sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From stefane...@apache.org
Subject svn commit: r1709601 [3/11] - in /sling/trunk/bundles/extensions/discovery: base/ base/src/ base/src/main/ base/src/main/java/ base/src/main/java/org/ base/src/main/java/org/apache/ base/src/main/java/org/apache/sling/ base/src/main/java/org/apache/sli...
Date Tue, 20 Oct 2015 14:12:34 GMT
Added: sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyConnectorClient.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyConnectorClient.java?rev=1709601&view=auto
==============================================================================
--- sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyConnectorClient.java (added)
+++ sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyConnectorClient.java Tue Oct 20 14:12:31 2015
@@ -0,0 +1,496 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.discovery.base.connectors.ping;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.net.URL;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.UUID;
+import java.util.zip.GZIPOutputStream;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.http.Header;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.Credentials;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.client.config.RequestConfig;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpDelete;
+import org.apache.http.client.methods.HttpPut;
+import org.apache.http.client.protocol.HttpClientContext;
+import org.apache.http.config.SocketConfig;
+import org.apache.http.entity.ByteArrayEntity;
+import org.apache.http.entity.ContentType;
+import org.apache.http.entity.StringEntity;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.DefaultHttpRequestRetryHandler;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.sling.commons.json.JSONException;
+import org.apache.sling.discovery.ClusterView;
+import org.apache.sling.discovery.InstanceDescription;
+import org.apache.sling.discovery.base.commons.ClusterViewService;
+import org.apache.sling.discovery.base.commons.UndefinedClusterViewException;
+import org.apache.sling.discovery.base.connectors.BaseConfig;
+import org.apache.sling.discovery.base.connectors.announcement.Announcement;
+import org.apache.sling.discovery.base.connectors.announcement.AnnouncementFilter;
+import org.apache.sling.discovery.base.connectors.announcement.AnnouncementRegistry;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * A topology connector client is used for sending (pinging) a remote topology
+ * connector servlet and exchanging announcements with it
+ */
+public class TopologyConnectorClient implements
+        TopologyConnectorClientInformation {
+
+    private final Logger logger = LoggerFactory.getLogger(this.getClass());
+
+    /** the endpoint url **/
+    private final URL connectorUrl;
+
+    /** the cluster view service **/
+    private final ClusterViewService clusterViewService;
+
+    /** the config service to user **/
+    private final BaseConfig config;
+
+    /** the id of this connection **/
+    private final UUID id;
+
+    /** the announcement registry **/
+    private final AnnouncementRegistry announcementRegistry;
+
+    /** the last inherited announcement **/
+    private Announcement lastInheritedAnnouncement;
+
+    /** the time when the last announcement was inherited - for webconsole use only **/
+    private long lastPingedAt;
+    
+    /** the information about this server **/
+    private final String serverInfo;
+    
+    /** the status code of the last post **/
+    private int lastStatusCode = -1;
+    
+    /** SLING-3316: whether or not this connector was auto-stopped **/
+    private boolean autoStopped = false;
+    
+    /** more details about connection failures **/
+    private String statusDetails = null;
+    
+    /** SLING-2882: whether or not to suppress ping warnings **/
+    private boolean suppressPingWarnings_ = false;
+
+    private TopologyRequestValidator requestValidator;
+
+    /** value of Content-Encoding of the last request **/
+    private String lastRequestEncoding;
+
+    /** value of Content-Encoding of the last repsonse **/
+    private String lastResponseEncoding;
+
+    /** SLING-3382: unix-time at which point the backoff-period ends and pings can be sent again **/
+    private long backoffPeriodEnd = -1;
+    
+    TopologyConnectorClient(final ClusterViewService clusterViewService,
+            final AnnouncementRegistry announcementRegistry, final BaseConfig config,
+            final URL connectorUrl, final String serverInfo) {
+        if (clusterViewService == null) {
+            throw new IllegalArgumentException(
+                    "clusterViewService must not be null");
+        }
+        if (announcementRegistry == null) {
+            throw new IllegalArgumentException(
+                    "announcementRegistry must not be null");
+        }
+        if (config == null) {
+            throw new IllegalArgumentException("config must not be null");
+        }
+        if (connectorUrl == null) {
+            throw new IllegalArgumentException("connectorUrl must not be null");
+        }
+        this.requestValidator = new TopologyRequestValidator(config);
+        this.clusterViewService = clusterViewService;
+        this.announcementRegistry = announcementRegistry;
+        this.config = config;
+        this.connectorUrl = connectorUrl;
+        this.serverInfo = serverInfo;
+        this.id = UUID.randomUUID();
+    }
+
+    /** ping the server and pass the announcements between the two **/
+    void ping(final boolean force) {
+    	if (autoStopped) {
+    		// then we suppress any further pings!
+    		logger.debug("ping: autoStopped=true, hence suppressing any further pings.");
+    		return;
+    	}
+    	if (force) {
+    	    backoffPeriodEnd = -1;
+    	} else if (backoffPeriodEnd>0) {
+    	    if (System.currentTimeMillis()<backoffPeriodEnd) {
+    	        logger.debug("ping: not issueing a heartbeat due to backoff instruction from peer.");
+    	        return;
+    	    } else {
+                logger.debug("ping: backoff period ended, issuing another ping now.");
+    	    }
+    	}
+        final String uri = connectorUrl.toString()+"."+clusterViewService.getSlingId()+".json";
+    	if (logger.isDebugEnabled()) {
+    		logger.debug("ping: connectorUrl=" + connectorUrl + ", complete uri=" + uri);
+    	}
+    	final HttpClientContext clientContext = HttpClientContext.create();
+    	final CloseableHttpClient httpClient = createHttpClient();
+    	final HttpPut putRequest = new HttpPut(uri);
+
+    	// setting the connection timeout (idle connection, configured in seconds)
+    	putRequest.setConfig(RequestConfig.
+    			custom().
+    			setConnectTimeout(1000*config.getSocketConnectionTimeout()).
