I posted this to this list last week - I think it got swamped by the
noise surrounding Sun's linux JDK announcement.
If there is to be a 1.1b4 release soon would someone consider these
change requests? They are minor modifications and should not affect the
default behaviour - I just need a developer to run with them, or at
least tell me that they are not a good idea and why ;)
TIA,
Damian
Damian Fauth wrote:
>
> Hi,
>
> I would like to propose a couple of changes to the ApacheJServ code. The
> issues we have are:
>
> 1. We would like to be able to disable the 'security.allowedAddresses'
> configuration functionality. We run an ApacheJServ installation on a
> dedicated NT server that services requests from a number of front end
> unix boxes. These unix boxes sit in a number of multinetted subnets, the
> network configuration of which is beyond our control. On several
> occasions now additional IP addresses have been added to the front end
> servers and for some (apparently inexplicable) reason, requests then
> appear to be coming from the new IP address which, of course, JServ
> rejects. If it were possible to disable this security precaution, this
> situation would not bite us.
>
> 2. Related to this is the situation where JServ cannot resolve these
> same addresses at startup, which has led to delays or even failure of
> the server to start up. Clearly the correct solution is to fix the DNS,
> however this is also beyond my control. The code change (included below)
> allows the use of the configuration directive
>
> security.allowedAddresses=DISABLED
>
> This will set the addressList vector to null in org.apache.jserv.JServ.
> A corresponding code change in
> org.apache.java.net.AuthenticatedServerSocket.java omits the check that
> this filterList is not null and the accept() method insteads interprets
> a null vector reference to mean that all IP addresses are allowed.
>
> This should not change the default functionality which will remain as
> only allowing connections from localhost.
>
> The second change is simpler. We would like to be able to call
> JServ.clear() from other classes in the same package which requires that
> it be changed from private to protected. The reason we would like to do
> this is that we are developing a wrapper class that interfaces via
> native code to the Windows NT Service Control Manager, implementing the
> start and stop service control calls as java events. This wrapper class
> needs to call JServ.clear() in order to implement the shutdown cleanly.
> JServ.terminate() has been declared as protected and it basically calls
> JServ.clear() and the exits via System.exit(), so it seems that the
> change of JServ.clear() to protected should not have much impact. And
> before anyone asks why not just call JServ.terminate(), the
> System.exit() seems to cause the native service control manager
> executable to exit prematurely.
>
> What does everyone think? Is there any chance to get these changes into
> the next beta, if there is to be one?
>
> Damian
>
> PS. diff for the first change attached, made against ApacheJServ-1.1b3
>
> -- start included files --
>
> [damian@homer net]$ diff -u3 AuthenticatedServerSocket.java
> AuthenticatedServerSocket.bak
> --- AuthenticatedServerSocket.java Tue Dec 7 16:23:56 1999
> +++ AuthenticatedServerSocket.bak Tue Dec 7 13:04:38 1999
> @@ -125,11 +125,11 @@
>
> this.maxConnections = maxConnections;
>
> -// if (filterList == null) {
> -// throw new IOException("Filter list cannot be null");
> -// } else {
> + if (filterList == null) {
> + throw new IOException("Filter list cannot be null");
> + } else {
> this.filterList = filterList;
> -// }
> + }
>
> this.md = md;
> this.secret = secret;
> @@ -163,20 +163,7 @@
> }
>
> try {
> - if (filterList != null) {
> - if (filterList.contains(i)) {
> - if (isAuthenticated(s)) {
> - return s;
> - } else {
> - s.close();
> - throw new AuthenticationException("Connection
> from "
> - + i + " refused due to authentication
> failure");
> - }
> - } else {
> - throw new AuthenticationException("Connections from
> "
> - + i + " are not allowed");
> - }
> - } else {
> + if (filterList.contains(i)) {
> if (isAuthenticated(s)) {
> return s;
> } else {
> @@ -184,6 +171,9 @@
> throw new AuthenticationException("Connection from
> "
> + i + " refused due to authentication
> failure");
> }
> + } else {
> + throw new AuthenticationException("Connections from "
> + + i + " are not allowed");
> }
> } catch (IOException e) {
> if (e instanceof AuthenticationException) {
> @@ -259,4 +249,4 @@
> public int getMaxConnections() {
> return maxConnections;
> }
> -}
> +}
>
> [damian@homer jserv]$ diff -u3 JServ.java JServ.bak
> --- JServ.java Tue Dec 7 16:24:18 1999
> +++ JServ.bak Tue Dec 7 13:01:31 1999
> @@ -304,10 +304,6 @@
> do {
> try {
> address = (String) addresses.nextElement();
> - if(address.equals("DISABLED")) {
> - addressList = null;
> - break;
> - }
> } catch (NoSuchElementException noAddressSpecified) {
> address = "127.0.0.1";
> }
>
> -- end included files --
>
> --
> Damian Fauth Fairfax Interactive Network (F2)
> Senior Software Engineer 201 Sussex Street
> Ph: +61 2 9282 3528 Sydney NSW 2000
> [EMAIL PROTECTED] http://www.f2.com.au
>
> --
> ----------------------------------------------------------
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> Archives and Other: <http://java.apache.org/main/mail.html>
> Problems?: [EMAIL PROTECTED]
--
Damian Fauth Fairfax Interactive Network (F2)
Senior Software Engineer 201 Sussex Street
Ph: +61 2 9282 3528 Sydney NSW 2000
[EMAIL PROTECTED] http://www.f2.com.au
--
----------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
