use of org.infinispan.server.core.transport.IpSubnetFilterRule in project infinispan by infinispan.
the class ServerStateManagerImpl method updateIpFilters.
private CompletionStage<Void> updateIpFilters(String connector, Collection<IpFilterRule> rules) {
ProtocolServer protocolServer = server.getProtocolServers().get(connector);
if (rules.isEmpty()) {
protocolServer.getConfiguration().ipFilter().rules(Collections.emptyList());
Server.log.connectorIpFilterCleared(connector);
return CompletableFutures.completedNull();
} else {
List<IpSubnetFilterRule> localRules = new ArrayList<>(rules.size());
for (IpFilterRule rule : rules) {
localRules.add(new IpSubnetFilterRule(rule.cidr, IpFilterRuleType.valueOf(rule.type)));
}
protocolServer.getConfiguration().ipFilter().rules(localRules);
Transport transport = getTransport(protocolServer);
CompositeChannelMatcher matcher = new CompositeChannelMatcher(protocolServer.getChannelMatcher(), new IpFilterRuleChannelMatcher(localRules));
return transport.closeChannels(matcher).thenApply(v -> {
Server.log.connectorIpFilterSet(connector, localRules);
return v;
});
}
}
use of org.infinispan.server.core.transport.IpSubnetFilterRule in project infinispan by infinispan.
the class IpSubnetFilterRuleTest method testIpSubnetFilterRule.
public void testIpSubnetFilterRule() throws UnknownHostException {
IpSubnetFilterRule rule = new IpSubnetFilterRule("192.168.0.0/16", IpFilterRuleType.ACCEPT);
assertTrue(rule.matches(new InetSocketAddress(InetAddress.getByName("192.168.0.1"), 11222)));
assertFalse(rule.matches(new InetSocketAddress(InetAddress.getByName("10.11.12.13"), 11222)));
rule = new IpSubnetFilterRule("/0", IpFilterRuleType.REJECT);
assertTrue(rule.matches(new InetSocketAddress(InetAddress.getByName("192.168.0.1"), 11222)));
assertTrue(rule.matches(new InetSocketAddress(InetAddress.getByName("10.11.12.13"), 11222)));
rule = new IpSubnetFilterRule("fe80::/64", IpFilterRuleType.ACCEPT);
assertTrue(rule.matches(new InetSocketAddress(InetAddress.getByName("fe80::9656:d028:8652:66b6"), 11222)));
assertFalse(rule.matches(new InetSocketAddress(InetAddress.getByName("2001:0db8:0123:4567:89ab:fcde:1234:5670"), 11222)));
}
use of org.infinispan.server.core.transport.IpSubnetFilterRule in project infinispan by infinispan.
the class ServerResource method connectorIpFilterSet.
private CompletionStage<RestResponse> connectorIpFilterSet(RestRequest restRequest) {
NettyRestResponse.Builder builder = new NettyRestResponse.Builder().status(NO_CONTENT);
String connectorName = restRequest.variables().get("connector");
ProtocolServer connector = invocationHelper.getServer().getProtocolServers().get(connectorName);
if (connector == null)
return completedFuture(builder.status(NOT_FOUND).build());
Json json = Json.read(restRequest.contents().asString());
if (!json.isArray()) {
return completedFuture(builder.status(BAD_REQUEST).build());
}
List<Json> list = json.asJsonList();
List<IpSubnetFilterRule> rules = new ArrayList<>(list.size());
for (Json o : list) {
if (!o.has("type") || !o.has("cidr")) {
return completedFuture(builder.status(BAD_REQUEST).build());
} else {
rules.add(new IpSubnetFilterRule(o.at("cidr").asString(), IpFilterRuleType.valueOf(o.at("type").asString())));
}
}
// Verify that none of the REJECT rules match the address from which the request was made
if (connector.equals(invocationHelper.getProtocolServer()) || connector.equals(invocationHelper.getProtocolServer().getEnclosingProtocolServer())) {
InetSocketAddress remoteAddress = restRequest.getRemoteAddress();
for (IpSubnetFilterRule rule : rules) {
if (rule.ruleType() == IpFilterRuleType.REJECT && rule.matches(remoteAddress)) {
return completedFuture(builder.status(CONFLICT).entity(Messages.MSG.rejectRuleMatchesRequestAddress(rule, remoteAddress)).build());
}
}
}
ServerStateManager serverStateManager = invocationHelper.getServer().getServerStateManager();
return Security.doAs(restRequest.getSubject(), (PrivilegedAction<CompletionStage<RestResponse>>) () -> serverStateManager.setConnectorIpFilterRule(connectorName, rules).thenApply(r -> builder.build()));
}
use of org.infinispan.server.core.transport.IpSubnetFilterRule in project infinispan by infinispan.
the class ServerResource method ipFilterRulesAsJson.
private Json ipFilterRulesAsJson(ProtocolServer connector) {
Collection<IpSubnetFilterRule> rules = connector.getConfiguration().ipFilter().rules();
Json array = Json.array();
for (IpSubnetFilterRule rule : rules) {
array.add(Json.object().set("type", rule.ruleType().name().toLowerCase()).set("from", rule.cidr()));
}
return array;
}
Aggregations