integrati

Afkham Azeez Wed, 21 Mar 2012 06:06:04 -0700

Why did you consider 127.0.0.1 as an invalid remote address? Now we are
getting stacktraces in integration tests due to this.


On Tue, Mar 13, 2012 at 2:26 PM, <[email protected]> wrote:

> Author: amilaj
> Date: Tue Mar 13 04:56:42 2012
> New Revision: 122514
> URL: http://wso2.org/svn/browse/wso2?view=rev&revision=122514
>
> Log:
> Add code to validate remote address. Also added a test case
>
> Modified:
>
> carbon/kernel/trunk/core/org.wso2.carbon.core.services/src/main/java/org/wso2/carbon/core/services/authentication/AuthenticationAdmin.java
>
> carbon/kernel/trunk/distribution/integration/framework/src/main/java/org/wso2/carbon/integration/framework/LoginLogoutUtil.java
>
> carbon/kernel/trunk/distribution/integration/tests/src/test/java/org/wso2/carbon/integration/tests/ServerAdminTestCase.java
>
> Modified:
> carbon/kernel/trunk/core/org.wso2.carbon.core.services/src/main/java/org/wso2/carbon/core/services/authentication/AuthenticationAdmin.java
> URL:
> http://wso2.org/svn/browse/wso2/carbon/kernel/trunk/core/org.wso2.carbon.core.services/src/main/java/org/wso2/carbon/core/services/authentication/AuthenticationAdmin.java?rev=122514&r1=122513&r2=122514&view=diff
>
> ==============================================================================
> ---
> carbon/kernel/trunk/core/org.wso2.carbon.core.services/src/main/java/org/wso2/carbon/core/services/authentication/AuthenticationAdmin.java
>  (original)
> +++
> carbon/kernel/trunk/core/org.wso2.carbon.core.services/src/main/java/org/wso2/carbon/core/services/authentication/AuthenticationAdmin.java
>  Tue Mar 13 04:56:42 2012
> @@ -42,10 +42,14 @@
>  import javax.servlet.http.Cookie;
>  import javax.servlet.http.HttpServletRequest;
>  import javax.servlet.http.HttpSession;
> +import java.net.InetAddress;
> +import java.net.UnknownHostException;
>  import java.text.SimpleDateFormat;
>  import java.util.Calendar;
>  import java.util.Date;
>  import java.util.UUID;
> +import java.util.regex.Matcher;
> +import java.util.regex.Pattern;
>
>  /**
>  * /**
> @@ -63,6 +67,13 @@
>     private static final int DEFAULT_PRIORITY_LEVEL = 5;
>     private static final String AUTHENTICATOR_NAME =
> "DefaultCarbonAuthenticator";
>
> +    private static final String IP_ADDRESS_PATTERN =
> +            "^([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\." +
> +                    "([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\." +
> +                    "([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\." +
> +                    "([01]?\\d\\d?|2[0-4]\\d|25[0-5])$";
> +
> +
>     public boolean login(String username, String password, String
> remoteAddress)
>             throws AuthenticationException {
>         HttpSession httpSession = getHttpSession();
> @@ -76,6 +87,8 @@
>                 return false;
>             }
>
> +            validateRemoteAddress(remoteAddress);
> +
>             RegistryService registryService =
> CarbonServicesServiceComponent.getRegistryService();
>             RealmService realmService =
> CarbonServicesServiceComponent.getRealmService();
>
> @@ -116,6 +129,40 @@
>         }
>     }
>
> +    private void validateRemoteAddress(String address) throws
> AuthenticationException {
> +
> +        if (address == null || address.isEmpty()) {
> +            return;
> +        }
> +
> +        address = address.replaceAll("\\s+", "");
> +        address = address.trim();
> +
> +        if (!isValidIPAddress(address)) {
> +            if (!isValidDNSAddress(address)) {
> +                throw new AuthenticationException("Authentication Failed
> : Invalid remote address passed - " + address);
> +            }
> +        }
> +    }
> +
> +    private boolean isValidDNSAddress(String address) {
> +        try {
> +            InetAddress ipAddress = InetAddress.getByName(address);
> +            return isValidIPAddress(ipAddress.getHostAddress());
> +        } catch (UnknownHostException e) {
> +            log.warn("Could not find IP address for domain name : " +
> address);
> +        }
> +
> +        return false;
> +    }
> +
> +    private boolean isValidIPAddress(String ipAddress) {
> +
> +      Pattern pattern = Pattern.compile(IP_ADDRESS_PATTERN);
> +      Matcher matcher = pattern.matcher(ipAddress);
> +      return matcher.matches();
> +    }
> +
>     public RememberMeData loginWithRememberMeOption(String username,
> String password, String remoteAddress)
>             throws AuthenticationException {
>         boolean isLoggedIn = this.login(username, password, remoteAddress);
>
> Modified:
> carbon/kernel/trunk/distribution/integration/framework/src/main/java/org/wso2/carbon/integration/framework/LoginLogoutUtil.java
> URL:
> http://wso2.org/svn/browse/wso2/carbon/kernel/trunk/distribution/integration/framework/src/main/java/org/wso2/carbon/integration/framework/LoginLogoutUtil.java?rev=122514&r1=122513&r2=122514&view=diff
>
> ==============================================================================
> ---