+    			build());
+
+        Announcement resultingAnnouncement = null;
+        try {
+            String userInfo = connectorUrl.getUserInfo();
+            if (userInfo != null) {
+                Credentials c = new UsernamePasswordCredentials(userInfo);
+            	clientContext.getCredentialsProvider().setCredentials(
+                        new AuthScope(putRequest.getURI().getHost(), putRequest
+                                .getURI().getPort()), c);
+            }
+
+            Announcement topologyAnnouncement = new Announcement(
+                    clusterViewService.getSlingId());
+            topologyAnnouncement.setServerInfo(serverInfo);
+            final ClusterView clusterView;
+            try {
+                clusterView = clusterViewService
+                        .getLocalClusterView();
+            } catch (UndefinedClusterViewException e) {
+                // SLING-5030 : then we cannot ping
+                logger.warn("ping: no clusterView available at the moment, cannot ping others now: "+e);
+                return;
+            }
+            topologyAnnouncement.setLocalCluster(clusterView);
+            if (force) {
+                logger.debug("ping: sending a resetBackoff");
+                topologyAnnouncement.setResetBackoff(true);
+            }
+            announcementRegistry.addAllExcept(topologyAnnouncement, clusterView, new AnnouncementFilter() {
+                
+                public boolean accept(final String receivingSlingId, final Announcement announcement) {
+                    // filter out announcements that are of old cluster instances
+                    // which I dont really have in my cluster view at the moment
+                    final Iterator<InstanceDescription> it = 
+                            clusterView.getInstances().iterator();
+                    while(it.hasNext()) {
+                        final InstanceDescription instance = it.next();
+                        if (instance.getSlingId().equals(receivingSlingId)) {
+                            // then I have the receiving instance in my cluster view
+                            // all fine then
+                            return true;
+                        }
+                    }
+                    // looks like I dont have the receiving instance in my cluster view
+                    // then I should also not propagate that announcement anywhere
+                    return false;
+                }
+            });
+            final String p = requestValidator.encodeMessage(topologyAnnouncement.asJSON());
+            
+            if (logger.isDebugEnabled()) {
+                logger.debug("ping: topologyAnnouncement json is: " + p);
+            }
+            requestValidator.trustMessage(putRequest, p);
+            if (config.isGzipConnectorRequestsEnabled()) {
+                // tell the server that the content is gzipped:
+                putRequest.addHeader("Content-Encoding", "gzip");
+                // and gzip the body:
+                final ByteArrayOutputStream baos = new ByteArrayOutputStream();
+                final GZIPOutputStream gzipOut = new GZIPOutputStream(baos);
+                gzipOut.write(p.getBytes("UTF-8"));
+                gzipOut.close();
+                final byte[] gzippedEncodedJson = baos.toByteArray();
+                putRequest.setEntity(new ByteArrayEntity(gzippedEncodedJson, ContentType.APPLICATION_JSON));
+                lastRequestEncoding = "gzip";
+            } else {
+                // otherwise plaintext:
+            	final StringEntity plaintext = new StringEntity(p, "UTF-8");
+            	plaintext.setContentType(ContentType.APPLICATION_JSON.getMimeType());
+            	putRequest.setEntity(plaintext);
+                lastRequestEncoding = "plaintext";
+            }
+            // independent of request-gzipping, we do accept the response to be gzipped,
+            // so indicate this to the server:
+            putRequest.addHeader("Accept-Encoding", "gzip");
+            final CloseableHttpResponse response = httpClient.execute(putRequest, clientContext);
+        	if (logger.isDebugEnabled()) {
+	            logger.debug("ping: done. code=" + response.getStatusLine().getStatusCode() + " - "
+	                    + response.getStatusLine().getReasonPhrase());
+        	}
+            lastStatusCode = response.getStatusLine().getStatusCode();
+            lastResponseEncoding = null;
+            if (response.getStatusLine().getStatusCode()==HttpServletResponse.SC_OK) {
+                final Header contentEncoding = response.getFirstHeader("Content-Encoding");
+                if (contentEncoding!=null && contentEncoding.getValue()!=null &&
+                        contentEncoding.getValue().contains("gzip")) {
+                    lastResponseEncoding = "gzip";
+                } else {
+                    lastResponseEncoding = "plaintext";
+                }
+                final String responseBody = requestValidator.decodeMessage(putRequest.getURI().getPath(), response); // limiting to 16MB, should be way enough
+            	if (logger.isDebugEnabled()) {
+            		logger.debug("ping: response body=" + responseBody);
+            	}
+                if (responseBody!=null && responseBody.length()>0) {
+                    Announcement inheritedAnnouncement = Announcement
+                            .fromJSON(responseBody);
+                    final long backoffInterval = inheritedAnnouncement.getBackoffInterval();
+                    if (backoffInterval>0) {
+                        // then reset the backoffPeriodEnd:
+                        
+                        /* minus 1 sec to avoid slipping the interval by a few millis */
+                        this.backoffPeriodEnd = System.currentTimeMillis() + (1000 * backoffInterval) - 1000;
+                        logger.debug("ping: servlet instructed to backoff: backoffInterval="+backoffInterval+", resulting in period end of "+new Date(backoffPeriodEnd));
+                    } else {
+                        logger.debug("ping: servlet did not instruct any backoff-ing at this stage");
+                        this.backoffPeriodEnd = -1;
+                    }
+                    if (inheritedAnnouncement.isLoop()) {
+                    	if (logger.isDebugEnabled()) {
+	                        logger.debug("ping: connector response indicated a loop detected. not registering this announcement from "+
+	                                    inheritedAnnouncement.getOwnerId());
+                    	}
+                    	if (inheritedAnnouncement.getOwnerId().equals(clusterViewService.getSlingId())) {
+                    		// SLING-3316 : local-loop detected. Check config to see if we should stop this connector
+                    		
+                    	    if (config.isAutoStopLocalLoopEnabled()) {
+                    			inheritedAnnouncement = null; // results in connected -> false and representsloop -> true
+                    			autoStopped = true; // results in isAutoStopped -> true
+                    		}
+                    	}
+                    } else {
+                        inheritedAnnouncement.setInherited(true);
+                        if (announcementRegistry
+                                .registerAnnouncement(inheritedAnnouncement)==-1) {
+                        	if (logger.isDebugEnabled()) {
+	                            logger.debug("ping: connector response is from an instance which I already see in my topology"
+	                                    + inheritedAnnouncement);
+                        	}
+                            statusDetails = "receiving side is seeing me via another path (connector or cluster) already (loop)";
+                            return;
+                        }
+                    }
+                    resultingAnnouncement = inheritedAnnouncement;
+                    statusDetails = null;
+                } else {
+                    statusDetails = "no response body received";
+                }
+            } else {
+                statusDetails = "got HTTP Status-Code: "+lastStatusCode;
+            }
+        	// SLING-2882 : reset suppressPingWarnings_ flag in success case
+    		suppressPingWarnings_ = false;
+        } catch (IOException e) {
+        	// SLING-2882 : set/check the suppressPingWarnings_ flag
+        	if (suppressPingWarnings_) {
+        		if (logger.isDebugEnabled()) {
+        			logger.debug("ping: got IOException: " + e + ", uri=" + uri);
+        		}
+        	} else {
+        		suppressPingWarnings_ = true;
+    			logger.warn("ping: got IOException [suppressing further warns]: " + e + ", uri=" + uri);
+        	}
+            statusDetails = e.toString();
+        } catch (JSONException e) {
+            logger.warn("ping: got JSONException: " + e);
+            statusDetails = e.toString();
+        } catch (RuntimeException re) {
+            logger.warn("ping: got RuntimeException: " + re, re);
+            statusDetails = re.toString();
+        } finally {
+            putRequest.releaseConnection();
+            lastInheritedAnnouncement = resultingAnnouncement;
+            lastPingedAt = System.currentTimeMillis();
+            try {
+				httpClient.close();
+			} catch (IOException e) {
+				logger.error("disconnect: could not close httpClient: "+e, e);
+			}
+        }
+    }
+
+	private CloseableHttpClient createHttpClient() {
+		final HttpClientBuilder builder = HttpClientBuilder.create();
+    	// setting the SoTimeout (which is configured in seconds)
+    	builder.setDefaultSocketConfig(SocketConfig.
+    			custom().
+    			setSoTimeout(1000*config.getSoTimeout()).
