Ulf Dittmer created JSPWIKI-1183:
------------------------------------
Summary: Support IP ranges in IfPlugin
Key: JSPWIKI-1183
URL: https://issues.apache.org/jira/browse/JSPWIKI-1183
Project: JSPWiki
Issue Type: Improvement
Components: Plugins
Affects Versions: 2.12.1
Reporter: Ulf Dittmer
The IfPlugin.checkIP method has a comment "TODO: Add subnetwork matching, e.g.
10.0.0.0/8". This is a patch to address this. Sorry that this does not come as
a PR, but the changes are limited in scope.
Additions to pom.xml
<ipaddress.version>5.4.0</ipaddress.version>
<dependency>
<groupId>com.github.seancfoley</groupId>
<artifactId>ipaddress</artifactId>
<version>${ipaddress.version}</version>
</dependency>
Additions to jspwiki-util/pom.xml
<dependency>
<groupId>com.github.seancfoley</groupId>
<artifactId>ipaddress</artifactId>
</dependency>
Changes in jspwiki-util/src/main/java/org/apache/wiki/util/HttpUtil.java
This method now checks whether the IP contains a comma, which can happen if the
request goes through more than one proxy. That's not directly related to this
patch, but useful nonetheless.
/**
* returns the remote address by looking into {@code x-forwarded-for}
header or, if unavailable,
* into {@link HttpServletRequest#getRemoteAddr()}.
*
* @param req http request
* @return remote address associated to the request.
*/
public static String getRemoteAddress( final HttpServletRequest req ) {
String realIP = StringUtils.isNotEmpty ( req.getHeader(
"X-Forwarded-For" ) ) ? req.getHeader( "X-Forwarded-For" ) :
req.getRemoteAddr();
// can be a comma-separated list of IPs
if (realIP.contains(","))
realIP = realIP.substring(realIP.indexOf(","));
return realIP;
}
This method is new
/**
* Returns whether or not the IP address of the request equals a given IP,
or is in a given IP range
*
* @param req http request
* @param ipOrRange IP address or IP range to test against
* @return
*/
public static boolean ipIsInRange ( final HttpServletRequest req, final
String ipOrRange ) {
String requestIP = getRemoteAddress(req);
if (ipOrRange.contains("/")) {
IPAddressString testRange = new
IPAddressString(ipOrRange);
return testRange.contains(new
IPAddressString(requestIP));
} else {
return requestIP.equals(ipOrRange);
}
}
Changes in jspwiki-main/src/main/java/org/apache/wiki/plugin/IfPlugin.java
Instead of
include |= ipaddrToCheck.equals( HttpUtil.getRemoteAddress(
context.getHttpRequest() ) ) ^ invert;
now it should read
include |= HttpUtil.ipIsInRange( context.getHttpRequest(),
ipaddrToCheck ) ^ invert;
That's all. Now the IfPlugin accepts something like
[{If ip='192.168.0.0/16|10.0.0.0/8|127.0.0.1'
Secret stuff for localhost and local networks}]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
