우선 제끼나님이 올려주신 RemoteAddrValve 관련 글을 한번 확인해 보겠습니다.

http://sarc.io/index.php/apache-tomcat/494-was-context-path-ip-was

 

그리고 이제 Apache에서 공식적으로 말하는 RemoteAddrValve의 allow, deny에 대해 알아보겠습니다.

Tomcat 6.x

allow
A comma-separated list of regular expression patterns that the remote client's IP address is compared to. If this attribute is specified, the remote address MUST match for this request to be accepted. If this attribute is not specified, all requests will be accepted UNLESS the remote address matches a deny pattern.

deny
A comma-separated list of regular expression patterns that the remote client's IP address is compared to. If this attribute is specified, the remote address MUST NOT match for this request to be accepted. If this attribute is not specified, request acceptance is governed solely by the allow attribute.

Tomcat 7.x

allow
A regular expression (using java.util.regex) that the remote client's IP address is compared to. If this attribute is specified, the remote address MUST match for this request to be accepted. If this attribute is not specified, all requests will be accepted UNLESS the remote address matches a deny pattern.

deny
A regular expression (using java.util.regex) that the remote client's IP address is compared to. If this attribute is specified, the remote address MUST NOT match for this request to be accepted. If this attribute is not specified, request acceptance is governed solely by the allow attribute.

혹시 차이점을 찾으셨나요?

 

이제 두 버전의 RequestFilterValve를 확인해 보려고 합니다. (RemoteAddrValve는 RequestFilterValve를 기반으로 합니다)

Tomcat 6.x의 setAllow, setDeny 메소드

    public void setAllow(String allow) {
        boolean success = false;
        try {
            this.allow = allow;
            allows = precalculate(allow);
            success = true;
        } finally {
            allowValid = success;
        }
    }
 
    public void setDeny(String deny) {
        boolean success = false;
        try {
            this.deny = deny;
            denies = precalculate(deny);
            success = true;
        } finally {
            denyValid = success;
        }
    }

precalculate 메소드도 살펴봅니다.

    protected Pattern[] precalculate(String list) {
 
        if (list == null)
            return (new Pattern[0]);
        list = list.trim();
        if (list.length() < 1)
            return (new Pattern[0]);
        list += ",";
 
        ArrayList reList = new ArrayList();
        while (list.length() > 0) {
            int comma = list.indexOf(',');
            if (comma < 0)
                break;
            String pattern = list.substring(0, comma).trim();
            try {
                reList.add(Pattern.compile(pattern));
            } catch (PatternSyntaxException e) {
                IllegalArgumentException iae = new IllegalArgumentException
                    (sm.getString("requestFilterValve.syntax", pattern));
                iae.initCause(e);
                throw iae;
            }
            list = list.substring(comma + 1);
        }
 
        Pattern reArray[] = new Pattern[reList.size()];
        return ((Pattern[]) reList.toArray(reArray));
 
    }

 Tomcat 7.x의 setAllow, setDeny 메소드

    public void setAllow(String allow) {
        if (allow == null || allow.length() == 0) {
            this.allow = null;
            allowValue = null;
            allowValid = true;
        } else {
            boolean success = false;
            try {
                allowValue = allow;
                this.allow = Pattern.compile(allow);
                success = true;
            } finally {
                allowValid = success;
            }
        }
    }
 
    public void setDeny(String deny) {
        if (deny == null || deny.length() == 0) {
            this.deny = null;
            denyValue = null;
            denyValid = true;
        } else {
            boolean success = false;
            try {
                denyValue = deny;
                this.deny = Pattern.compile(deny);
                success = true;
            } finally {
                denyValid = success;
            }
        }
    }

 

결론.

  • Tomcat 6.x : "," (comma) 구분
  • Tomcat 7.x : 정규 표현식을 따름

 

끝.