tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Denying IPs using the Valve command in context.xml
Date Tue, 04 Oct 2011 22:12:52 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

André,

On 10/4/2011 5:48 PM, André Warnier wrote:
> Yes, because if one defines e.g. a Pattern "^abcdef" and uses it
> via yesno = Pattern.matches("^abcdef",input); it will actually
> match the pattern at the beginning of the string only, which is
> what one would expect.  Thus
> 
> Pattern.matches("^abc","abcdef");
> 
> would return true, while this :
> 
> Pattern.compile("^abc").matcher("abcdef").matches()
> 
> would return false (according to what I read in the documentation
> of Matcher.matches()). Not so ?

I'm not sure how Pattern.matches() would be different than
Pattern.matcher().matches(), given that it is documented to be identical.

>>> So my question is : which of Matcher or Pattern is really used
>>> in the Valve's code ?
>> 
>> You could read the code :)
> 
> Do you mean to say that trying to configure Tomcat according to
> the online documentation, with the purpose of using it as a
> servlet container, is reserved exclusively for java programmers ? 
> ;-)

No, I meant to say that you've been around long enough that you don't
have to speculate.

> I guess that what I have trouble understanding here, is how the
> Java regex library can go about allowing to create a Pattern like
> "^abc", and then using it in a Matcher.matches() method, completely
> ignoring the anchors which it accepted in the Pattern and silently
> inserting its own.

It can and should, because it's documented to do so. Nobody is saying
it's the "right" thing to do... just that it's what it does do.

> But then, how come they are not, in the allow/deny of the Valve ?

Because of the choice to use Matcher.matches() instead of something
more nuanced.

> Does the Valve code itself strip any provided anchors, and "force"
> ^ and $ around the expression provided in the allow/deny attributes
> ?

No, it keeps them in-tact. It's the library that essentially ignores them.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6LhOQACgkQ9CaO5/Lv0PBFfwCfcT5d7reodusMTNR2GgWvBoZx
wigAoLKwFDgE1p7ijEPxnpn2rFCwbAYT
=kZqV
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message