+    			build());
+		builder.setRetryHandler(new DefaultHttpRequestRetryHandler(0, false));
+
+    	return builder.build();
+	}
+
+    public int getStatusCode() {
+        return lastStatusCode;
+    }
+    
+    public URL getConnectorUrl() {
+        return connectorUrl;
+    }
+    
+    public boolean representsLoop() {
+    	if (autoStopped) {
+    		return true;
+    	}
+        if (lastInheritedAnnouncement == null) {
+            return false;
+        } else {
+            return lastInheritedAnnouncement.isLoop();
+        }
+    }
+
+    public boolean isConnected() {
+    	if (autoStopped) {
+    		return false;
+    	}
+        if (lastInheritedAnnouncement == null) {
+            return false;
+        } else {
+            return announcementRegistry.hasActiveAnnouncement(lastInheritedAnnouncement.getOwnerId());
+        }
+    }
+    
+    public String getStatusDetails() {
+        if (autoStopped) {
+            return "auto-stopped";
+        }
+        if (lastInheritedAnnouncement == null) {
+            return statusDetails;
+        } else {
+            if (announcementRegistry.hasActiveAnnouncement(lastInheritedAnnouncement.getOwnerId())) {
+                // still active - so no status details
+                return null;
+            } else {
+                return "received announcement has expired (it was last renewed "+new Date(lastPingedAt)+") - consider increasing heartbeat timeout";
+            }
+        }
+    }
+    
+    public long getLastPingSent() {
+        return lastPingedAt;
+    }
+    
+    public int getNextPingDue() {
+        final long absDue;
+        if (backoffPeriodEnd>0) {
+            absDue = backoffPeriodEnd;
+        } else {
+            absDue = lastPingedAt + 1000*config.getConnectorPingInterval();
+        }
+        final int relDue = (int) ((absDue - System.currentTimeMillis()) / 1000);
+        if (relDue<0) {
+            return -1;
+        } else {
+            return relDue;
+        }
+    }
+    
+    public boolean isAutoStopped() {
+    	return autoStopped;
+    }
+    
+    public String getLastRequestEncoding() {
+        return lastRequestEncoding==null ? "" : lastRequestEncoding;
+    }
+
+    public String getLastResponseEncoding() {
+        return lastResponseEncoding==null ? "" : lastResponseEncoding;
+    }
+    
+    public String getRemoteSlingId() {
+        if (lastInheritedAnnouncement == null) {
+            return null;
+        } else {
+            return lastInheritedAnnouncement.getOwnerId();
+        }
+    }
+
+    public String getId() {
+        return id.toString();
+    }
+
+    /** Disconnect this connector **/
+    public void disconnect() {
+        final String uri = connectorUrl.toString()+"."+clusterViewService.getSlingId()+".json";
+    	if (logger.isDebugEnabled()) {
+    		logger.debug("disconnect: connectorUrl=" + connectorUrl + ", complete uri="+uri);
+    	}
+
+        if (lastInheritedAnnouncement != null) {
+            announcementRegistry
+                    .unregisterAnnouncement(lastInheritedAnnouncement
+                            .getOwnerId());
+        }
+
+        final HttpClientContext clientContext = HttpClientContext.create();
+        final CloseableHttpClient httpClient = createHttpClient();
+        final HttpDelete deleteRequest = new HttpDelete(uri);
+        // setting the connection timeout (idle connection, configured in seconds)
+        deleteRequest.setConfig(RequestConfig.
+        		custom().
+        		setConnectTimeout(1000*config.getSocketConnectionTimeout()).
+        		build());
+
+        try {
+            String userInfo = connectorUrl.getUserInfo();
+            if (userInfo != null) {
+                Credentials c = new UsernamePasswordCredentials(userInfo);
+                clientContext.getCredentialsProvider().setCredentials(
+                        new AuthScope(deleteRequest.getURI().getHost(), deleteRequest
+                                .getURI().getPort()), c);
+            }
+
+            requestValidator.trustMessage(deleteRequest, null);
+            final CloseableHttpResponse response = httpClient.execute(deleteRequest, clientContext);
+        	if (logger.isDebugEnabled()) {
+	            logger.debug("disconnect: done. code=" + response.getStatusLine().getStatusCode()
+	                    + " - " + response.getStatusLine().getReasonPhrase());
+        	}
+            // ignoring the actual statuscode though as there's little we can
+            // do about it after this point
+        } catch (IOException e) {
+            logger.warn("disconnect: got IOException: " + e);
+        } catch (RuntimeException re) {
+            logger.error("disconnect: got RuntimeException: " + re, re);
+        } finally {
+            deleteRequest.releaseConnection();
+            try {
+				httpClient.close();
+			} catch (IOException e) {
+				logger.error("disconnect: could not close httpClient: "+e, e);
+			}
+        }
+    }
+}

Propchange: sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyConnectorClient.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyConnectorClientInformation.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyConnectorClientInformation.java?rev=1709601&view=auto
==============================================================================
--- sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyConnectorClientInformation.java (added)
+++ sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyConnectorClientInformation.java Tue Oct 20 14:12:31 2015
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.discovery.base.connectors.ping;
+
+import java.net.URL;
+
+/**
+ * provides information about a topology connector client
+ */
+public interface TopologyConnectorClientInformation {
+
+    /** the endpoint url where this connector is connecting to **/
+    URL getConnectorUrl();
+
+    /** return the http status code of the last post to the servlet, -1 if no post was ever done **/
+    int getStatusCode();
+
+    /** SLING-3316 : whether or not this connector was auto-stopped **/
+    boolean isAutoStopped();
+    
+    /** whether or not this connector was able to successfully connect **/
+    boolean isConnected();
+    
+    /** provides more details about connection failures **/
+    String getStatusDetails();
+
+    /** whether or not the counterpart of this connector has detected a loop in the topology connectors **/
+    boolean representsLoop();
+    
+    /** the sling id of the remote end **/
+    String getRemoteSlingId();
+
+    /** the unique id of this connector **/
+    String getId();
+
+    /** the Content-Encoding of the last request **/
+    String getLastRequestEncoding();
+
+    /** the Content-Encoding of the last response **/
+    String getLastResponseEncoding();
+
+    /** the unix-millis when the last heartbeat was sent **/
+    long getLastPingSent();
+
+    /** the seconds until the next heartbeat is due **/
+    int getNextPingDue();
+}

Propchange: sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyConnectorClientInformation.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyConnectorServlet.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyConnectorServlet.java?rev=1709601&view=auto
==============================================================================
--- sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyConnectorServlet.java (added)
+++ sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyConnectorServlet.java Tue Oct 20 14:12:31 2015
@@ -0,0 +1,360 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.discovery.base.connectors.ping;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+import java.util.StringTokenizer;
+import java.util.zip.GZIPOutputStream;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.felix.scr.annotations.Activate;
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Deactivate;
+import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.Service;
+import org.apache.sling.commons.json.JSONException;
+import org.apache.sling.discovery.ClusterView;
+import org.apache.sling.discovery.base.commons.ClusterViewHelper;
+import org.apache.sling.discovery.base.commons.ClusterViewService;
+import org.apache.sling.discovery.base.commons.UndefinedClusterViewException;
+import org.apache.sling.discovery.base.connectors.BaseConfig;
+import org.apache.sling.discovery.base.connectors.announcement.Announcement;
+import org.apache.sling.discovery.base.connectors.announcement.AnnouncementFilter;
+import org.apache.sling.discovery.base.connectors.announcement.AnnouncementRegistry;
+import org.apache.sling.discovery.base.connectors.ping.wl.SubnetWhitelistEntry;
+import org.apache.sling.discovery.base.connectors.ping.wl.WhitelistEntry;
+import org.apache.sling.discovery.base.connectors.ping.wl.WildcardWhitelistEntry;
+import org.osgi.service.component.ComponentContext;
+import org.osgi.service.http.HttpService;
+import org.osgi.service.http.NamespaceException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Servlet which receives topology announcements at
+ * /libs/sling/topology/connector*
+ * without authorization (authorization is handled either via
+ * hmac-signature with a shared key or via a flexible whitelist)
+ */
+@SuppressWarnings("serial")
+@Component(immediate = true)
+@Service(value=TopologyConnectorServlet.class)
+public class TopologyConnectorServlet extends HttpServlet {
+
+    /** 
+     * prefix under which the topology connector servlet is registered -
+     * the URL will consist of this prefix + "connector.slingId.json" 
+     */
+    private static final String TOPOLOGY_CONNECTOR_PREFIX = "/libs/sling/topology";
+
+    private final Logger logger = LoggerFactory.getLogger(this.getClass());
+
+    @Reference
+    private AnnouncementRegistry announcementRegistry;
+
+    @Reference
+    private ClusterViewService clusterViewService;
+
+    @Reference
+    private HttpService httpService;
+    
+    @Reference
+    private BaseConfig config;
+
+    /** 
+     * This list contains WhitelistEntry (ips/hostnames, cidr, wildcards),
+     * each filtering some hostname/addresses that are allowed to connect to this servlet.
