Index: VERSION.txt =================================================================== --- VERSION.txt (revision 6250) +++ VERSION.txt (working copy) @@ -1,5 +1,6 @@ Jetty-6.1.x + JETTY-748 Prevent race close of socket by old acceptor threads + + JETTY-1239 HTAccessHandler [allow from 127.0.0.1] does not work + JETTY-1291 Extract query parameters even if POST content consumed + JETTY-1293 Avoid usage of String.split + JETTY-1296 Always clear changes list in selectManager Index: modules/jetty/src/main/java/org/mortbay/jetty/security/HTAccessHandler.java =================================================================== --- modules/jetty/src/main/java/org/mortbay/jetty/security/HTAccessHandler.java (revision 6250) +++ modules/jetty/src/main/java/org/mortbay/jetty/security/HTAccessHandler.java (working copy) @@ -12,6 +12,8 @@ import java.io.BufferedReader; import java.io.IOException; import java.io.InputStreamReader; +import java.net.InetAddress; +import java.net.UnknownHostException; import java.security.Principal; import java.util.ArrayList; import java.util.HashMap; @@ -187,7 +189,10 @@ // first see if we need to handle based on method type Map methods=ht.getMethods(); if (methods.size()>0&&!methods.containsKey(request.getMethod())) + { + callWrappedHandler(target,request,response,dispatch); return; // Nothing to check + } // Check the accesss int satisfy=ht.getSatisfy(); @@ -199,8 +204,11 @@ // If IP is correct and satify is ANY then access is allowed if (IPValid==true&&satisfy==HTAccess.ANY) + { + callWrappedHandler(target,request,response,dispatch); return; - + } + // If IP is NOT correct and satify is ALL then access is // forbidden if (IPValid==false&&satisfy==HTAccess.ALL) @@ -229,11 +237,7 @@ } } - if (getHandler()!=null) - { - getHandler().handle(target,request,response,dispatch); - } - + callWrappedHandler(target,request,response,dispatch); } catch (Exception ex) { @@ -247,6 +251,17 @@ } /* ------------------------------------------------------------ */ + /** + */ + private void callWrappedHandler(String target, HttpServletRequest request, HttpServletResponse response, int dispatch) throws IOException, ServletException + { + if (getHandler()!=null) + { + getHandler().handle(target,request,response,dispatch); + } + } + + /* ------------------------------------------------------------ */ /** Get a Principal matching the user. * If there is no user realm, and therefore we are using a * htpassword file instead, then just return a dummy Principal. @@ -417,6 +432,11 @@ boolean alp=false; boolean dep=false; + if (log.isDebugEnabled()) + log.debug("Remote Addr = "+ip,null,null); + + InetAddress ipaddr = getInetAddr(ip); + // if no allows and no deny defined, then return true if (_allowList.size()==0&&_denyList.size()==0) return (true); @@ -430,26 +450,25 @@ alp=true; break; } - else + else if (Character.isDigit(elm.charAt(0)) || elm.indexOf(':') >= 0) { - char c=elm.charAt(0); - if (c>='0'&&c<='9') - { - // ip - if (ip.startsWith(elm)) + // ip + if (ipaddr != null) { + InetAddress ipelem = getInetAddr(elm); + if (ipelem != null && ipelem.equals(ipaddr)) { alp=true; break; } } - else + } + else + { + // hostname + if (host.endsWith(elm)) { - // hostname - if (host.endsWith(elm)) - { - alp=true; - break; - } + alp=true; + break; } } } @@ -463,24 +482,24 @@ dep=true; break; } - else + else if (Character.isDigit(elm.charAt(0)) || elm.indexOf(':') >= 0) { - char c=elm.charAt(0); - if (c>='0'&&c<='9') - { // ip - if (ip.startsWith(elm)) + // ip + if (ipaddr != null) { + InetAddress ipelem = getInetAddr(elm); + if (ipelem != null && ipelem.equals(ipaddr)) { dep=true; break; } } - else - { // hostname - if (host.endsWith(elm)) - { - dep=true; - break; - } + } + else + { // hostname + if (host.endsWith(elm)) + { + dep=true; + break; } } } @@ -862,7 +881,43 @@ return this.protegee; } + /* ------------------------------------------------------------ */ /** + * @param ip + * @return + */ + public static InetAddress getInetAddr(String ip) + { + StringBuffer addr = new StringBuffer(); + if (ip.indexOf(':') < 0) + { + addr.append("::"); + if (ip.startsWith("127.0.0")) + { + addr.append(ip.substring(ip.lastIndexOf('.')+1)); + } + else + { + addr.append(ip); + } + } + else + { + addr.append(ip); + } + InetAddress inetAddr = null; + try + { + inetAddr = InetAddress.getByName(addr.toString()); + } + catch (UnknownHostException e) + { + Log.ignore(e); + } + return inetAddr; + } + + /** * Setter for property protegee. * * @param protegee