mirror of
https://github.com/DSpace/DSpace.git
synced 2025-10-17 23:13:10 +00:00
[DS-213] IPAuthentication extended to allow negative matching
git-svn-id: http://scm.dspace.org/svn/repo/dspace/trunk@3990 9c30dcfa-912a-0410-8fc2-9e0234be79fd
This commit is contained in:
Stuart Lewis
@@ -62,6 +62,11 @@ import org.dspace.eperson.Group;
|
||||
* <P>
|
||||
* e.g. {@code authentication.ip.MIT = 18., 192.25.0.0/255.255.0.0}
|
||||
* <P>
|
||||
* Negative matches can be included by prepending the range with a '-'. For example if you want
|
||||
* to include all of a class B network except for users of a contained class c network, you could use:
|
||||
* <P>
|
||||
* 111.222,-111.222.333.
|
||||
* <p>
|
||||
* For supported IP ranges see {@link org.dspace.authenticate.IPMatcher}.
|
||||
*
|
||||
* @version $Revision$
|
||||
@@ -75,6 +80,9 @@ public class IPAuthentication implements AuthenticationMethod
|
||||
/** All the IP matchers */
|
||||
private List<IPMatcher> ipMatchers;
|
||||
|
||||
/** All the negative IP matchers */
|
||||
private List<IPMatcher> ipNegativeMatchers;
|
||||
|
||||
/**
|
||||
* Maps IPMatchers to group names when we don't know group DB ID yet. When
|
||||
* the DB ID is known, the IPMatcher is moved to ipMatcherGroupIDs and then
|
||||
@@ -92,6 +100,7 @@ public class IPAuthentication implements AuthenticationMethod
|
||||
public IPAuthentication()
|
||||
{
|
||||
ipMatchers = new ArrayList<IPMatcher>();
|
||||
ipNegativeMatchers = new ArrayList<IPMatcher>();
|
||||
ipMatcherGroupIDs = new HashMap<IPMatcher, Integer>();
|
||||
ipMatcherGroupNames = new HashMap<IPMatcher, String>();
|
||||
|
||||
@@ -130,17 +139,26 @@ public class IPAuthentication implements AuthenticationMethod
|
||||
{
|
||||
String[] ranges = ipRanges.split("\\s*,\\s*");
|
||||
|
||||
for (int i = 0; i < ranges.length; i++)
|
||||
for (String entry : ranges)
|
||||
{
|
||||
try
|
||||
{
|
||||
IPMatcher ipm = new IPMatcher(ranges[i]);
|
||||
IPMatcher ipm;
|
||||
if (entry.startsWith("-"))
|
||||
{
|
||||
ipm = new IPMatcher(entry.substring(1));
|
||||
ipNegativeMatchers.add(ipm);
|
||||
}
|
||||
else
|
||||
{
|
||||
ipm = new IPMatcher(entry);
|
||||
ipMatchers.add(ipm);
|
||||
}
|
||||
ipMatcherGroupNames.put(ipm, groupName);
|
||||
|
||||
if (log.isDebugEnabled())
|
||||
{
|
||||
log.debug("Configured " + ranges[i] + " for special group "
|
||||
log.debug("Configured " + entry + " for special group "
|
||||
+ groupName);
|
||||
}
|
||||
}
|
||||
@@ -181,10 +199,8 @@ public class IPAuthentication implements AuthenticationMethod
|
||||
|
||||
String addr = request.getRemoteAddr();
|
||||
|
||||
for (int i = 0; i < ipMatchers.size(); i++)
|
||||
for (IPMatcher ipm : ipMatchers)
|
||||
{
|
||||
IPMatcher ipm = ipMatchers.get(i);
|
||||
|
||||
try
|
||||
{
|
||||
if (ipm.match(addr))
|
||||
@@ -229,6 +245,54 @@ public class IPAuthentication implements AuthenticationMethod
|
||||
}
|
||||
}
|
||||
|
||||
// Now remove any negative matches
|
||||
for (IPMatcher ipm : ipNegativeMatchers)
|
||||
{
|
||||
try
|
||||
{
|
||||
if (ipm.match(addr))
|
||||
{
|
||||
// Do we know group ID?
|
||||
Integer g = ipMatcherGroupIDs.get(ipm);
|
||||
if (g != null)
|
||||
{
|
||||
groupIDs.remove(g);
|
||||
}
|
||||
else
|
||||
{
|
||||
// See if we have a group name
|
||||
String groupName = ipMatcherGroupNames.get(ipm);
|
||||
|
||||
if (groupName != null)
|
||||
{
|
||||
Group group = Group.findByName(context, groupName);
|
||||
if (group != null)
|
||||
{
|
||||
// Add ID so we won't have to do lookup again
|
||||
ipMatcherGroupIDs.put(ipm, new Integer(group
|
||||
.getID()));
|
||||
ipMatcherGroupNames.remove(ipm);
|
||||
|
||||
groupIDs.remove(new Integer(group.getID()));
|
||||
}
|
||||
else
|
||||
{
|
||||
log.warn(LogManager.getHeader(context,
|
||||
"configuration_error", "unknown_group="
|
||||
+ groupName));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
catch (IPMatcherException ipme)
|
||||
{
|
||||
log.warn(LogManager.getHeader(context, "configuration_error",
|
||||
"bad_ip=" + addr), ipme);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
int[] results = new int[groupIDs.size()];
|
||||
for (int i = 0; i < groupIDs.size(); i++)
|
||||
{
|
||||
|
||||
@@ -21,6 +21,7 @@
|
||||
- [DS-204] New -zip option for item exporter and importer
|
||||
- [DS-209] Context.java turnOffAuthorisationSystem() can throw a NPE
|
||||
- [DS-212] NPE thrown during Harvest of non-items when visibility restriction is enabled
|
||||
- [DS-213] IPAuthentication extended to allow negative matching
|
||||
- [DS-216] Migrating items that use additional metadata schemas causes an NPE
|
||||
- [DS-221] XMLUI 'current activity' recognises Google Chrome as Safari
|
||||
|
||||
@@ -40,7 +41,6 @@
|
||||
- [DS-218] Cannot add/remove email subscriptions from Profile page in XMLUI
|
||||
- [DS-238] Move item function in xmlui
|
||||
|
||||
|
||||
(Tim Donohue / Andrea Bollini)
|
||||
- [DS-228] Community Admin XMLUI: Delegated Admins Patch
|
||||
|
||||
|
||||
@@ -1953,6 +1953,7 @@ plugin.sequence.org.dspace.authenticate.AuthenticationMethod =
|
||||
netmask
|
||||
|
||||
</screen>
|
||||
<para>Negative metches can be set by prepending the entry with a '-'. For example if you want to include all of a class B network except for users of a contained class c network, you could use: 111.222,-111.222.333.</para>
|
||||
<para><emphasis role="bold">Note:</emphasis> if the Groupname contains blanks you must escape the, e.g. Department\ of\ Statistics</para>
|
||||
</section>
|
||||
<section remap="h4">
|
||||
|
||||
Reference in New Issue
Block a user