QPDI-1583: Implement support for comma-seperated lists of networks and hostnames.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@743311 13f79535-47bb-0310-9956-ffa450edef68
author: Aidan Skinner <aidan@apache.org> 2009-02-11 12:38:31 +0000
committer: Aidan Skinner <aidan@apache.org> 2009-02-11 12:38:31 +0000
commit: a03d0ca88d863c1df1dc274ae98785a9d325e038 (patch)
tree: 32c4c3b0b1f61af1e6fd1854e440690dcbc2592a /qpid/java/broker/src/test
parent: b77f0d58e68eb7129e4e0c2b9d2f4dfa2c8170d4 (diff)
download: qpid-python-a03d0ca88d863c1df1dc274ae98785a9d325e038.tar.gz
2 files changed, 45 insertions, 10 deletions
diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/protocol/TestIoSession.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/protocol/TestIoSession.java
index c449135bd2..211f491867 100644
--- a/qpid/java/broker/src/test/java/org/apache/qpid/server/protocol/TestIoSession.java
+++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/protocol/TestIoSession.java
@@ -20,16 +20,26 @@
  */
 package org.apache.qpid.server.protocol;
 
-import org.apache.mina.common.*;
-import org.apache.mina.transport.socket.nio.SocketAcceptorConfig;
-import org.apache.qpid.pool.ReadWriteThreadModel;
-
-import java.net.InetAddress;
-import java.net.SocketAddress;
 import java.net.InetSocketAddress;
+import java.net.SocketAddress;
 import java.util.Set;
-import java.util.concurrent.ConcurrentMap;
 import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+
+import org.apache.mina.common.CloseFuture;
+import org.apache.mina.common.IdleStatus;
+import org.apache.mina.common.IoFilterChain;
+import org.apache.mina.common.IoHandler;
+import org.apache.mina.common.IoService;
+import org.apache.mina.common.IoServiceConfig;
+import org.apache.mina.common.IoSession;
+import org.apache.mina.common.IoSessionConfig;
+import org.apache.mina.common.ThreadModel;
+import org.apache.mina.common.TrafficMask;
+import org.apache.mina.common.TransportType;
+import org.apache.mina.common.WriteFuture;
+import org.apache.mina.transport.socket.nio.SocketAcceptorConfig;
+import org.apache.qpid.pool.ReadWriteThreadModel;
 
 /**
  * Test implementation of IoSession, which is required for some tests. Methods not being used are not implemented,
diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/plugins/network/FirewallPluginTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/plugins/network/FirewallPluginTest.java
index 5229146847..8028362979 100644
--- a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/plugins/network/FirewallPluginTest.java
+++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/plugins/network/FirewallPluginTest.java
@@ -25,15 +25,12 @@ import java.io.BufferedWriter;
 import java.io.File;
 import java.io.FileWriter;
 import java.io.IOException;
-import java.net.Inet4Address;
-import java.net.InetAddress;
 import java.net.InetSocketAddress;
 
 import junit.framework.TestCase;
 
 import org.apache.commons.configuration.ConfigurationException;
 import org.apache.commons.configuration.XMLConfiguration;
-import org.apache.mina.common.IoSession;
 import org.apache.qpid.codec.AMQCodecFactory;
 import org.apache.qpid.server.protocol.AMQMinaProtocolSession;
 import org.apache.qpid.server.protocol.TestIoSession;
@@ -264,4 +261,32 @@ public class FirewallPluginTest extends TestCase
         assertEquals(AuthzResult.ALLOWED, plugin.authoriseConnect(_session, _virtualHost));
     }
     
+    public void testCommaSeperatedNetmask() throws Exception
+    {
+        RuleInfo firstRule = new RuleInfo();
+        firstRule.setAccess("allow");
+        firstRule.setNetwork("10.1.1.1/8, 192.168.23.0/24");
+        FirewallPlugin plugin = initialisePlugin("deny", new RuleInfo[]{firstRule});
+
+        assertEquals(AuthzResult.DENIED, plugin.authoriseConnect(_session, _virtualHost));
+        
+        // Set session IP so that we're connected from the right address
+        ((TestIoSession) _session.getIOSession()).setAddress("192.168.23.23");
+        assertEquals(AuthzResult.ALLOWED, plugin.authoriseConnect(_session, _virtualHost));
+    }
+    
+    public void testCommaSeperatedHostnames() throws Exception
+    {
+        RuleInfo firstRule = new RuleInfo();
+        firstRule.setAccess("allow");
+        firstRule.setHostname("foo, bar, "+new InetSocketAddress("127.0.0.1", 5672).getHostName());
+        FirewallPlugin plugin = initialisePlugin("deny", new RuleInfo[]{firstRule});
+        ((TestIoSession) _session.getIOSession()).setAddress("10.0.0.1");
+        assertEquals(AuthzResult.DENIED, plugin.authoriseConnect(_session, _virtualHost));
+        
+        // Set session IP so that we're connected from the right address
+        ((TestIoSession) _session.getIOSession()).setAddress("127.0.0.1");
+        assertEquals(AuthzResult.ALLOWED, plugin.authoriseConnect(_session, _virtualHost));
+    }
+    
 }
author	Aidan Skinner <aidan@apache.org>	2009-02-11 12:38:31 +0000
committer	Aidan Skinner <aidan@apache.org>	2009-02-11 12:38:31 +0000
commit	a03d0ca88d863c1df1dc274ae98785a9d325e038 (patch)
tree	32c4c3b0b1f61af1e6fd1854e440690dcbc2592a /qpid/java/broker/src/test
parent	b77f0d58e68eb7129e4e0c2b9d2f4dfa2c8170d4 (diff)
download	qpid-python-a03d0ca88d863c1df1dc274ae98785a9d325e038.tar.gz