Search in sources :

Example 1 with IpSubnetFilterRule

use of org.infinispan.server.core.transport.IpSubnetFilterRule in project infinispan by infinispan.

the class ServerStateManagerImpl method updateIpFilters.

private CompletionStage<Void> updateIpFilters(String connector, Collection<IpFilterRule> rules) {
    ProtocolServer protocolServer = server.getProtocolServers().get(connector);
    if (rules.isEmpty()) {
        protocolServer.getConfiguration().ipFilter().rules(Collections.emptyList());
        Server.log.connectorIpFilterCleared(connector);
        return CompletableFutures.completedNull();
    } else {
        List<IpSubnetFilterRule> localRules = new ArrayList<>(rules.size());
        for (IpFilterRule rule : rules) {
            localRules.add(new IpSubnetFilterRule(rule.cidr, IpFilterRuleType.valueOf(rule.type)));
        }
        protocolServer.getConfiguration().ipFilter().rules(localRules);
        Transport transport = getTransport(protocolServer);
        CompositeChannelMatcher matcher = new CompositeChannelMatcher(protocolServer.getChannelMatcher(), new IpFilterRuleChannelMatcher(localRules));
        return transport.closeChannels(matcher).thenApply(v -> {
            Server.log.connectorIpFilterSet(connector, localRules);
            return v;
        });
    }
}
Also used : ProtocolServer(org.infinispan.server.core.ProtocolServer) IpFilterRuleChannelMatcher(org.infinispan.server.core.transport.IpFilterRuleChannelMatcher) CompositeChannelMatcher(org.infinispan.server.core.transport.CompositeChannelMatcher) ArrayList(java.util.ArrayList) Transport(org.infinispan.server.core.transport.Transport) IpSubnetFilterRule(org.infinispan.server.core.transport.IpSubnetFilterRule)

Example 2 with IpSubnetFilterRule

use of org.infinispan.server.core.transport.IpSubnetFilterRule in project infinispan by infinispan.

the class IpSubnetFilterRuleTest method testIpSubnetFilterRule.

public void testIpSubnetFilterRule() throws UnknownHostException {
    IpSubnetFilterRule rule = new IpSubnetFilterRule("192.168.0.0/16", IpFilterRuleType.ACCEPT);
    assertTrue(rule.matches(new InetSocketAddress(InetAddress.getByName("192.168.0.1"), 11222)));
    assertFalse(rule.matches(new InetSocketAddress(InetAddress.getByName("10.11.12.13"), 11222)));
    rule = new IpSubnetFilterRule("/0", IpFilterRuleType.REJECT);
    assertTrue(rule.matches(new InetSocketAddress(InetAddress.getByName("192.168.0.1"), 11222)));
    assertTrue(rule.matches(new InetSocketAddress(InetAddress.getByName("10.11.12.13"), 11222)));
    rule = new IpSubnetFilterRule("fe80::/64", IpFilterRuleType.ACCEPT);
    assertTrue(rule.matches(new InetSocketAddress(InetAddress.getByName("fe80::9656:d028:8652:66b6"), 11222)));
    assertFalse(rule.matches(new InetSocketAddress(InetAddress.getByName("2001:0db8:0123:4567:89ab:fcde:1234:5670"), 11222)));
}
Also used : InetSocketAddress(java.net.InetSocketAddress) IpSubnetFilterRule(org.infinispan.server.core.transport.IpSubnetFilterRule)

Example 3 with IpSubnetFilterRule

use of org.infinispan.server.core.transport.IpSubnetFilterRule in project infinispan by infinispan.

the class ServerResource method connectorIpFilterSet.

