diff options
| author | Jon Bratseth <bratseth@yahoo-inc.com> | 2016-11-11 12:45:51 +0100 |
|---|---|---|
| committer | Jon Bratseth <bratseth@yahoo-inc.com> | 2016-11-11 12:45:51 +0100 |
| commit | 9170f595a965f2d15df9daa46585a06bacac2082 (patch) | |
| tree | dcfc08a171ddee26ad0e0c72cafb9a75d420bed8 /zkfacade | |
| parent | 5d236acbc689d1247e6c0c4c40f5f3f40a29ccfe (diff) | |
Allow localhost.localdomain
Diffstat (limited to 'zkfacade')
| -rw-r--r-- | zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java b/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java index 0a1bfdae3a3..d9c85f0cd1b 100644 --- a/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java +++ b/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java @@ -31,17 +31,17 @@ public class RestrictedServerCnxnFactory extends NIOServerCnxnFactory { @Override protected NIOServerCnxn createConnection(SocketChannel socket, SelectionKey selection) throws IOException { ImmutableSet<String> allowedZooKeeperClients = findAllowedZooKeeperClients(); - if (allowedZooKeeperClients.isEmpty()) return super.createConnection(socket, selection); - String remoteHost = ((InetSocketAddress)socket.getRemoteAddress()).getHostName(); - if ( ! remoteHost.equals("localhost") && ! allowedZooKeeperClients.contains(remoteHost)) { - String errorMessage = "Rejecting connection to ZooKeeper from " + remoteHost + - ": This cluster only allow connection from hosts in: " + allowedZooKeeperClients; - log.info(errorMessage); - throw new IllegalArgumentException(errorMessage); // log and throw as this exception will be suppressed by zk - } - log.fine(() -> "Allowing connection to ZooKeeper from " + remoteHost + ", as it is in " + allowedZooKeeperClients); - return super.createConnection(socket, selection); + + if (isLocalHost(remoteHost)) return super.createConnection(socket, selection); // always allow localhost + if (allowedZooKeeperClients.isEmpty()) return super.createConnection(socket, selection); // inactive: allow all + if (allowedZooKeeperClients.contains(remoteHost)) return super.createConnection(socket, selection); // allowed + + // Not allowed: Reject connection + String errorMessage = "Rejecting connection to ZooKeeper from " + remoteHost + + ": This cluster only allow connection from hosts in: " + allowedZooKeeperClients; + log.info(errorMessage); + throw new IllegalArgumentException(errorMessage); // log and throw as this exception will be suppressed by zk } /** Returns the allowed client host names. If the list is empty any host is allowed. */ @@ -64,4 +64,10 @@ public class RestrictedServerCnxnFactory extends NIOServerCnxnFactory { return hostnames; } + private boolean isLocalHost(String remoteHost) { + if (remoteHost.equals("localhost")) return true; + if (remoteHost.equals("localhost.localdomain")) return true; + return false; + } + } |