+     **/
+    private final List<WhitelistEntry> whitelist = new ArrayList<WhitelistEntry>();
+    
+    /** Set of plaintext whitelist entries - for faster lookups **/
+    private final Set<String> plaintextWhitelist = new HashSet<String>();
+
+    private TopologyRequestValidator requestValidator;
+
+    @Activate
+    protected void activate(final ComponentContext context) {
+        whitelist.clear();
+        if (!config.isHmacEnabled()) {
+            String[] whitelistConfig = config.getTopologyConnectorWhitelist();
+            initWhitelist(whitelistConfig);
+        }
+        requestValidator = new TopologyRequestValidator(config);
+        
+        try {
+            httpService.registerServlet(TopologyConnectorServlet.TOPOLOGY_CONNECTOR_PREFIX, 
+                    this, null, null);
+            logger.info("activate: connector servlet registered at "+
+                    TopologyConnectorServlet.TOPOLOGY_CONNECTOR_PREFIX);
+        } catch (ServletException e) {
+            logger.error("activate: ServletException while registering topology connector servlet: "+e, e);
+        } catch (NamespaceException e) {
+            logger.error("activate: NamespaceException while registering topology connector servlet: "+e, e);
+        }
+    }
+    
+    @Deactivate
+    protected void deactivate() {
+        httpService.unregister(TOPOLOGY_CONNECTOR_PREFIX);
+    }
+
+    void initWhitelist(String[] whitelistConfig) {
+        if (whitelistConfig==null) {
+            return;
+        }
+        for (int i = 0; i < whitelistConfig.length; i++) {
+            String aWhitelistEntry = whitelistConfig[i];
+            
+            WhitelistEntry whitelistEntry = null;
+            if (aWhitelistEntry.contains(".") && aWhitelistEntry.contains("/")) {
+                // then this is a CIDR notation
+                try{
+                    whitelistEntry = new SubnetWhitelistEntry(aWhitelistEntry);
+                } catch(Exception e) {
+                    logger.error("activate: wrongly formatted CIDR subnet definition. Expected eg '1.2.3.4/24'. ignoring: "+aWhitelistEntry);
+                    continue;
+                }
+            } else if (aWhitelistEntry.contains(".") && aWhitelistEntry.contains(" ")) {
+                // then this is a IP/subnet-mask notation
+                try{
+                    final StringTokenizer st = new StringTokenizer(aWhitelistEntry, " ");
+                    final String ip = st.nextToken();
+                    if (st.hasMoreTokens()) {
+                        final String mask = st.nextToken();
+                        if (st.hasMoreTokens()) {
+                            logger.error("activate: wrongly formatted ip subnet definition. Expected '10.1.2.3 255.0.0.0'. Ignoring: "+aWhitelistEntry);
+                            continue;
+                        }
+                        whitelistEntry = new SubnetWhitelistEntry(ip, mask);
+                    }
+                } catch(Exception e) {
+                    logger.error("activate: wrongly formatted ip subnet definition. Expected '10.1.2.3 255.0.0.0'. Ignoring: "+aWhitelistEntry);
+                    continue;
+                }
+            }
+            if (whitelistEntry==null) {
+                if (aWhitelistEntry.contains("*") || aWhitelistEntry.contains("?")) {
+                    whitelistEntry = new WildcardWhitelistEntry(aWhitelistEntry);
+                } else {
+                    plaintextWhitelist.add(aWhitelistEntry);
+                }
+            }
+            logger.info("activate: adding whitelist entry: " + aWhitelistEntry);
+            if (whitelistEntry!=null) {
+                whitelist.add(whitelistEntry);
+            }
+        }
+    }
+
+    @Override
+    protected void doDelete(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+
+        if (!isWhitelisted(request)) {
+            // in theory it would be 403==forbidden, but that would reveal that
+            // a resource would exist there in the first place
+            response.sendError(HttpServletResponse.SC_NOT_FOUND);
+            return;
+        }
+
+        final String[] pathInfo = request.getPathInfo().split("\\.");
+        final String extension = pathInfo.length==3 ? pathInfo[2] : "";
+        if (!"json".equals(extension)) {
+            response.sendError(HttpServletResponse.SC_NOT_FOUND);
+            return;
+        }
+        final String selector = pathInfo.length==3 ? pathInfo[1] : "";
+
+        announcementRegistry.unregisterAnnouncement(selector);
+    }
+    
+    @Override
+    protected void doPut(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+
+        if (!isWhitelisted(request)) {
+            // in theory it would be 403==forbidden, but that would reveal that
+            // a resource would exist there in the first place
+            response.sendError(HttpServletResponse.SC_NOT_FOUND);
+            return;
+        }
+
+        final String[] pathInfo = request.getPathInfo().split("\\.");
+        final String extension = pathInfo.length==3 ? pathInfo[2] : "";
+        if (!"json".equals(extension)) {
+            response.sendError(HttpServletResponse.SC_NOT_FOUND);
+            return;
+        }
+        
+        final String selector = pathInfo.length==3 ? pathInfo[1] : "";
+
+        String topologyAnnouncementJSON = requestValidator.decodeMessage(request);
+    	if (logger.isDebugEnabled()) {
+	        logger.debug("doPost: incoming topology announcement is: "
+	                + topologyAnnouncementJSON);
+    	}
+        final Announcement incomingTopologyAnnouncement;
+        try {
+            incomingTopologyAnnouncement = Announcement
+                    .fromJSON(topologyAnnouncementJSON);
+
+            if (!incomingTopologyAnnouncement.getOwnerId().equals(selector)) {
+                response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+                return;
+            }
+
+            String slingId = clusterViewService.getSlingId();
+            if (slingId==null) {
+            	response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+            	logger.info("doPut: no slingId available. Service not ready as expected at the moment.");
+            	return;
+            }
+			incomingTopologyAnnouncement.removeInherited(slingId);
+
+            final Announcement replyAnnouncement = new Announcement(
+                    slingId);
+
+            long backoffInterval = -1;
+            ClusterView clusterView = clusterViewService.getLocalClusterView();
+            if (!incomingTopologyAnnouncement.isCorrectVersion()) {
+                logger.warn("doPost: rejecting an announcement from an incompatible connector protocol version: "
+                        + incomingTopologyAnnouncement);
+                response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+                return;
+            } else if (ClusterViewHelper.contains(clusterView, incomingTopologyAnnouncement
+                    .getOwnerId())) {
+            	if (logger.isDebugEnabled()) {
+	                logger.debug("doPost: rejecting an announcement from an instance that is part of my cluster: "
+	                        + incomingTopologyAnnouncement);
+            	}
+                // marking as 'loop'
+                replyAnnouncement.setLoop(true);
+                backoffInterval = config.getBackoffStandbyInterval();
+            } else if (ClusterViewHelper.containsAny(clusterView, incomingTopologyAnnouncement
+                    .listInstances())) {
+            	if (logger.isDebugEnabled()) {
+	                logger.debug("doPost: rejecting an announcement as it contains instance(s) that is/are part of my cluster: "
+	                        + incomingTopologyAnnouncement);
+            	}
+                // marking as 'loop'