private CompletionStage<RestResponse> connectorIpFilterSet(RestRequest restRequest) {
    NettyRestResponse.Builder builder = new NettyRestResponse.Builder().status(NO_CONTENT);
    String connectorName = restRequest.variables().get("connector");
    ProtocolServer connector = invocationHelper.getServer().getProtocolServers().get(connectorName);
    if (connector == null)
        return completedFuture(builder.status(NOT_FOUND).build());
    Json json = Json.read(restRequest.contents().asString());
    if (!json.isArray()) {
        return completedFuture(builder.status(BAD_REQUEST).build());
    }
    List<Json> list = json.asJsonList();
    List<IpSubnetFilterRule> rules = new ArrayList<>(list.size());
    for (Json o : list) {
        if (!o.has("type") || !o.has("cidr")) {
            return completedFuture(builder.status(BAD_REQUEST).build());
        } else {
            rules.add(new IpSubnetFilterRule(o.at("cidr").asString(), IpFilterRuleType.valueOf(o.at("type").asString())));
        }
    }
    // Verify that none of the REJECT rules match the address from which the request was made
    if (connector.equals(invocationHelper.getProtocolServer()) || connector.equals(invocationHelper.getProtocolServer().getEnclosingProtocolServer())) {
        InetSocketAddress remoteAddress = restRequest.getRemoteAddress();
        for (IpSubnetFilterRule rule : rules) {
            if (rule.ruleType() == IpFilterRuleType.REJECT && rule.matches(remoteAddress)) {
                return completedFuture(builder.status(CONFLICT).entity(Messages.MSG.rejectRuleMatchesRequestAddress(rule, remoteAddress)).build());
            }
        }
    }
    ServerStateManager serverStateManager = invocationHelper.getServer().getServerStateManager();
    return Security.doAs(restRequest.getSubject(), (PrivilegedAction<CompletionStage<RestResponse>>) () -> serverStateManager.setConnectorIpFilterRule(connectorName, rules).thenApply(r -> builder.build()));
}
Also used : ProtocolServer(org.infinispan.server.core.ProtocolServer) ServerStateManager(org.infinispan.server.core.ServerStateManager) InetSocketAddress(java.net.InetSocketAddress) ArrayList(java.util.ArrayList) ResourceUtil.addEntityAsJson(org.infinispan.rest.resources.ResourceUtil.addEntityAsJson) Json(org.infinispan.commons.dataconversion.internal.Json) NettyRestResponse(org.infinispan.rest.NettyRestResponse) CompletionStage(java.util.concurrent.CompletionStage) IpSubnetFilterRule(org.infinispan.server.core.transport.IpSubnetFilterRule)

Example 4 with IpSubnetFilterRule

use of org.infinispan.server.core.transport.IpSubnetFilterRule in project infinispan by infinispan.

the class ServerResource method ipFilterRulesAsJson.

private Json ipFilterRulesAsJson(ProtocolServer connector) {
    Collection<IpSubnetFilterRule> rules = connector.getConfiguration().ipFilter().rules();
    Json array = Json.array();
    for (IpSubnetFilterRule rule : rules) {
        array.add(Json.object().set("type", rule.ruleType().name().toLowerCase()).set("from", rule.cidr()));
    }
    return array;
}
Also used : ResourceUtil.addEntityAsJson(org.infinispan.rest.resources.ResourceUtil.addEntityAsJson) Json(org.infinispan.commons.dataconversion.internal.Json) IpSubnetFilterRule(org.infinispan.server.core.transport.IpSubnetFilterRule)

Aggregations

IpSubnetFilterRule (org.infinispan.server.core.transport.IpSubnetFilterRule)4 InetSocketAddress (java.net.InetSocketAddress)2 ArrayList (java.util.ArrayList)2 Json (org.infinispan.commons.dataconversion.internal.Json)2 ResourceUtil.addEntityAsJson (org.infinispan.rest.resources.ResourceUtil.addEntityAsJson)2 ProtocolServer (org.infinispan.server.core.ProtocolServer)2 CompletionStage (java.util.concurrent.CompletionStage)1 NettyRestResponse (org.infinispan.rest.NettyRestResponse)1 ServerStateManager (org.infinispan.server.core.ServerStateManager)1 CompositeChannelMatcher (org.infinispan.server.core.transport.CompositeChannelMatcher)1 IpFilterRuleChannelMatcher (org.infinispan.server.core.transport.IpFilterRuleChannelMatcher)1 Transport (org.infinispan.server.core.transport.Transport)1