> carbon/kernel/trunk/distribution/integration/framework/src/main/java/org/wso2/carbon/integration/framework/LoginLogoutUtil.java
>     (original)
> +++
> carbon/kernel/trunk/distribution/integration/framework/src/main/java/org/wso2/carbon/integration/framework/LoginLogoutUtil.java
>     Tue Mar 13 04:56:42 2012
> @@ -67,10 +67,27 @@
>      */
>     @Deprecated
>     public String login() throws Exception {
> +
> +        return login(NetworkUtils.getLocalHostname());
> +    }
> +
> +     /**
> +     * @param hostName The client host name.
> +      * @deprecated Now we do not need to call AuthenticationAdmin.login
> method before calling an admin service.
> +     * We can directly call an admin service after setting basic auth
> security headers. To set basic auth
> +     * security headers please use
> CarbonUtils.setBasicAccessSecurityHeaders method.
> +     * @see CarbonUtils.setBasicAccessSecurityHeaders(String, String,
> ServiceClient);
> +     * Log in to a Carbon server
> +     *
> +     * @return The session cookie on successful login
> +     * @throws Exception If an error occurs while logging in
> +     */
> +    @Deprecated
> +    public String login(String hostName) throws Exception  {
> +
>
> ClientConnectionUtil.waitForPort(Integer.parseInt(FrameworkSettings.HTTPS_PORT)
> + portOffset);
>         AuthenticationAdminStub authAdminStub = getAuthAdminStub();
>
> -        String hostName = NetworkUtils.getLocalHostname();
>         if (log.isDebugEnabled()) {
>             log.debug("UserName : " + FrameworkSettings.USER_NAME + "
> Password : " +
>                       FrameworkSettings.PASSWORD + " HostName : " +
> hostName);
> @@ -88,6 +105,7 @@
>         }
>         log.info("Successfully logged in : " + sessionCookie);
>         return sessionCookie;
> +
>     }
>
>     public boolean loginWithBasicAuth() {
>
> Modified:
> carbon/kernel/trunk/distribution/integration/tests/src/test/java/org/wso2/carbon/integration/tests/ServerAdminTestCase.java
> URL:
> http://wso2.org/svn/browse/wso2/carbon/kernel/trunk/distribution/integration/tests/src/test/java/org/wso2/carbon/integration/tests/ServerAdminTestCase.java?rev=122514&r1=122513&r2=122514&view=diff
>
> ==============================================================================
> ---
> carbon/kernel/trunk/distribution/integration/tests/src/test/java/org/wso2/carbon/integration/tests/ServerAdminTestCase.java
> (original)
> +++
> carbon/kernel/trunk/distribution/integration/tests/src/test/java/org/wso2/carbon/integration/tests/ServerAdminTestCase.java
> Tue Mar 13 04:56:42 2012
> @@ -20,6 +20,7 @@
>  import org.apache.axis2.AxisFault;
>  import org.apache.commons.logging.Log;
>  import org.apache.commons.logging.LogFactory;
> +import org.testng.Assert;
>  import org.testng.annotations.BeforeMethod;
>  import org.testng.annotations.Test;
>  import org.wso2.carbon.integration.framework.ClientConnectionUtil;
> @@ -49,12 +50,26 @@
>     }
>
>     @Test(groups = {"carbon.core"}, threadPoolSize = 10, invocationCount =
> 10,
> -            description = "Test server information retrieval from the
> ServerAdmin service",
> -            enabled = false)
> +            description = "Test server information retrieval from the
> ServerAdmin service")
>     public void testRetrieveServerInfo() throws Exception {
>         ServerAdminClient serverAdmin =
> LoginLogoutUtil.getServerAdminClient(0);
>         assertNotNull(serverAdmin.getServerData(), "Carbon server data
> cannot be null");
>     }
>
> +    @Test(groups = {"carbon.core"})
> +    public void testInvalidRemoteAddress() {
> +        ClientConnectionUtil.waitForPort(9443);
> +
> +        // This should throw an exception
> +        try {
> +            sessionCookie = util.login("127.0.0.1\n[2012-03-13
> 00:56:13,923]  " +
> +                    "INFO
> {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} -  " +
> +                    "'admin' logged in at [2012-03-13 00:56:13,0923] from
> IP address 127.0.0.1");
> +            Assert.fail("Should not be able to login");
> +        } catch (Exception e) {
> +            Assert.assertTrue(true);
> +        }
> +    }
> +
>
>  }
> _______________________________________________
> Carbon-commits mailing list
> [email protected]
> https://wso2.org/cgi-bin/mailman/listinfo/carbon-commits
>



-- 
*Afkham Azeez*
Director of Architecture; WSO2, Inc.; http://wso2.com
Member; Apache Software Foundation; http://www.apache.org/
* <http://www.apache.org/>**
email: **[email protected]* <[email protected]>* cell: +94 77 3320919
blog: **http://blog.afkham.org* <http://blog.afkham.org>*
twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez>
*
linked-in: **http://lk.linkedin.com/in/afkhamazeez*
*
*
*Lean . Enterprise . Middleware*

_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Carbon-commits] [Carbon-kernel] svn commit r122514 - in carbon/kernel/trunk: core/org.wso2.carbon.core.services/src/main/java/org/wso2/carbon/core/services/authentication distribution/integration/framework/src/main/java/org/wso2/carbon/integrati

Reply via email to