[gatewiki-commits] SF.net SVN: gatewiki:[1734] trunk/cow/grails-app

Revision: 1734
          http://gatewiki.svn.sourceforge.net/gatewiki/?rev=1734&view=rev
Author:   ian_roberts
Date:     2009-10-19 15:07:10 +0000 (Mon, 19 Oct 2009)

Log Message:
-----------
Fixed localhost filtering to allow IPv6 localhost (::1) as well as IPv4
localhost (127.*).

Modified Paths:
--------------
    trunk/cow/grails-app/conf/SecurityFilters.groovy
    trunk/cow/grails-app/utils/gate/cow/LocalHostFilter.groovy

Modified: trunk/cow/grails-app/conf/SecurityFilters.groovy
===================================================================
--- trunk/cow/grails-app/conf/SecurityFilters.groovy 2009-10-19 14:18:11 UTC (rev 1733)
+++ trunk/cow/grails-app/conf/SecurityFilters.groovy 2009-10-19 15:07:10 UTC (rev 1734)
@@ -58,7 +58,7 @@
       nonLocalRequests(controller: '*', action: '*') {
         before = {
           String userip = request.getRemoteAddr();
-          if(! userip.startsWith(LOCAL_IP)) {
+          if(! LOCAL_IP.matcher(userip).find()) {
             response.sendError(
               HttpServletResponse.SC_FORBIDDEN,
               "Access is disallowed from IP ${userip}"
@@ -70,7 +70,8 @@
     }
   } // filters
 
-  /** Bar anything starting with this when in workstation mode. */
-  public final static String LOCAL_IP = "127.0.";
+  /** Regular expression for IPs we consider local. */
+  public final static LOCAL_IP =
+            ~/^(?:127\.0\.)|(?:0\:0\:0\:0\:0\:0\:0\:1)/
 
 } // SecurityFilters

Modified: trunk/cow/grails-app/utils/gate/cow/LocalHostFilter.groovy
===================================================================
--- trunk/cow/grails-app/utils/gate/cow/LocalHostFilter.groovy 2009-10-19 14:18:11 UTC (rev 1733)
+++ trunk/cow/grails-app/utils/gate/cow/LocalHostFilter.groovy 2009-10-19 15:07:10 UTC (rev 1734)
@@ -15,6 +15,7 @@
 import javax.servlet.*;
 import java.io.IOException;
 import java.util.StringTokenizer;
+import java.util.regex.Pattern;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
@@ -24,6 +25,8 @@
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.log4j.Logger;
+
 /**
  * Simple filter to bar all requests not from localhost.
  * Adapted from this <a
@@ -31,11 +34,14 @@
  * example</a> (thanks folks!).
  */
 public class LocalHostFilter implements Filter {
+  private static final Logger log = Logger.getLogger(LocalHostFilter)
+
   /** Construction. */
   public LocalHostFilter() {}
 
-  /** Bar anything starting with this. */
-  public final static String LOCAL_IP = "127.0.";
+  /** Regular expression for IPs we consider local. */
+  public final static Pattern LOCAL_IP =
+            ~/^(?:127\.0\.)|(?:0\:0\:0\:0\:0\:0\:0\:1)/;
 
   /** Config. */
   private FilterConfig filterConfig;
@@ -57,10 +63,11 @@
       httpResponse = (HttpServletResponse) response;
     }
 
-    if(! userip.startsWith(LOCAL_IP)) {
+    log.debug("Checking user IP ${userip} against pattern ${LOCAL_IP.pattern()}")
+    if(! LOCAL_IP.matcher(userip).find()) {
       httpResponse.sendError(
         HttpServletResponse.SC_FORBIDDEN,
-        "Access is disallowed from IP ${userip}"
+        "Access is still disallowed from IP ${userip}"
       );
     } else {
       filterchain.doFilter(request, response);


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
gatewiki-commits mailing list
gatewiki-commits@...
https://lists.sourceforge.net/lists/listinfo/gatewiki-commits