+                replyAnnouncement.setLoop(true);
+                backoffInterval = config.getBackoffStandbyInterval();
+            } else {
+                backoffInterval = announcementRegistry
+                        .registerAnnouncement(incomingTopologyAnnouncement);
+                if (logger.isDebugEnabled()) {
+                    logger.debug("doPost: backoffInterval after registration: "+backoffInterval);
+                }
+                if (backoffInterval==-1) {
+                	if (logger.isDebugEnabled()) {
+    	                logger.debug("doPost: rejecting an announcement from an instance that I already see in my topology: "
+    	                        + incomingTopologyAnnouncement);
+                	}
+                    // marking as 'loop'
+                    replyAnnouncement.setLoop(true);
+                    backoffInterval = config.getBackoffStandbyInterval();
+                } else {
+                    // normal, successful case: replying with the part of the topology which this instance sees
+                    replyAnnouncement.setLocalCluster(clusterView);
+                    announcementRegistry.addAllExcept(replyAnnouncement, clusterView,
+                            new AnnouncementFilter() {
+    
+                                public boolean accept(final String receivingSlingId, Announcement announcement) {
+                                    if (announcement.getPrimaryKey().equals(
+                                            incomingTopologyAnnouncement
+                                                    .getPrimaryKey())) {
+                                        return false;
+                                    }
+                                    return true;
+                                }
+                            });
+                }
+            }
+            if (backoffInterval>0) {
+                replyAnnouncement.setBackoffInterval(backoffInterval);
+                if (logger.isDebugEnabled()) {
+                    logger.debug("doPost: backoffInterval for client set to "+replyAnnouncement.getBackoffInterval());
+                }
+            }
+            final String p = requestValidator.encodeMessage(replyAnnouncement.asJSON());
+            requestValidator.trustMessage(response, request, p);
+            // gzip the response if the client accepts this
+            final String acceptEncodingHeader = request.getHeader("Accept-Encoding");
+            if (acceptEncodingHeader!=null && acceptEncodingHeader.contains("gzip")) {
+                // tell the client that the content is gzipped:
+                response.setHeader("Content-Encoding", "gzip");
+                
+                // then gzip the body
+                final GZIPOutputStream gzipOut = new GZIPOutputStream(response.getOutputStream());
+                gzipOut.write(p.getBytes("UTF-8"));
+                gzipOut.close();
+            } else {
+                // otherwise plaintext
+                final PrintWriter pw = response.getWriter();
+                pw.print(p);
+                pw.flush();
+            }
+        } catch (JSONException e) {
+            logger.error("doPost: Got a JSONException: " + e, e);
+            response.sendError(500);
+        } catch (UndefinedClusterViewException e) {
+            logger.warn("doPost: no clusterView available at the moment - cannot handle connectors now: "+e);
+            response.sendError(503); // "please retry, but atm I can't help since I'm isolated"
+        }
+
+    }
+    
+    /** Checks if the provided request's remote server is whitelisted **/
+    boolean isWhitelisted(final HttpServletRequest request) {
+        if (config.isHmacEnabled()) {
+            final boolean isTrusted = requestValidator.isTrusted(request);
+            if (!isTrusted) {
+                logger.info("isWhitelisted: rejecting distrusted " + request.getRemoteAddr()
+                        + ", " + request.getRemoteHost());
+            }
+            return isTrusted;
+        }
+        
+        if (plaintextWhitelist.contains(request.getRemoteHost()) ||
+                plaintextWhitelist.contains(request.getRemoteAddr())) {
+            return true;
+        }
+
+        for (Iterator<WhitelistEntry> it = whitelist.iterator(); it.hasNext();) {
+            WhitelistEntry whitelistEntry = it.next();
+            if (whitelistEntry.accepts(request)) {
+                return true;
+            }
+        }
+        logger.info("isWhitelisted: rejecting " + request.getRemoteAddr()
+                + ", " + request.getRemoteHost());
+        return false;
+    }
+
+}

Propchange: sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyConnectorServlet.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyRequestValidator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyRequestValidator.java?rev=1709601&view=auto
==============================================================================
--- sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyRequestValidator.java (added)
+++ sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyRequestValidator.java Tue Oct 20 14:12:31 2015
@@ -0,0 +1,585 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The SF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package org.apache.sling.discovery.base.connectors.ping;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.InvalidParameterSpecException;
+import java.security.spec.KeySpec;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.zip.GZIPInputStream;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.Mac;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.SecretKeySpec;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.io.IOUtils;
+import org.apache.http.Header;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpUriRequest;
+import org.apache.sling.commons.json.JSONArray;
+import org.apache.sling.commons.json.JSONException;
+import org.apache.sling.commons.json.JSONObject;
+import org.apache.sling.discovery.base.connectors.BaseConfig;
+
+/**
+ * Request Validator helper.
+ */
+public class TopologyRequestValidator {
+
+    public static final String SIG_HEADER = "X-SlingTopologyTrust";
+
+    public static final String HASH_HEADER = "X-SlingTopologyHash";
+
+    /**
+     * Maximum number of keys to keep in memory.
+     */
+    private static final int MAXKEYS = 5;
+
+    /**
+     * Minimum number of keys to keep in memory.
+     */
+    private static final int MINKEYS = 3;
+
+    /**
+     * true if trust information should be in request headers.
+     */
+    private boolean trustEnabled;
+
+    /**
+     * true if encryption of the message payload should be encrypted.
+     */
+    private boolean encryptionEnabled;
+
+    /**
+     * map of hmac keys, keyed by key number.
+     */
+    private Map<Integer, Key> keys = new ConcurrentHashMap<Integer, Key>();
+
+    /**
+     * The shared key.
+     */
+    private String sharedKey;
+
+    /**
+     * TTL of each shared key generation.
+     */
+    private long interval;
+
+    /**
+     * If true, everything is deactivated.
+     */
+    private boolean deactivated;
+
+    private SecureRandom random = new SecureRandom();
+
+    /**
+     * Create a TopologyRequestValidator.
+     *
+     * @param config the configuation object
+     */
+    public TopologyRequestValidator(BaseConfig config) {
+        trustEnabled = false;
+        encryptionEnabled = false;
+        if (config.isHmacEnabled()) {
+            trustEnabled = true;
+            sharedKey = config.getSharedKey();
+            interval = config.getKeyInterval();
+            encryptionEnabled = config.isEncryptionEnabled();
+        }
+        deactivated = false;
+    }
+
+    /**
+     * Encodes a request returning the encoded body
+     *
+     * @param body
+     * @return the encoded body.
