ * You can change white list policy setting whiteListByPath to true. In this mode a request will be white listed
+ * IF it has a matching URL in the white list, otherwise the black list applies, e.g. in default mode when
+ * whiteListByPath = false and wl = "127.0.0.1|/foo", /bar request from 127.0.0.1 will be blacklisted,
+ * if whiteListByPath=true then not.
+ * </p>
* Internet addresses may be specified as absolute address or as a combination of
* four octet wildcard specifications (a.b.c.d) that are defined as follows.
* </p>
@@ -104,6 +110,7 @@ public class IPAccessHandler extends HandlerWrapper
// true means nodefault match
PathMap<IPAddressMap<Boolean>> _white = new PathMap<IPAddressMap<Boolean>>(true);
PathMap<IPAddressMap<Boolean>> _black = new PathMap<IPAddressMap<Boolean>>(true);
+ boolean _whiteListByPath = false;
/* ------------------------------------------------------------ */
/**
@@ -177,6 +184,17 @@ public class IPAccessHandler extends HandlerWrapper
/* ------------------------------------------------------------ */
/**
+ * Re-initialize the mode of path matching
+ *
+ * @param whiteListByPath matching mode
+ */
+ public void setWhiteListByPath(boolean whiteListByPath)
+ {
+ this._whiteListByPath = whiteListByPath;
+ }
+
+ /* ------------------------------------------------------------ */
+ /**
* Checks the incoming request against the whitelist and blacklist
*
* @see org.eclipse.jetty.server.handler.HandlerWrapper#handle(java.lang.String, org.eclipse.jetty.server.Request, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
@@ -287,9 +305,12 @@ public class IPAccessHandler extends HandlerWrapper
if (_white.size()>0)
{
boolean match = false;
+ boolean matchedByPath = false;
+
Object whiteObj = _white.getLazyMatches(path);
if (whiteObj != null)
{
+ matchedByPath = true;
List whiteList = (whiteObj instanceof List) ? (List)whiteObj : Collections.singletonList(whiteObj);
for (Object entry: whiteList)
@@ -300,7 +321,9 @@ public class IPAccessHandler extends HandlerWrapper
}
}
- if (!match)
+ if (!_whiteListByPath && !match) // Default behaviour
+ return false;
+ else if (_whiteListByPath && matchedByPath && !match) // Fail if only matched by path
return false;
}
diff --git a/jetty-server/src/test/java/org/eclipse/jetty/server/handler/IPAccessHandlerTest.java b/jetty-server/src/test/java/org/eclipse/jetty/server/handler/IPAccessHandlerTest.java
index 55309ed..5a8c5e6 100644
--- a/jetty-server/src/test/java/org/eclipse/jetty/server/handler/IPAccessHandlerTest.java
+++ b/jetty-server/src/test/java/org/eclipse/jetty/server/handler/IPAccessHandlerTest.java
@@ -64,6 +64,7 @@ public class IPAccessHandlerTest
private String _host;
private String _uri;
private String _code;
+ private boolean _byPath;
@BeforeClass
public static void setUp()
@@ -95,13 +96,14 @@ public class IPAccessHandlerTest
}
/* ------------------------------------------------------------ */
- public IPAccessHandlerTest(String white, String black, String host, String uri, String code)
+ public IPAccessHandlerTest(String white, String black, String host, String uri, String code, boolean byPath)
{
_white = white;
_black = black;
_host = host;
_uri = uri;
_code = code;
+ _byPath = byPath;
}
/* ------------------------------------------------------------ */
@@ -111,6 +113,7 @@ public class IPAccessHandlerTest
{
_handler.setWhite(_white.split(";",-1));
_handler.setBlack(_black.split(";",-1));
+ _handler.setWhiteListByPath(_byPath);
String request = "GET " + _uri + " HTTP/1.1\n" + "Host: "+ _host + "\n\n";
Socket socket = new Socket("127.0.0.1", _connector.getLocalPort());
@@ -247,157 +250,313 @@ public class IPAccessHandlerTest
public static Collection<Object[]> data() {
Object[][] data = new Object[][] {
// Empty lists
- {"", "", "127.0.0.1", "/", "200"},
- {"", "", "127.0.0.1", "/dump/info", "200"},
+ {"", "", "127.0.0.1", "/", "200", false},
+ {"", "", "127.0.0.1", "/dump/info", "200", false},
// White list
- {"127.0.0.1", "", "127.0.0.1", "/", "200"},
- {"127.0.0.1", "", "127.0.0.1", "/dispatch", "200"},
- {"127.0.0.1", "", "127.0.0.1", "/dump/info", "200"},
-
- {"127.0.0.1|/", "", "127.0.0.1", "/", "200"},
- {"127.0.0.1|/", "", "127.0.0.1", "/dispatch", "403"},
- {"127.0.0.1|/", "", "127.0.0.1", "/dump/info", "403"},
-
- {"127.0.0.1|/*", "", "127.0.0.1", "/", "200"},
- {"127.0.0.1|/*", "", "127.0.0.1", "/dispatch", "200"},
- {"127.0.0.1|/*", "", "127.0.0.1", "/dump/info", "200"},
-
- {"127.0.0.1|/dump/*", "", "127.0.0.1", "/", "403"},
- {"127.0.0.1|/dump/*", "", "127.0.0.1", "/dispatch", "403"},
- {"127.0.0.1|/dump/*", "", "127.0.0.1", "/dump/info", "200"},
