Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Received-SPF: neutral (athena.apache.org: local policy)
Message-ID: <4E8B84E4.8080708@christopherschultz.net>
Date: Tue, 04 Oct 2011 18:12:52 -0400
From: Christopher Schultz <chris@christopherschultz.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1;
 rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Denying IPs using the Valve command in context.xml
References: <4E8B40A3.2010103@CyberTools.biz>	<4E8B4742.8040409@ice-sa.com>
	<CAG5OYaPO859g0hVPdAOWz4WkZHBrvwMcGFmreb0t2Rsuspdf0Q@mail.gmail.com>
	<4E8B5484.5030203@christopherschultz.net>
	<CAG5OYaNKsOM0g=iK8T4fh18VLmbka8pmEcEXX2=+_h0t3uGqDQ@mail.gmail.com>
	<4E8B59C8.7010006@christopherschultz.net>
	<CAG5OYaNthhZ8htt7iTP_hSL4dKdNqF91NkTAmB7-mx9FJL4Fxw@mail.gmail.com>
	<4E8B613E.2050203@ice-sa.com>
 <CAG5OYaOGX6QwoS1trKq=hp6bM7oODiUcWfGE-Wx3O78GRgT6Yw@mail.gmail.com>
 <4E8B71A5.6020802@ice-sa.com> <4E8B738C.2030605@christopherschultz.net>
 <4E8B7F11.4090807@ice-sa.com>
In-Reply-To: <4E8B7F11.4090807@ice-sa.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

André,

On 10/4/2011 5:48 PM, André Warnier wrote:
> Yes, because if one defines e.g. a Pattern "^abcdef" and uses it
> via yesno = Pattern.matches("^abcdef",input); it will actually
> match the pattern at the beginning of the string only, which is
> what one would expect.  Thus
> 
> Pattern.matches("^abc","abcdef");
> 
> would return true, while this :
> 
> Pattern.compile("^abc").matcher("abcdef").matches()
> 
> would return false (according to what I read in the documentation
> of Matcher.matches()). Not so ?

I'm not sure how Pattern.matches() would be different than
Pattern.matcher().matches(), given that it is documented to be identical.

>>> So my question is : which of Matcher or Pattern is really used
>>> in the Valve's code ?
>> 
>> You could read the code :)
> 
> Do you mean to say that trying to configure Tomcat according to
> the online documentation, with the purpose of using it as a
> servlet container, is reserved exclusively for java programmers ? 
> ;-)

No, I meant to say that you've been around long enough that you don't
have to speculate.

> I guess that what I have trouble understanding here, is how the
> Java regex library can go about allowing to create a Pattern like
> "^abc", and then using it in a Matcher.matches() method, completely
> ignoring the anchors which it accepted in the Pattern and silently
> inserting its own.

It can and should, because it's documented to do so. Nobody is saying
it's the "right" thing to do... just that it's what it does do.

> But then, how come they are not, in the allow/deny of the Valve ?

Because of the choice to use Matcher.matches() instead of something
more nuanced.

> Does the Valve code itself strip any provided anchors, and "force"
> ^ and $ around the expression provided in the allow/deny attributes
> ?

No, it keeps them in-tact. It's the library that essentially ignores them.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6LhOQACgkQ9CaO5/Lv0PBFfwCfcT5d7reodusMTNR2GgWvBoZx
wigAoLKwFDgE1p7ijEPxnpn2rFCwbAYT
=kZqV
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org