+     * @throws IOException
+     */
+    public String encodeMessage(String body) throws IOException {
+        checkActive();
+        if (encryptionEnabled) {
+            try {
+                JSONObject json = new JSONObject();
+                json.put("payload", new JSONArray(encrypt(body)));
+                return json.toString();
+            } catch (InvalidKeyException e) {
+                e.printStackTrace();
+                throw new IOException("Unable to Encrypt Message " + e.getMessage());
+            } catch (IllegalBlockSizeException e) {
+                throw new IOException("Unable to Encrypt Message " + e.getMessage());
+            } catch (BadPaddingException e) {
+                throw new IOException("Unable to Encrypt Message " + e.getMessage());
+            } catch (UnsupportedEncodingException e) {
+                throw new IOException("Unable to Encrypt Message " + e.getMessage());
+            } catch (NoSuchAlgorithmException e) {
+                throw new IOException("Unable to Encrypt Message " + e.getMessage());
+            } catch (NoSuchPaddingException e) {
+                throw new IOException("Unable to Encrypt Message " + e.getMessage());
+            } catch (JSONException e) {
+                throw new IOException("Unable to Encrypt Message " + e.getMessage());
+            } catch (InvalidKeySpecException e) {
+                throw new IOException("Unable to Encrypt Message " + e.getMessage());
+            } catch (InvalidParameterSpecException e) {
+                throw new IOException("Unable to Encrypt Message " + e.getMessage());
+            }
+
+        }
+        return body;
+    }
+
+    /**
+     * Decode a message sent from the client.
+     *
+     * @param request the request object for the message.
+     * @return the message in clear text.
+     * @throws IOException if there is a problem decoding the message or the
+     *             message is invalid.
+     */
+    public String decodeMessage(HttpServletRequest request) throws IOException {
+        checkActive();
+        return decodeMessage("request:", request.getRequestURI(), getRequestBody(request),
+            request.getHeader(HASH_HEADER));
+    }
+
+    /**
+     * Decode a response from the server.
+     *
+     * @param response the response.
+     * @return the message in clear text.
+     * @throws IOException if there was a problem decoding the message.
+     */
+    public String decodeMessage(String uri, HttpResponse response) throws IOException {
+        checkActive();
+        return decodeMessage("response:", uri, getResponseBody(response),
+            getResponseHeader(response, HASH_HEADER));
+    }
+
+    /**
+     * Decode a message
+     *
+     * @param prefix the prefix to indicate if the message is a request or
+     *            response message.
+     * @param url the url associated with the message.
+     * @param body the body of the message.
+     * @param requestHash a hash of the message.
+     * @return the message in clear text
+     * @throws IOException if the message can't be decrypted.
+     */
+    private String decodeMessage(String prefix, String url, String body, String requestHash)
+            throws IOException {
+        if (trustEnabled) {
+            String bodyHash = hash(prefix + url + ":" + body);
+            if (bodyHash.equals(requestHash)) {
+                if (encryptionEnabled) {
+                    try {
+                        JSONObject json = new JSONObject(body);
+                        if (json.has("payload")) {
+                            return decrypt(json.getJSONArray("payload"));
+                        }
+                    } catch (JSONException e) {
+                        throw new IOException("Encrypted Message is in the correct json format");
+                    } catch (InvalidKeyException e) {
+                        throw new IOException("Encrypted Message is in the correct json format");
+                    } catch (IllegalBlockSizeException e) {
+                        throw new IOException("Encrypted Message is in the correct json format");
+                    } catch (BadPaddingException e) {
+                        throw new IOException("Encrypted Message is in the correct json format");
+                    } catch (NoSuchAlgorithmException e) {
+                        throw new IOException("Encrypted Message is in the correct json format");
+                    } catch (NoSuchPaddingException e) {
+                        throw new IOException("Encrypted Message is in the correct json format");
+                    } catch (InvalidAlgorithmParameterException e) {
+                        throw new IOException("Encrypted Message is in the correct json format");
+                    } catch (InvalidKeySpecException e) {
+                        throw new IOException("Encrypted Message is in the correct json format");
+                    }
+
+                }
+            }
+            throw new IOException("Message is not valid, hash does not match message");
+        }
+        return body;
+    }
+
+    /**
+     * Is the request from the client trusted, based on the signature headers.
+     *
+     * @param request the request.
+     * @return true if trusted, or true if this component is disabled.
+     */
+    public boolean isTrusted(HttpServletRequest request) {
+        checkActive();
+        if (trustEnabled) {
+            return checkTrustHeader(request.getHeader(HASH_HEADER),
+                request.getHeader(SIG_HEADER));
+        }
+        return false;
+    }
+
+    /**
+     * Is the response from the server to be trusted by the client.
+     *
+     * @param response the response
+     * @return true if trusted, or true if this component is disabled.
+     */
+    public boolean isTrusted(HttpResponse response) {
+        checkActive();
+        if (trustEnabled) {
+            return checkTrustHeader(getResponseHeader(response, HASH_HEADER),
+                getResponseHeader(response, SIG_HEADER));
+        }
+        return false;
+    }
+
+    /**
+     * Trust a message on the client before sending, only if trust is enabled.
+     *
+     * @param method the method which will have headers set after the call.
+     * @param body the body.
+     */
+    public void trustMessage(HttpUriRequest method, String body) {
+        checkActive();
+        if (trustEnabled) {
+            String bodyHash = hash("request:" + method.getURI().getPath() + ":" + body);
+            method.setHeader(HASH_HEADER, bodyHash);
+            method.setHeader(SIG_HEADER, createTrustHeader(bodyHash));
+        }
+    }
+
+    /**
+     * Trust a response message sent from the server to the client.
+     *
+     * @param response the response.
+     * @param request the request,
+     * @param body body of the response.
+     */
+    public void trustMessage(HttpServletResponse response, HttpServletRequest request, String body) {
+        checkActive();
+        if (trustEnabled) {
+            String bodyHash = hash("response:" + request.getRequestURI() + ":" + body);
+            response.setHeader(HASH_HEADER, bodyHash);
+            response.setHeader(SIG_HEADER, createTrustHeader(bodyHash));
+        }
+    }
+
+    /**
+     * @param body
+     * @return a hash of body base64 encoded.
+     */
+    private String hash(String toHash) {
+        try {
+            MessageDigest m = MessageDigest.getInstance("SHA-256");
+            return new String(Base64.encodeBase64(m.digest(toHash.getBytes("UTF-8"))), "UTF-8");
+        } catch (NoSuchAlgorithmException e) {
+            throw new RuntimeException(e.getMessage(), e);
+        } catch (UnsupportedEncodingException e) {
+            throw new RuntimeException(e.getMessage(), e);
+        }
+    }
+
+    /**
+     * Generate a signature of the bodyHash and encode it so that it contains
+     * the key number used to generate the signature.
+     *
+     * @param bodyHash a hash
+     * @return the signature.
+     */
+    private String createTrustHeader(String bodyHash) {
+        try {
+            int keyNo = getCurrentKey();
+            return keyNo + "/" + hmac(keyNo, bodyHash);
+        } catch (UnsupportedEncodingException e) {
+            throw new RuntimeException(e.getMessage(), e);
+        } catch (InvalidKeyException e) {
+            throw new RuntimeException(e.getMessage(), e);
+        } catch (IllegalStateException e) {
+            throw new RuntimeException(e.getMessage(), e);
+        } catch (NoSuchAlgorithmException e) {
+            throw new RuntimeException(e.getMessage(), e);
+        }
+    }
+
+    /**
+     * Check that the signature is a signature of the body hash.
+     *
+     * @param bodyHash the body hash.
+     * @param signature the signature.
+     * @return true if the signature can be trusted.