- {"127.0.0.1|/dump/*", "", "127.0.0.1", "/dump/test", "200"},
-
- {"127.0.0.1|/dump/info", "", "127.0.0.1", "/", "403"},
- {"127.0.0.1|/dump/info", "", "127.0.0.1", "/dispatch", "403"},
- {"127.0.0.1|/dump/info", "", "127.0.0.1", "/dump/info", "200"},
- {"127.0.0.1|/dump/info", "", "127.0.0.1", "/dump/test", "403"},
-
- {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/", "403"},
- {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dispatch", "403"},
- {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/info", "200"},
- {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/test", "200"},
- {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/fail", "403"},
-
- {"127.0.0.0-2|", "", "127.0.0.1", "/", "200"},
- {"127.0.0.0-2|", "", "127.0.0.1", "/dump/info", "200"},
-
- {"127.0.0.0-2|/", "", "127.0.0.1", "/", "200"},
- {"127.0.0.0-2|/", "", "127.0.0.1", "/dispatch", "403"},
- {"127.0.0.0-2|/", "", "127.0.0.1", "/dump/info", "403"},
-
- {"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/", "403"},
- {"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/dispatch", "403"},
- {"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/dump/info", "200"},
-
- {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/", "403"},
- {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dispatch", "403"},
- {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dump/info", "200"},
- {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dump/test", "403"},
-
- {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/", "403"},
- {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dispatch", "403"},
- {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/info", "200"},
- {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/test", "200"},
- {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/fail", "403"},
+ {"127.0.0.1", "", "127.0.0.1", "/", "200", false},
+ {"127.0.0.1", "", "127.0.0.1", "/dispatch", "200", false},
+ {"127.0.0.1", "", "127.0.0.1", "/dump/info", "200", false},
+
+ {"127.0.0.1|/", "", "127.0.0.1", "/", "200", false},
+ {"127.0.0.1|/", "", "127.0.0.1", "/dispatch", "403", false},
+ {"127.0.0.1|/", "", "127.0.0.1", "/dump/info", "403", false},
+
+ {"127.0.0.1|/*", "", "127.0.0.1", "/", "200", false},
+ {"127.0.0.1|/*", "", "127.0.0.1", "/dispatch", "200", false},
+ {"127.0.0.1|/*", "", "127.0.0.1", "/dump/info", "200", false},
+
+ {"127.0.0.1|/dump/*", "", "127.0.0.1", "/", "403", false},
+ {"127.0.0.1|/dump/*", "", "127.0.0.1", "/dispatch", "403", false},
+ {"127.0.0.1|/dump/*", "", "127.0.0.1", "/dump/info", "200", false},
+ {"127.0.0.1|/dump/*", "", "127.0.0.1", "/dump/test", "200", false},
+
+ {"127.0.0.1|/dump/info", "", "127.0.0.1", "/", "403", false},
+ {"127.0.0.1|/dump/info", "", "127.0.0.1", "/dispatch", "403", false},
+ {"127.0.0.1|/dump/info", "", "127.0.0.1", "/dump/info", "200", false},
+ {"127.0.0.1|/dump/info", "", "127.0.0.1", "/dump/test", "403", false},
+
+ {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/", "403", false},
+ {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dispatch", "403", false},
+ {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/info", "200", false},
+ {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/test", "200", false},
+ {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/fail", "403", false},
+
+ {"127.0.0.0-2|", "", "127.0.0.1", "/", "200", false},
+ {"127.0.0.0-2|", "", "127.0.0.1", "/dump/info", "200", false},
+
+ {"127.0.0.0-2|/", "", "127.0.0.1", "/", "200", false},
+ {"127.0.0.0-2|/", "", "127.0.0.1", "/dispatch", "403", false},
+ {"127.0.0.0-2|/", "", "127.0.0.1", "/dump/info", "403", false},
+
+ {"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/", "403", false},
+ {"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/dispatch", "403", false},
+ {"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/dump/info", "200", false},
+
+ {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/", "403", false},
+ {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dispatch", "403", false},
+ {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dump/info", "200", false},
+ {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dump/test", "403", false},
+
+ {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/", "403", false},
+ {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dispatch", "403", false},
+ {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/info", "200", false},
+ {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/test", "200", false},
+ {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/fail", "403", false},
// Black list
- {"", "127.0.0.1", "127.0.0.1", "/", "403"},
