tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Blevins (JIRA)" <>
Subject [jira] Commented: (OPENEJB-711) ServiceAccessController does not call checkHostsAuthorization()
Date Fri, 01 Feb 2008 04:53:08 GMT


David Blevins commented on OPENEJB-711:

In JIRA issue OPENEJB-711, Jarek Gawor wrote:
 > A simple change to ensure that hostAuthorization() is
 > called. However, this has significant implications. If applied, by
 > default only local ip addresses will be allowed to access the server
 > (which I think matches 2.0 behavior) but is different from previous
 > openejb 3.0 beta releases were all ip addresses were allowed by
 > default.  I can submit another patch if a different solution is
 > needed (e.g. to match 3.0 beta behavior)

Wished I'd spotted this one sooner.  I think by now we might be better  
off allowing all hosts to access unless the only_from is specified.   
Now that I think of it, I'm pretty sure the xinet.d default for  
only_from is that everyone is allowed:  only_from as well as the other  
server service properties were designed after xinet.d.  Not sure why  
we ever set the default to localhost only (likely my bad idea).

On a related note, Gianny added some really great masking in 2.x to  
match the equivalent xinetd functionality, allowing for more ways to  
express who can access the service can be used other than a fixed IP.   
One of the few gems we haven't ported yet.  This is the commit if you  
feel like porting


> ServiceAccessController does not call checkHostsAuthorization()
> ---------------------------------------------------------------
>                 Key: OPENEJB-711
>                 URL:
>             Project: OpenEJB
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 3.0.x
>            Reporter: Jarek Gawor
>         Attachments: OPENEJB-711.patch
> ServiceAccessController does not call checkHostsAuthorization() and therefore, the user
is unable to set a list of ip addresses that can access the server (using the only_from property).
All addresses are always allowed. I believe this used to be supported with OpenEJB 2. 

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message