Mercurial > hg > digilib

changeset 1495:bc66091ba443

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
IpAuthnOps can do IPv6 now.
author robcast
date Wed, 30 Mar 2016 11:25:28 +0200
parents 589f47478095
children 116b294a276b
files servlet/src/main/java/digilib/auth/IpAuthnOps.java servlet/src/main/java/digilib/auth/IpServletAuthnOps.java
diffstat 2 files changed, 27 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/servlet/src/main/java/digilib/auth/IpAuthnOps.java	Wed Mar 30 11:21:54 2016 +0200
+++ b/servlet/src/main/java/digilib/auth/IpAuthnOps.java	Wed Mar 30 11:25:28 2016 +0200
@@ -51,6 +51,7 @@
  * <digilib-addresses>
  *   <address ip="130.92.68" role="eastwood-coll,ptolemaios-geo" />
  *   <address ip="130.92.151" role="wtwg" />
+ *   <address ip="0:0:0:0:0:0:0:1" role="local" />
  * </digilib-addresses>
  * }
  * </pre>
@@ -64,7 +65,8 @@
     protected Logger logger = Logger.getLogger(this.getClass());
 
     protected File configFile;
-    protected HashTree authIPs;
+    protected HashTree authIP4s;
+    protected HashTree authIP6s;
 
     /**
      * Initialize authentication operations.
@@ -85,13 +87,14 @@
             XMLListLoader ipLoader = new XMLListLoader("digilib-addresses", "address", "ip", "role");
             ipList = ipLoader.loadUri(configFile.toURI());
         } catch (Exception e) {
-            throw new AuthOpException("ERROR loading authorization config file: " + e);
+            throw new AuthOpException("ERROR loading auth config file: " + e);
         }
         if (ipList == null) {
-            throw new AuthOpException("ERROR unable to load authorization config file!");
+            throw new AuthOpException("ERROR unable to load auth config file!");
         }
-        // setup ip tree
-        authIPs = new HashTree(ipList, ".", ",");
+        // setup ip trees
+        authIP4s = new HashTree(ipList, ".", ",");
+        authIP6s = new HashTree(ipList, ":", ",");
     }
 
     /* (non-Javadoc)
@@ -100,9 +103,17 @@
     @Override
     public boolean isUserInRole(DigilibRequest dlRequest, String role) throws AuthOpException {
         // check if the requests address provides a role
+        List<String> provided = null;
         HttpServletRequest request = ((DigilibServletRequest) dlRequest).getServletRequest();
         String ip = request.getRemoteAddr();
-        List<String> provided = authIPs.match(ip);
+        logger.debug("Testing role '"+role+"' for ip "+ip);
+        if (ip.contains(":")) {
+            // IPv6
+            provided = authIP6s.match(ip);
+        } else {
+            // IPv4
+            provided = authIP4s.match(ip);
+        }
         if ((provided != null) && (provided.contains(role))) {
             return true;
         }
--- a/servlet/src/main/java/digilib/auth/IpServletAuthnOps.java	Wed Mar 30 11:21:54 2016 +0200
+++ b/servlet/src/main/java/digilib/auth/IpServletAuthnOps.java	Wed Mar 30 11:25:28 2016 +0200
@@ -44,6 +44,7 @@
  * <digilib-addresses>
  *   <address ip="130.92.68" role="eastwood-coll,ptolemaios-geo" />
  *   <address ip="130.92.151" role="wtwg" />
+ *   <address ip="0:0:0:0:0:0:0:1" role="local" />
  * </digilib-addresses>
  * }
  * </pre>
@@ -60,9 +61,17 @@
     @Override
     public boolean isUserInRole(DigilibRequest dlRequest, String role) throws AuthOpException {
         // check if the requests address provides a role
+        List<String> provided = null;
         HttpServletRequest request = ((DigilibServletRequest) dlRequest).getServletRequest();
         String ip = request.getRemoteAddr();
-        List<String> provided = authIPs.match(ip);
+        logger.debug("Testing role '"+role+"' for ip "+ip);
+        if (ip.contains(":")) {
+            // IPv6
+            provided = authIP6s.match(ip);
+        } else {
+            // IPv4
+            provided = authIP4s.match(ip);
+        }
         if ((provided != null) && (provided.contains(role))) {
             return true;
         }