- {"", "127.0.0.1", "127.0.0.1", "/dispatch", "403"},
- {"", "127.0.0.1", "127.0.0.1", "/dump/info", "403"},
-
- {"", "127.0.0.1|/", "127.0.0.1", "/", "403"},
- {"", "127.0.0.1|/", "127.0.0.1", "/dispatch", "200"},
- {"", "127.0.0.1|/", "127.0.0.1", "/dump/info", "200"},
-
- {"", "127.0.0.1|/*", "127.0.0.1", "/", "403"},
- {"", "127.0.0.1|/*", "127.0.0.1", "/dispatch", "403"},
- {"", "127.0.0.1|/*", "127.0.0.1", "/dump/info", "403"},
-
- {"", "127.0.0.1|/dump/*", "127.0.0.1", "/", "200"},
- {"", "127.0.0.1|/dump/*", "127.0.0.1", "/dispatch", "200"},
- {"", "127.0.0.1|/dump/*", "127.0.0.1", "/dump/info", "403"},
- {"", "127.0.0.1|/dump/*", "127.0.0.1", "/dump/test", "403"},
-
- {"", "127.0.0.1|/dump/info", "127.0.0.1", "/", "200"},
- {"", "127.0.0.1|/dump/info", "127.0.0.1", "/dispatch", "200"},
- {"", "127.0.0.1|/dump/info", "127.0.0.1", "/dump/info", "403"},
- {"", "127.0.0.1|/dump/info", "127.0.0.1", "/dump/test", "200"},
-
- {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/", "200"},
- {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dispatch", "200"},
- {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/info", "403"},
- {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/test", "403"},
- {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/fail", "200"},
-
- {"", "127.0.0.0-2|", "127.0.0.1", "/", "403"},
- {"", "127.0.0.0-2|", "127.0.0.1", "/dump/info", "403"},
-
- {"", "127.0.0.0-2|/", "127.0.0.1", "/", "403"},
- {"", "127.0.0.0-2|/", "127.0.0.1", "/dispatch", "200"},
- {"", "127.0.0.0-2|/", "127.0.0.1", "/dump/info", "200"},
-
- {"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/", "200"},
- {"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/dispatch", "200"},
- {"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/dump/info", "403"},
-
- {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/", "200"},
- {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dispatch", "200"},
- {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dump/info", "403"},
- {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dump/test", "200"},
-
- {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/", "200"},
- {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dispatch", "200"},
- {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/info", "403"},
- {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/test", "403"},
- {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/fail", "200"},
+ {"", "127.0.0.1", "127.0.0.1", "/", "403", false},
+ {"", "127.0.0.1", "127.0.0.1", "/dispatch", "403", false},
+ {"", "127.0.0.1", "127.0.0.1", "/dump/info", "403", false},
+
+ {"", "127.0.0.1|/", "127.0.0.1", "/", "403", false},
+ {"", "127.0.0.1|/", "127.0.0.1", "/dispatch", "200", false},
+ {"", "127.0.0.1|/", "127.0.0.1", "/dump/info", "200", false},
+
+ {"", "127.0.0.1|/*", "127.0.0.1", "/", "403", false},
+ {"", "127.0.0.1|/*", "127.0.0.1", "/dispatch", "403", false},
+ {"", "127.0.0.1|/*", "127.0.0.1", "/dump/info", "403", false},
+
+ {"", "127.0.0.1|/dump/*", "127.0.0.1", "/", "200", false},
+ {"", "127.0.0.1|/dump/*", "127.0.0.1", "/dispatch", "200", false},
+ {"", "127.0.0.1|/dump/*", "127.0.0.1", "/dump/info", "403", false},
+ {"", "127.0.0.1|/dump/*", "127.0.0.1", "/dump/test", "403", false},
+
+ {"", "127.0.0.1|/dump/info", "127.0.0.1", "/", "200", false},
+ {"", "127.0.0.1|/dump/info", "127.0.0.1", "/dispatch", "200", false},
+ {"", "127.0.0.1|/dump/info", "127.0.0.1", "/dump/info", "403", false},
+ {"", "127.0.0.1|/dump/info", "127.0.0.1", "/dump/test", "200", false},
+
+ {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/", "200", false},
+ {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dispatch", "200", false},
+ {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/info", "403", false},
+ {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/test", "403", false},
+ {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/fail", "200", false},
+
+ {"", "127.0.0.0-2|", "127.0.0.1", "/", "403", false},
+ {"", "127.0.0.0-2|", "127.0.0.1", "/dump/info", "403", false},
+
+ {"", "127.0.0.0-2|/", "127.0.0.1", "/", "403", false},
+ {"", "127.0.0.0-2|/", "127.0.0.1", "/dispatch", "200", false},
+ {"", "127.0.0.0-2|/", "127.0.0.1", "/dump/info", "200", false},
+
+ {"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/", "200", false},
+ {"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/dispatch", "200", false},
+ {"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/dump/info", "403", false},
+
+ {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/", "200", false},
