diff options
Diffstat (limited to 'spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java')
| -rw-r--r-- | spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java | 49 |
1 files changed, 30 insertions, 19 deletions
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java index 9901212db..1f1282e66 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java @@ -1,5 +1,7 @@ package at.gv.egovernment.moa.spss.util;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
import java.util.Iterator;
import java.util.List;
@@ -10,50 +12,59 @@ import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; public class ExternalURIVerifier {
public static void verify(String host, int port) throws MOAApplicationException {
+
+ System.out.println("ExternalURIVerifier: " + host + ":" + port);
+
+ if (host == null)
+ return;
+ if (host.equalsIgnoreCase(""))
+ return;
+
try {
- ConfigurationProvider config = ConfigurationProvider.reload();
-//
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+
boolean allowExternalUris = config.getAllowExternalUris();
List blacklist = config.getBlackListedUris();
-
+ InetAddress hostInetAddress = InetAddress.getByName(host);
+ String ip = hostInetAddress.getHostAddress();
+
+
if (allowExternalUris) {
Iterator it = blacklist.iterator();
while (it.hasNext()) {
String[] array = (String[])it.next();
String bhost = array[0];
String bport = array[1];
- if (bport == null) {
+ if (bport == null || port == -1) {
// check only host
- if (bhost.equalsIgnoreCase(host)) {
- System.out.println("Blacklist check: " + host + " blacklisted");
- throw new MOAApplicationException("4002", new Object[]{host});
+ if (ip.startsWith(bhost)) {
+ System.out.println("Blacklist check: " + host + " (" + ip + ") blacklisted");
+ throw new MOAApplicationException("4002", new Object[]{host + "(" + ip + ")"});
}
}
else {
// check host and port
int iport = new Integer(bport).intValue();
- if (bhost.equalsIgnoreCase(host) && (iport == port)) {
- System.out.println("Blacklist check: " + host + ":" + port + " blacklisted");
- throw new MOAApplicationException("4002", new Object[]{host + ":" + port});
+ if (ip.startsWith(bhost) && (iport == port)) {
+ System.out.println("Blacklist check: " + host + ":" + port + " (" + ip + ":" + port + " blacklisted");
+ throw new MOAApplicationException("4002", new Object[]{host + ":" + port + " (" + ip + ":" + port + ")"});
}
}
}
}
- else {
- if (port == -1) {
- System.out.println("No external URI allowed (" + host + ")");
- throw new MOAApplicationException("4001", new Object[]{host});
- }
- else {
- System.out.println("No external URI allowed (" + host + ":" + port + ")");
- throw new MOAApplicationException("4001", new Object[]{host + ":" + port});
- }
+ else {
+ System.out.println("No external URIs allowed (" + host + ")");
+ throw new MOAApplicationException("4001", new Object[]{host});
}
+
+ System.out.println("URI allowed: " + ip + ":" + port);
} catch (ConfigurationException e) {
throw new MOAApplicationException("config.10", null);
+ } catch (UnknownHostException e) {
+ throw new MOAApplicationException("4003", new Object[]{host});
}
|