diff --git a/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java b/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java index e81741b14a..b3c5581a4d 100644 --- a/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java +++ b/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java @@ -17,15 +17,17 @@ package org.apache.hugegraph.api.filter; +import static org.apache.hugegraph.config.ServerOptions.WHITE_IP_STATUS; + import java.io.IOException; import java.security.Principal; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Objects; import javax.xml.bind.DatatypeConverter; -import org.apache.commons.lang3.StringUtils; import org.apache.hugegraph.auth.HugeAuthenticator; import org.apache.hugegraph.auth.HugeAuthenticator.RequiredPerm; import org.apache.hugegraph.auth.HugeAuthenticator.RolePerm; @@ -40,10 +42,12 @@ import org.glassfish.grizzly.utils.Charsets; import org.slf4j.Logger; +import com.alipay.remoting.util.StringUtils; import com.google.common.collect.ImmutableList; import jakarta.annotation.Priority; import jakarta.ws.rs.BadRequestException; +import jakarta.ws.rs.ForbiddenException; import jakarta.ws.rs.NotAuthorizedException; import jakarta.ws.rs.Priorities; import jakarta.ws.rs.container.ContainerRequestContext; @@ -72,7 +76,8 @@ public class AuthenticationFilter implements ContainerRequestFilter { private static String whiteIpStatus; - private static String STRING_WHITE_IP_LIST = "whiteiplist"; + private static final String STRING_WHITE_IP_LIST = "whiteiplist"; + private static final String STRING_ENABLE = "enable"; @Context private jakarta.inject.Provider managerProvider; @@ -111,25 +116,25 @@ protected User authenticate(ContainerRequestContext context) { path = request.getRequestURI(); } - //if (whiteIpStatus == null) { - // whiteIpStatus = this.configProvider.get().get(WHITE_IP_STATUS); - //} - // - //if (Objects.equals(whiteIpStatus, "enable") && request != null) { - // peer = request.getRemoteAddr() + ":" + request.getRemotePort(); - // path = request.getRequestURI(); - // - // // check white ip - // String remoteIp = request.getRemoteAddr(); - // List whiteIpList = manager.authManager().listWhiteIp(); - // boolean whiteIpEnabled = manager.authManager().getWhiteIpStatus(); - // if (!path.contains(STRING_WHITE_IP_LIST) && whiteIpEnabled && - // !whiteIpList.contains(remoteIp)) { - // throw new ForbiddenException( - // String.format("Remote ip '%s' is not permitted", - // remoteIp)); - // } - //} + // Check whiteIp + if (whiteIpStatus == null) { + whiteIpStatus = this.configProvider.get().get(WHITE_IP_STATUS); + } + + if (Objects.equals(whiteIpStatus, STRING_ENABLE) && request != null) { + peer = request.getRemoteAddr() + ":" + request.getRemotePort(); + path = request.getRequestURI(); + + String remoteIp = request.getRemoteAddr(); + List whiteIpList = manager.authManager().listWhiteIp(); + boolean whiteIpEnabled = manager.authManager().getWhiteIpStatus(); + if (!path.contains(STRING_WHITE_IP_LIST) && whiteIpEnabled && + !whiteIpList.contains(remoteIp)) { + throw new ForbiddenException( + String.format("Remote ip '%s' is not permitted", + remoteIp)); + } + } Map credentials = new HashMap<>(); // Extract authentication credentials diff --git a/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpAPI.java b/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpAPI.java index c8d68abc18..ce81bb971b 100644 --- a/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpAPI.java +++ b/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpAPI.java @@ -74,9 +74,12 @@ public Map list(@Context GraphManager manager) { public Map batch(@Context GraphManager manager, Map actionMap) { E.checkArgument(actionMap != null, - "Missing argument: actionMap"); + "Missing argument: actionMap"); List whiteIpList = manager.authManager().listWhiteIp(); - List ipList = (List) actionMap.get("ips"); + Object ips = actionMap.get("ips"); + E.checkArgument(ips instanceof List, + "Invalid ips type '%s', must be list", ips.getClass()); + List ipList = (List) ips; Object value = actionMap.get("action"); E.checkArgument(value != null, "Missing argument: action"); diff --git a/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java b/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java index 04cfac30d7..c0ce6dbdfa 100644 --- a/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java +++ b/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java @@ -1568,6 +1568,26 @@ public UserWithRole validateUser(String token) { } } + @Override + public List listWhiteIp() { + return this.authManager.listWhiteIp(); + } + + @Override + public void setWhiteIpList(List whiteIpList) { + this.authManager.setWhiteIpList(whiteIpList); + } + + @Override + public boolean getWhiteIpStatus() { + return this.authManager.getWhiteIpStatus(); + } + + @Override + public void setWhiteIpStatus(boolean status) { + this.authManager.setWhiteIpStatus(status); + } + @Override public String loginUser(String username, String password) { try { diff --git a/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java b/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java index 16f133d582..736747750e 100644 --- a/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java +++ b/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java @@ -127,11 +127,11 @@ public interface AuthManager { UserWithRole validateUser(String token); - public List listWhiteIp(); + List listWhiteIp(); - public void setWhiteIpList(List whiteIpList); + void setWhiteIpList(List whiteIpList); - public boolean getWhiteIpStatus(); + boolean getWhiteIpStatus(); - public void setWhiteIpStatus(boolean status); + void setWhiteIpStatus(boolean status); }