+ {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dispatch", "200", false},
+ {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dump/info", "403", false},
+ {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dump/test", "200", false},
+
+ {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/", "200", false},
+ {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dispatch", "200", false},
+ {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/info", "403", false},
+ {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/test", "403", false},
+ {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/fail", "200", false},
// Both lists
- {"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200"},
- {"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "403"},
- {"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403"},
+ {"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200", false},
+ {"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "403", false},
+ {"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", false},
- {"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200"},
- {"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200"},
- {"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403"},
+ {"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200", false},
+ {"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200", false},
+ {"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", false},
- {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200"},
- {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200"},
- {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/test", "403"},
- {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403"},
+ {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200", false},
+ {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200", false},
+ {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/test", "403", false},
+ {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", false},
- {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump", "403"},
- {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/info", "200"},
- {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/test", "403"},
- {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/fail", "403"},
+ {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump", "403", false},
+ {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/info", "200", false},
+ {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/test", "403", false},
+ {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/fail", "403", false},
- {"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/", "200"},
- {"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/dump/info", "200"},
- {"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/dump/fail", "403"},
+ {"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/", "200", false},
+ {"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/dump/info", "200", false},
+ {"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/dump/fail", "403", false},
// Different address
- {"127.0.0.2", "", "127.0.0.1", "/", "403"},
- {"127.0.0.2", "", "127.0.0.1", "/dump/info", "403"},
+ {"127.0.0.2", "", "127.0.0.1", "/", "403", false},
+ {"127.0.0.2", "", "127.0.0.1", "/dump/info", "403", false},
- {"127.0.0.2|/dump/*", "", "127.0.0.1", "/", "403"},
- {"127.0.0.2|/dump/*", "", "127.0.0.1", "/dump/info", "403"},
+ {"127.0.0.2|/dump/*", "", "127.0.0.1", "/", "403", false},
+ {"127.0.0.2|/dump/*", "", "127.0.0.1", "/dump/info", "403", false},
- {"127.0.0.2|/dump/info", "", "127.0.0.1", "/", "403"},
- {"127.0.0.2|/dump/info", "", "127.0.0.1", "/dump/info", "403"},
- {"127.0.0.2|/dump/info", "", "127.0.0.1", "/dump/test", "403"},
+ {"127.0.0.2|/dump/info", "", "127.0.0.1", "/", "403", false},
+ {"127.0.0.2|/dump/info", "", "127.0.0.1", "/dump/info", "403", false},
+ {"127.0.0.2|/dump/info", "", "127.0.0.1", "/dump/test", "403", false},
- {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/", "403"},
- {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dispatch", "403"},
- {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/info", "200"},
- {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/test", "403"},
- {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/fail", "403"},
+ {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/", "403", false},
+ {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dispatch", "403", false},
+ {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/info", "200", false},
+ {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/test", "403", false},
