From 2066fa7d0b1b778c6995934bbcec0280bb629284 Mon Sep 17 00:00:00 2001 From: Henrich Kraemer Date: Fri, 2 Feb 2018 14:21:00 +0100 Subject: [PATCH 1/2] Prevent reverse name lookup when configuring Jetty's address Previously, the host on Jetty's connector was configured using the host address of the InetSocketAddress. This could result in reverse name resolution that could cause Jetty to bind to a different IP address than was configured. This commit updates the configuration code to use the host string when specifically does not perform reverse name resolution. See gh-11889 --- .../JettyEmbeddedServletContainerFactory.java | 6 ++-- ...yEmbeddedServletContainerFactoryTests.java | 29 +++++++++++++++++++ 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java b/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java index bc31108a729..2be9c21a264 100644 --- a/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java +++ b/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java @@ -101,6 +101,8 @@ import org.springframework.util.StringUtils; * @author Eddú Meléndez * @author Venil Noronha * @author Henri Kerola + * @author Henrich Krämer + * * @see #setPort(int) * @see #setConfigurations(Collection) * @see JettyEmbeddedServletContainer @@ -895,7 +897,7 @@ public class JettyEmbeddedServletContainerFactory ReflectionUtils.findMethod(connectorClass, "setPort", int.class) .invoke(connector, address.getPort()); ReflectionUtils.findMethod(connectorClass, "setHost", String.class) - .invoke(connector, address.getHostName()); + .invoke(connector, address.getHostString()); if (acceptors > 0) { ReflectionUtils.findMethod(connectorClass, "setAcceptors", int.class) .invoke(connector, acceptors); @@ -924,7 +926,7 @@ public class JettyEmbeddedServletContainerFactory public AbstractConnector createConnector(Server server, InetSocketAddress address, int acceptors, int selectors) { ServerConnector connector = new ServerConnector(server, acceptors, selectors); - connector.setHost(address.getHostName()); + connector.setHost(address.getHostString()); connector.setPort(address.getPort()); for (ConnectionFactory connectionFactory : connector .getConnectionFactories()) { diff --git a/spring-boot/src/test/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactoryTests.java b/spring-boot/src/test/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactoryTests.java index cce0048cd66..7faf6652e51 100644 --- a/spring-boot/src/test/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactoryTests.java +++ b/spring-boot/src/test/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactoryTests.java @@ -17,6 +17,7 @@ package org.springframework.boot.context.embedded.jetty; import java.io.IOException; +import java.net.InetAddress; import java.nio.charset.Charset; import java.util.Arrays; import java.util.Locale; @@ -35,6 +36,8 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.jasper.servlet.JspServlet; +import org.eclipse.jetty.server.AbstractNetworkConnector; +import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.Handler; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.ServerConnector; @@ -114,6 +117,32 @@ public class JettyEmbeddedServletContainerFactoryTests } } + @Test + public void specificIPAddressNotReverseResolved() throws Exception { + JettyEmbeddedServletContainerFactory factory = getFactory(); + final String[] refAncHost = new String[1]; + refAncHost[0] = "HostNotSetInAbstractNetworkConnector"; + InetAddress lhAddress = InetAddress.getLocalHost(); + InetAddress address = InetAddress.getByAddress(lhAddress.getAddress()); + // the address should have no host name associated with ith + String expectedHost = address.getHostAddress(); + factory.setAddress(address); + factory.addServerCustomizers(server -> { + for (Connector connector : server.getConnectors()) { + if (connector instanceof AbstractNetworkConnector) { + @SuppressWarnings("resource") + AbstractNetworkConnector anc = (AbstractNetworkConnector) connector; + String ancHost = anc.getHost(); + refAncHost[0] = ancHost; + break; + } + } + }); + this.container = factory + .getEmbeddedServletContainer(exampleServletRegistration()); + assertThat(refAncHost[0]).isEqualTo(expectedHost); + } + @Test public void sessionTimeout() throws Exception { JettyEmbeddedServletContainerFactory factory = getFactory(); From a1b823fc4320f13506066322c6763e09806bcfd9 Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Fri, 2 Feb 2018 14:48:06 +0000 Subject: [PATCH 2/2] =?UTF-8?q?Polish=20=E2=80=9CPrevent=20reverse=20name?= =?UTF-8?q?=20lookup=20when=20configuring=20Jetty's=20address=E2=80=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Closes gh-11889 --- .../JettyEmbeddedServletContainerFactory.java | 2 +- ...yEmbeddedServletContainerFactoryTests.java | 30 +++++-------------- 2 files changed, 9 insertions(+), 23 deletions(-) diff --git a/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java b/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java index 2be9c21a264..a797232f79e 100644 --- a/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java +++ b/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2017 the original author or authors. + * Copyright 2012-2018 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/spring-boot/src/test/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactoryTests.java b/spring-boot/src/test/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactoryTests.java index 7faf6652e51..5403f2b28df 100644 --- a/spring-boot/src/test/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactoryTests.java +++ b/spring-boot/src/test/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactoryTests.java @@ -36,7 +36,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.jasper.servlet.JspServlet; -import org.eclipse.jetty.server.AbstractNetworkConnector; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.Handler; import org.eclipse.jetty.server.Server; @@ -120,27 +119,14 @@ public class JettyEmbeddedServletContainerFactoryTests @Test public void specificIPAddressNotReverseResolved() throws Exception { JettyEmbeddedServletContainerFactory factory = getFactory(); - final String[] refAncHost = new String[1]; - refAncHost[0] = "HostNotSetInAbstractNetworkConnector"; - InetAddress lhAddress = InetAddress.getLocalHost(); - InetAddress address = InetAddress.getByAddress(lhAddress.getAddress()); - // the address should have no host name associated with ith - String expectedHost = address.getHostAddress(); - factory.setAddress(address); - factory.addServerCustomizers(server -> { - for (Connector connector : server.getConnectors()) { - if (connector instanceof AbstractNetworkConnector) { - @SuppressWarnings("resource") - AbstractNetworkConnector anc = (AbstractNetworkConnector) connector; - String ancHost = anc.getHost(); - refAncHost[0] = ancHost; - break; - } - } - }); - this.container = factory - .getEmbeddedServletContainer(exampleServletRegistration()); - assertThat(refAncHost[0]).isEqualTo(expectedHost); + InetAddress localhost = InetAddress.getLocalHost(); + factory.setAddress(InetAddress.getByAddress(localhost.getAddress())); + this.container = factory.getEmbeddedServletContainer(); + this.container.start(); + Connector connector = ((JettyEmbeddedServletContainer) this.container).getServer() + .getConnectors()[0]; + assertThat(((ServerConnector) connector).getHost()) + .isEqualTo(localhost.getHostAddress()); } @Test