diff options
2 files changed, 20 insertions, 14 deletions
diff --git a/standalone-container/src/main/java/com/yahoo/container/standalone/StandaloneContainerActivator.java b/standalone-container/src/main/java/com/yahoo/container/standalone/StandaloneContainerActivator.java index daa609ea686..5de0e30b488 100644 --- a/standalone-container/src/main/java/com/yahoo/container/standalone/StandaloneContainerActivator.java +++ b/standalone-container/src/main/java/com/yahoo/container/standalone/StandaloneContainerActivator.java @@ -39,10 +39,10 @@ import java.util.stream.Stream; import static java.util.stream.Collectors.toMap; /** - * @author <a href="mailto:einarmr@yahoo-inc.com">Einar M R Rosenvinge</a> - * @since 5.21.0 + * @author Einar M R Rosenvinge */ public class StandaloneContainerActivator implements BundleActivator { + @Override public void start(BundleContext bundleContext) throws Exception { Container container = getContainer(); @@ -74,8 +74,6 @@ public class StandaloneContainerActivator implements BundleActivator { StandaloneContainerActivator::getFileChannel)); } - - private static FileChannel getFileChannel(Path path) { try { FileInputStream inputStream = new FileInputStream(path.toFile()); @@ -179,6 +177,7 @@ public class StandaloneContainerActivator implements BundleActivator { }; } } + public static class DummyOsgiFramework implements OsgiFramework { @Override public List<Bundle> installBundle(String bundleLocation) { @@ -213,4 +212,5 @@ public class StandaloneContainerActivator implements BundleActivator { public void stop() { } } + } diff --git a/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java b/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java index 0a1bfdae3a3..d9c85f0cd1b 100644 --- a/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java +++ b/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java @@ -31,17 +31,17 @@ public class RestrictedServerCnxnFactory extends NIOServerCnxnFactory { @Override protected NIOServerCnxn createConnection(SocketChannel socket, SelectionKey selection) throws IOException { ImmutableSet<String> allowedZooKeeperClients = findAllowedZooKeeperClients(); - if (allowedZooKeeperClients.isEmpty()) return super.createConnection(socket, selection); - String remoteHost = ((InetSocketAddress)socket.getRemoteAddress()).getHostName(); - if ( ! remoteHost.equals("localhost") && ! allowedZooKeeperClients.contains(remoteHost)) { - String errorMessage = "Rejecting connection to ZooKeeper from " + remoteHost + - ": This cluster only allow connection from hosts in: " + allowedZooKeeperClients; - log.info(errorMessage); - throw new IllegalArgumentException(errorMessage); // log and throw as this exception will be suppressed by zk - } - log.fine(() -> "Allowing connection to ZooKeeper from " + remoteHost + ", as it is in " + allowedZooKeeperClients); - return super.createConnection(socket, selection); + + if (isLocalHost(remoteHost)) return super.createConnection(socket, selection); // always allow localhost + if (allowedZooKeeperClients.isEmpty()) return super.createConnection(socket, selection); // inactive: allow all + if (allowedZooKeeperClients.contains(remoteHost)) return super.createConnection(socket, selection); // allowed + + // Not allowed: Reject connection + String errorMessage = "Rejecting connection to ZooKeeper from " + remoteHost + + ": This cluster only allow connection from hosts in: " + allowedZooKeeperClients; + log.info(errorMessage); + throw new IllegalArgumentException(errorMessage); // log and throw as this exception will be suppressed by zk } /** Returns the allowed client host names. If the list is empty any host is allowed. */ @@ -64,4 +64,10 @@ public class RestrictedServerCnxnFactory extends NIOServerCnxnFactory { return hostnames; } + private boolean isLocalHost(String remoteHost) { + if (remoteHost.equals("localhost")) return true; + if (remoteHost.equals("localhost.localdomain")) return true; + return false; + } + } |