+ {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/fail", "403", false},
- {"172.0.0.0-255", "", "127.0.0.1", "/", "403"},
- {"172.0.0.0-255", "", "127.0.0.1", "/dump/info", "403"},
+ {"172.0.0.0-255", "", "127.0.0.1", "/", "403", false},
+ {"172.0.0.0-255", "", "127.0.0.1", "/dump/info", "403", false},
- {"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/", "403"},
- {"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/dispatch", "403"},
- {"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/dump/info", "200"},
+ {"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/", "403", false},
+ {"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/dispatch", "403", false},
+ {"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/dump/info", "200", false},
+
+ /*-----------------------------------------------------------------------------------------*/
+ // Match by path starts with [117]
+ // test cases affected by _whiteListByPath highlighted accordingly
+
+ {"", "", "127.0.0.1", "/", "200", true},
+ {"", "", "127.0.0.1", "/dump/info", "200", true},
+
+ // White list
+ {"127.0.0.1", "", "127.0.0.1", "/", "200", true},
+ {"127.0.0.1", "", "127.0.0.1", "/dispatch", "200", true},
+ {"127.0.0.1", "", "127.0.0.1", "/dump/info", "200", true},
+
+ {"127.0.0.1|/", "", "127.0.0.1", "/", "200", true},
+ {"127.0.0.1|/", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
+ {"127.0.0.1|/", "", "127.0.0.1", "/dump/info", "200", true}, // _whiteListByPath
+
+ {"127.0.0.1|/*", "", "127.0.0.1", "/", "200", true},
+ {"127.0.0.1|/*", "", "127.0.0.1", "/dispatch", "200", true},
+ {"127.0.0.1|/*", "", "127.0.0.1", "/dump/info", "200", true},
+
+ {"127.0.0.1|/dump/*", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
+ {"127.0.0.1|/dump/*", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
+ {"127.0.0.1|/dump/*", "", "127.0.0.1", "/dump/info", "200", true},
+ {"127.0.0.1|/dump/*", "", "127.0.0.1", "/dump/test", "200", true},
+
+ {"127.0.0.1|/dump/info", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
+ {"127.0.0.1|/dump/info", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
+ {"127.0.0.1|/dump/info", "", "127.0.0.1", "/dump/info", "200", true},
+ {"127.0.0.1|/dump/info", "", "127.0.0.1", "/dump/test", "200", true}, // _whiteListByPath
+
+ {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
+ {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
+ {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/info", "200", true},
+ {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/test", "200", true},
+ {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/fail", "200", true}, // _whiteListByPath
+
+ {"127.0.0.0-2|", "", "127.0.0.1", "/", "200", true},
+ {"127.0.0.0-2|", "", "127.0.0.1", "/dump/info", "200", true},
+
+ {"127.0.0.0-2|/", "", "127.0.0.1", "/", "200", true},
+ {"127.0.0.0-2|/", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
+ {"127.0.0.0-2|/", "", "127.0.0.1", "/dump/info", "200", true}, // _whiteListByPath
+
+ {"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
+ {"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
+ {"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/dump/info", "200", true},
+
+ {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
+ {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
+ {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dump/info", "200", true},
+ {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dump/test", "200", true}, // _whiteListByPath
+
+ {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
+ {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
+ {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/info", "200", true},
+ {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/test", "200", true},
+ {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/fail", "200", true}, // _whiteListByPath
+
+ // Black list
+ {"", "127.0.0.1", "127.0.0.1", "/", "403", true},
+ {"", "127.0.0.1", "127.0.0.1", "/dispatch", "403", true},
+ {"", "127.0.0.1", "127.0.0.1", "/dump/info", "403", true},
+
+ {"", "127.0.0.1|/", "127.0.0.1", "/", "403", true},
+ {"", "127.0.0.1|/", "127.0.0.1", "/dispatch", "200", true},
+ {"", "127.0.0.1|/", "127.0.0.1", "/dump/info", "200", true},
+
+ {"", "127.0.0.1|/*", "127.0.0.1", "/", "403", true},
+ {"", "127.0.0.1|/*", "127.0.0.1", "/dispatch", "403", true},
+ {"", "127.0.0.1|/*", "127.0.0.1", "/dump/info", "403", true},
+
+ {"", "127.0.0.1|/dump/*", "127.0.0.1", "/", "200", true},
+ {"", "127.0.0.1|/dump/*", "127.0.0.1", "/dispatch", "200", true},
+ {"", "127.0.0.1|/dump/*", "127.0.0.1", "/dump/info", "403", true},
+ {"", "127.0.0.1|/dump/*", "127.0.0.1", "/dump/test", "403", true},