+     */
+    private boolean checkTrustHeader(String bodyHash, String signature) {
+        try {
+            if (bodyHash == null || signature == null ) {
+                return false;
+            }
+            String[] parts = signature.split("/", 2);
+            int keyNo = Integer.parseInt(parts[0]);
+            return hmac(keyNo, bodyHash).equals(parts[1]);
+        } catch (ArrayIndexOutOfBoundsException e) {
+            return false;
+        } catch (IllegalArgumentException e) {
+            return false;
+        } catch (InvalidKeyException e) {
+            throw new RuntimeException(e.getMessage(), e);
+        } catch (UnsupportedEncodingException e) {
+            throw new RuntimeException(e.getMessage(), e);
+        } catch (IllegalStateException e) {
+            throw new RuntimeException(e.getMessage(), e);
+        } catch (NoSuchAlgorithmException e) {
+            throw new RuntimeException(e.getMessage(), e);
+        } catch (Exception e) {
+            throw new RuntimeException(e.getMessage(), e);
+        }
+    }
+
+    /**
+     * Get a Mac instance for the key number.
+     *
+     * @param keyNo the key number.
+     * @return the mac instance.
+     * @throws NoSuchAlgorithmException
+     * @throws InvalidKeyException
+     * @throws UnsupportedEncodingException
+     */
+    private Mac getMac(int keyNo) throws NoSuchAlgorithmException, InvalidKeyException,
+            UnsupportedEncodingException {
+        Mac m = Mac.getInstance("HmacSHA256");
+        m.init(getKey(keyNo));
+        return m;
+    }
+
+    /**
+     * Perform a HMAC on the body using the key specified.
+     *
+     * @param keyNo the key number.
+     * @param bodyHash a hash of the body.
+     * @return the hmac signature.
+     * @throws InvalidKeyException
+     * @throws UnsupportedEncodingException
+     * @throws IllegalStateException
+     * @throws NoSuchAlgorithmException
+     */
+    private String hmac(int keyNo, String bodyHash) throws InvalidKeyException,
+            UnsupportedEncodingException, IllegalStateException, NoSuchAlgorithmException {
+        return new String(Base64.encodeBase64(getMac(keyNo).doFinal(bodyHash.getBytes("UTF-8"))),
+            "UTF-8");
+    }
+
+    /**
+     * Decrypt the body.
+     *
+     * @param jsonArray the encrypted payload
+     * @return the decrypted payload.
+     * @throws IllegalBlockSizeException
+     * @throws BadPaddingException
+     * @throws UnsupportedEncodingException
+     * @throws InvalidKeyException
+     * @throws NoSuchAlgorithmException
+     * @throws NoSuchPaddingException
+     * @throws InvalidKeySpecException
+     * @throws InvalidAlgorithmParameterException
+     * @throws JSONException
+     */
+    private String decrypt(JSONArray jsonArray) throws IllegalBlockSizeException,
+            BadPaddingException, UnsupportedEncodingException, InvalidKeyException,
+            NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeySpecException, JSONException {
+        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+        cipher.init(Cipher.DECRYPT_MODE, getCiperKey(Base64.decodeBase64(jsonArray.getString(0).getBytes("UTF-8"))), new IvParameterSpec(Base64.decodeBase64(jsonArray.getString(1).getBytes("UTF-8"))));
+        return new String(cipher.doFinal(Base64.decodeBase64(jsonArray.getString(2).getBytes("UTF-8"))));
+    }
+
+    /**
+     * Encrypt a payload with the numbed key/
+     *
+     * @param payload the payload.
+     * @param keyNo the key number.
+     * @return an encrypted version.
+     * @throws IllegalBlockSizeException
+     * @throws BadPaddingException
+     * @throws UnsupportedEncodingException
+     * @throws InvalidKeyException
+     * @throws NoSuchAlgorithmException
+     * @throws NoSuchPaddingException
+     * @throws InvalidKeySpecException
+     * @throws InvalidParameterSpecException
+     */
+    private List<String> encrypt(String payload) throws IllegalBlockSizeException,
+            BadPaddingException, UnsupportedEncodingException, InvalidKeyException,
+            NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidParameterSpecException {
+        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+        byte[] salt = new byte[9];
+        random.nextBytes(salt);
+        cipher.init(Cipher.ENCRYPT_MODE, getCiperKey(salt));
+        AlgorithmParameters params = cipher.getParameters();
+        List<String> encrypted = new ArrayList<String>();
+        encrypted.add(new String(Base64.encodeBase64(salt)));
+        encrypted.add(new String(Base64.encodeBase64(params.getParameterSpec(IvParameterSpec.class).getIV())));
+        encrypted.add(new String(Base64.encodeBase64(cipher.doFinal(payload.getBytes("UTF-8")))));
+        return encrypted;
+    }
+
+    /**
+     * @param salt number of the key.
+     * @return the CupherKey.
+     * @throws UnsupportedEncodingException
+     * @throws NoSuchAlgorithmException
+     * @throws InvalidKeySpecException
+     */
+    private Key getCiperKey(byte[] salt) throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeySpecException {
+        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
+        // hashing the password 65K times takes 151ms, hashing 256 times takes 2ms.
+        // Since the salt has 2^^72 values, 256 times is probably good enough.
+        KeySpec spec = new PBEKeySpec(sharedKey.toCharArray(), salt, 256, 128);
+        SecretKey tmp = factory.generateSecret(spec);
+        SecretKey key = new SecretKeySpec(tmp.getEncoded(), "AES");
+        return key;
+    }
+
+    /**
+     * @param keyNo number of the key.
+     * @return the HMac key.
+     * @throws UnsupportedEncodingException
+     */
+    private Key getKey(int keyNo) throws UnsupportedEncodingException {
+        if(Math.abs(keyNo - getCurrentKey()) > 1 ) {
+            throw new IllegalArgumentException("Key has expired");
+        }
+        if (keys.containsKey(keyNo)) {
+            return keys.get(keyNo);
+        }
+        trimKeys();
+        SecretKeySpec key = new SecretKeySpec(hash(sharedKey + keyNo).getBytes("UTF-8"),
+            "HmacSHA256");
+        keys.put(keyNo, key);
+        return key;
+    }
+
+    private int getCurrentKey() {
+        return (int) (System.currentTimeMillis() / interval);
+    }
+
+    /**
+     * dump olf keys.
+     */
+    private void trimKeys() {
+        if (keys.size() > MAXKEYS) {
+            List<Integer> keysKeys = new ArrayList<Integer>(keys.keySet());
+            Collections.sort(keysKeys);
+            for (Integer k : keysKeys) {
+                if (keys.size() < MINKEYS) {
+                    break;
+                }
+                keys.remove(k);
+            }
+        }
+
+    }
+
+    /**
+     * Get the value of a response header.
+     *
+     * @param response the response
+     * @param name the name of the response header.
+     * @return the value of the response header, null if none.
+     */
+    private String getResponseHeader(HttpResponse response, String name) {
+        Header h = response.getFirstHeader(name);
+        if (h == null) {
+            return null;
+        }
+        return h.getValue();
+    }
+
+    /**
+     * Get the request body.
+     *
+     * @param request the request.
+     * @return the body as a string.
+     * @throws IOException
+     */
+    private String getRequestBody(HttpServletRequest request) throws IOException {
+        final String contentEncoding = request.getHeader("Content-Encoding");
+        if (contentEncoding!=null && contentEncoding.contains("gzip")) {
+            // then treat the request body as gzip:
+            final GZIPInputStream gzipIn = new GZIPInputStream(request.getInputStream());
+            final String gunzippedEncodedJson = IOUtils.toString(gzipIn);
+            gzipIn.close();
+            return gunzippedEncodedJson;
+        } else {
+            // otherwise assume plain-text:
+            return IOUtils.toString(request.getReader());
+        }
+    }
+
+    /**
+     * @param response the response
+     * @return the body of the response from the server.
