[
https://issues.apache.org/jira/browse/JSPWIKI-1183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ulf Dittmer updated JSPWIKI-1183:
---------------------------------
Description:
The IfPlugin.checkIP method has a comment "TODO: Add subnetwork matching, e.g.
10.0.0.0/8". This is a patch to address this. Sorry that this does not come as
a PR, but the changes are limited in scope.
(I have removed the rest of text to an attachment, as it was an endless battle
with getting the formatting to display the mix of text and code correctly.)
was:
{quote}The IfPlugin.checkIP method has a comment "TODO: Add subnetwork
matching, e.g. 10.0.0.0/8". This is a patch to address this. Sorry that this
does not come as a PR, but the changes are limited in scope.
Additions to pom.xml
<ipaddress.version>5.4.0</ipaddress.version>
<dependency>
<groupId>com.github.seancfoley</groupId>
<artifactId>ipaddress</artifactId>
<version>${ipaddress.version}</version>
</dependency>
Additions to jspwiki-util/pom.xml
<dependency>
<groupId>com.github.seancfoley</groupId>
<artifactId>ipaddress</artifactId>
</dependency>
Changes in jspwiki-util/src/main/java/org/apache/wiki/util/HttpUtil.java
This method now checks whether the IP contains a comma, which can happen if the
request goes through more than one proxy.
That's not directly related to this patch, but useful nonetheless.
/**
* returns the remote address by looking into \{@code x-forwarded-for}
header or, if unavailable,
* into \{@link HttpServletRequest#getRemoteAddr()}.
*
* @param req http request
* @return remote address associated to the request.
*/
public static String getRemoteAddress( final HttpServletRequest req ) {
String realIP = StringUtils.isNotEmpty ( req.getHeader(
"X-Forwarded-For" ) ) ? req.getHeader( "X-Forwarded-For" ) :
req.getRemoteAddr();
// can be a comma-separated list of IPs
if (realIP.contains(","))
realIP = realIP.substring(realIP.indexOf(","));
return realIP;
}
This method is new
/**
* Returns whether or not the IP address of the request equals a given IP,
or is in a given IP range
*
* @param req http request
* @param ipOrRange IP address or IP range to test against
* @return
*/
public static boolean ipIsInRange ( final HttpServletRequest req, final
String ipOrRange ) {
String requestIP = getRemoteAddress(req);
if (ipOrRange.contains("/")) {
IPAddressString testRange = new IPAddressString(ipOrRange);
return testRange.contains(new IPAddressString(requestIP));
} else {
return requestIP.equals(ipOrRange);
}
}
Changes in jspwiki-main/src/main/java/org/apache/wiki/plugin/IfPlugin.java
Instead of
include |= ipaddrToCheck.equals( HttpUtil.getRemoteAddress(
context.getHttpRequest() ) ) ^ invert;
now it should read
include |= HttpUtil.ipIsInRange( context.getHttpRequest(),
ipaddrToCheck ) ^ invert;
That's all. Now the IfPlugin accepts something like
[{If ip='192.168.0.0/16|10.0.0.0/8|127.0.0.1'
Secret stuff for localhost}]
{quote}
> Support IP ranges in IfPlugin
> -----------------------------
>
> Key: JSPWIKI-1183
> URL: https://issues.apache.org/jira/browse/JSPWIKI-1183
> Project: JSPWiki
> Issue Type: Improvement
> Components: Plugins
> Affects Versions: 2.12.1
> Reporter: Ulf Dittmer
> Priority: Minor
> Attachments: JSPWIKI-1183-patch.txt
>
>
> The IfPlugin.checkIP method has a comment "TODO: Add subnetwork matching,
> e.g. 10.0.0.0/8". This is a patch to address this. Sorry that this does not
> come as a PR, but the changes are limited in scope.
> (I have removed the rest of text to an attachment, as it was an endless
> battle with getting the formatting to display the mix of text and code
> correctly.)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