+
+ {"", "127.0.0.1|/dump/info", "127.0.0.1", "/", "200", true},
+ {"", "127.0.0.1|/dump/info", "127.0.0.1", "/dispatch", "200", true},
+ {"", "127.0.0.1|/dump/info", "127.0.0.1", "/dump/info", "403", true},
+ {"", "127.0.0.1|/dump/info", "127.0.0.1", "/dump/test", "200", true},
+
+ {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/", "200", true},
+ {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dispatch", "200", true},
+ {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/info", "403", true},
+ {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/test", "403", true},
+ {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/fail", "200", true},
+
+ {"", "127.0.0.0-2|", "127.0.0.1", "/", "403", true},
+ {"", "127.0.0.0-2|", "127.0.0.1", "/dump/info", "403", true},
+
+ {"", "127.0.0.0-2|/", "127.0.0.1", "/", "403", true},
+ {"", "127.0.0.0-2|/", "127.0.0.1", "/dispatch", "200", true},
+ {"", "127.0.0.0-2|/", "127.0.0.1", "/dump/info", "200", true},
+
+ {"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/", "200", true},
+ {"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/dispatch", "200", true},
+ {"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/dump/info", "403", true},
+
+ {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/", "200", true},
+ {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dispatch", "200", true},
+ {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dump/info", "403", true},
+ {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dump/test", "200", true},
+
+ {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/", "200", true},
+ {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dispatch", "200", true},
+ {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/info", "403", true},
+ {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/test", "403", true},
+ {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/fail", "200", true},
+
+ // Both lists
+ {"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200", true},
+ {"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200", true}, // _whiteListByPath
+ {"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", true},
+
+ {"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200", true},
+ {"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200", true},
+ {"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", true},
+
+ {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump", "200", true},
+ {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200", true},
+ {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/test", "403", true},
+ {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", true},
+
+ {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump", "200", true}, // _whiteListByPath
+ {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/info", "200", true},
+ {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/test", "403", true},
+ {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/fail", "200", true}, // _whiteListByPath
+
+ {"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/", "200", true},
+ {"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/dump/info", "200", true},
+ {"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/dump/fail", "403", true},
+
+ // Different address
+ {"127.0.0.2", "", "127.0.0.1", "/", "403", true},
+ {"127.0.0.2", "", "127.0.0.1", "/dump/info", "403", true},
+
+ {"127.0.0.2|/dump/*", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
+ {"127.0.0.2|/dump/*", "", "127.0.0.1", "/dump/info", "403", true},
+
+ {"127.0.0.2|/dump/info", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
+ {"127.0.0.2|/dump/info", "", "127.0.0.1", "/dump/info", "403", true},
+ {"127.0.0.2|/dump/info", "", "127.0.0.1", "/dump/test", "200", true}, // _whiteListByPath
+
+ {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
+ {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
+ {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/info", "200", true},
+ {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/test", "403", true},
+ {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/fail", "200", true}, // _whiteListByPath
+
+ {"172.0.0.0-255", "", "127.0.0.1", "/", "403", true},
+ {"172.0.0.0-255", "", "127.0.0.1", "/dump/info", "403", true},
+
+ {"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/", "200", true}, // _whiteListByPath
+ {"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/dispatch", "200", true}, // _whiteListByPath
+ {"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/dump/info", "200", true},
};
return Arrays.asList(data);
};