+     * @throws IOException
+     */
+    private String getResponseBody(HttpResponse response) throws IOException {
+        final Header contentEncoding = response.getFirstHeader("Content-Encoding");
+        if (contentEncoding!=null && contentEncoding.getValue()!=null &&
+                contentEncoding.getValue().contains("gzip")) {
+            // then the server sent gzip - treat it so:
+            final GZIPInputStream gzipIn = new GZIPInputStream(response.getEntity().getContent());
+            final String gunzippedEncodedJson = IOUtils.toString(gzipIn);
+            gzipIn.close();
+            return gunzippedEncodedJson;
+        } else {
+        	// otherwise the server sent plaintext:
+        	return IOUtils.toString(response.getEntity().getContent(), "UTF-8");
+        }
+    }
+
+    /**
+     * throw an exception if not active.
+     */
+    private void checkActive() {
+        if (deactivated) {
+            throw new IllegalStateException(this.getClass().getName() + " is not active");
+        }
+        if ((trustEnabled || encryptionEnabled) && sharedKey == null) {
+            throw new IllegalStateException(this.getClass().getName()
+                + " Shared Key must be set if encryption or signing is enabled.");
+        }
+    }
+
+}

Propchange: sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyRequestValidator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/package-info.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/package-info.java?rev=1709601&view=auto
==============================================================================
--- sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/package-info.java (added)
+++ sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/package-info.java Tue Oct 20 14:12:31 2015
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * Provides topology connector implementations for discovery
+ * implementors that choose to extend from discovery.base
+ *
+ * @version 1.0.0
+ */
+@Version("1.0.0")
+package org.apache.sling.discovery.base.connectors.ping;
+
+import aQute.bnd.annotation.Version;
+

Propchange: sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/package-info.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/SubnetWhitelistEntry.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/SubnetWhitelistEntry.java?rev=1709601&view=auto
==============================================================================
--- sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/SubnetWhitelistEntry.java (added)
+++ sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/SubnetWhitelistEntry.java Tue Oct 20 14:12:31 2015
@@ -0,0 +1,47 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.discovery.base.connectors.ping.wl;
+
+import javax.servlet.ServletRequest;
+
+import org.apache.commons.net.util.SubnetUtils;
+import org.apache.commons.net.util.SubnetUtils.SubnetInfo;
+
+/**
+ * Implementation of a WhitelistEntry which accepts
+ * cidr and ip mask notations.
+ */
+public class SubnetWhitelistEntry implements WhitelistEntry {
+
+    private final SubnetInfo subnetInfo;
+    
+    public SubnetWhitelistEntry(String cidrNotation) {
+        subnetInfo = new SubnetUtils(cidrNotation).getInfo();
+    }
+    
+    public SubnetWhitelistEntry(String ip, String subnetMask) {
+        subnetInfo = new SubnetUtils(ip, subnetMask).getInfo();
+    }
+    
+    public boolean accepts(ServletRequest request) {
+        final String remoteAddr = request.getRemoteAddr();
+        return subnetInfo.isInRange(remoteAddr);
+    }
+
+}

Propchange: sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/SubnetWhitelistEntry.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/WhitelistEntry.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/WhitelistEntry.java?rev=1709601&view=auto
==============================================================================
--- sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/WhitelistEntry.java (added)
+++ sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/WhitelistEntry.java Tue Oct 20 14:12:31 2015
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.discovery.base.connectors.ping.wl;
+
+import javax.servlet.ServletRequest;
+
+/**
+ * A WhitelistEntry is capable of accepting certain requests
+ * depending on a configuration.
+ */
+public interface WhitelistEntry {
+
+    /**
+     * @param request the incoming request which should be accepted or rejected
+     * @return true if the request is accepted by this WhitelistEntry
+     */
+    public boolean accepts(ServletRequest request);
+    
+}

Propchange: sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/WhitelistEntry.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/WildcardHelper.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/WildcardHelper.java?rev=1709601&view=auto
==============================================================================
--- sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/WildcardHelper.java (added)
+++ sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/WildcardHelper.java Tue Oct 20 14:12:31 2015
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.discovery.base.connectors.ping.wl;
+
+import java.util.regex.Pattern;
+
+/** Helper class for wildcards **/
+public class WildcardHelper {
+
+    /** converts a string containing wildcards (* and ?) into a valid regex **/
+    public static String wildcardAsRegex(String patternWithWildcards) {
+        if (patternWithWildcards==null) {
+            throw new IllegalArgumentException("patternWithWildcards must not be null");
+        }
+        return "\\Q"+patternWithWildcards.replace("?", "\\E.\\Q").replace("*", "\\E.*\\Q")+"\\E";
+    }
+
+    /**
+     * Compare a given string (comparee) against a pattern that contains wildcards
+     * and return true if it matches.
+     * @param comparee the string which should be tested against a pattern containing wildcards
+     * @param patternWithWildcards the pattern containing wildcards (* and ?)
+     * @return true if the comparee string matches against the pattern containing wildcards
+     */
+    public static boolean matchesWildcard(String comparee, String patternWithWildcards) {
+        if (comparee==null) {
+            throw new IllegalArgumentException("comparee must not be null");
+        }
+        if (patternWithWildcards==null) {
+            throw new IllegalArgumentException("patternWithEWildcards must not be null");
+        }
+        final String regex = wildcardAsRegex(patternWithWildcards);
+        return Pattern.matches(regex, comparee);
+    }
+
+}

Propchange: sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/WildcardHelper.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/WildcardWhitelistEntry.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/WildcardWhitelistEntry.java?rev=1709601&view=auto
==============================================================================
--- sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/WildcardWhitelistEntry.java (added)
+++ sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/WildcardWhitelistEntry.java Tue Oct 20 14:12:31 2015
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.discovery.base.connectors.ping.wl;
+
+import javax.servlet.ServletRequest;
+
+/**
+ * Implementation of a WhitelistEntry which can accept
+ * wildcards (* and ?) in both IP and hostname
+ */
+public class WildcardWhitelistEntry implements WhitelistEntry {
+
+    private final String hostOrAddressWithWildcard;
+    
+    public WildcardWhitelistEntry(String hostOrAddressWithWildcard) {
+        this.hostOrAddressWithWildcard = hostOrAddressWithWildcard;
+    }
+    
+    public boolean accepts(ServletRequest request) {
+        if (WildcardHelper.matchesWildcard(request.getRemoteAddr(), hostOrAddressWithWildcard)) {
+            return true;
+        }
+        if (WildcardHelper.matchesWildcard(request.getRemoteHost(), hostOrAddressWithWildcard)) {
+            return true;
+        }
+        return false;
+    }
+
+}

Propchange: sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/WildcardWhitelistEntry.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/package-info.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/package-info.java?rev=1709601&view=auto
==============================================================================
--- sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/package-info.java (added)
+++ sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/package-info.java Tue Oct 20 14:12:31 2015
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * Provides whitelist-related classes for discovery
+ * implementors that choose to extend from discovery.base
+ *
+ * @version 1.0.0
+ */
+@Version("1.0.0")
+package org.apache.sling.discovery.base.connectors.ping.wl;
+
+import aQute.bnd.annotation.Version;
+

Propchange: sling/trunk/bundles/extensions/discovery/base/src/main/java/org/apache/sling/discovery/base/connectors/ping/wl/package-info.java
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message