Author: mmusaji Date: 2012-08-10 11:33:30 -0400 (Fri, 10 Aug 2012) New Revision: 2061 Modified: branches/JBOSSWEB_7_0_16_FINAL_JBPAPP-9404/java/org/apache/catalina/connector/Connector.java branches/JBOSSWEB_7_0_16_FINAL_JBPAPP-9404/java/org/apache/catalina/connector/CoyoteAdapter.java Log: [JBPAPP-9404] Added fix so allowedHosts are correctly found. Also added changes so that a copy of the Set of allowedHost is stored as lower case to avoid a bug which was found in the original fix for this Modified: branches/JBOSSWEB_7_0_16_FINAL_JBPAPP-9404/java/org/apache/catalina/connector/Connector.java =================================================================== --- branches/JBOSSWEB_7_0_16_FINAL_JBPAPP-9404/java/org/apache/catalina/connector/Connector.java 2012-08-10 12:13:30 UTC (rev 2060) +++ branches/JBOSSWEB_7_0_16_FINAL_JBPAPP-9404/java/org/apache/catalina/connector/Connector.java 2012-08-10 15:33:30 UTC (rev 2061) @@ -19,6 +19,8 @@ package org.apache.catalina.connector; import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; import java.util.Set; import javax.management.MBeanRegistration; @@ -268,7 +270,7 @@ * Allowed virtual hosts. */ protected Set<String> allowedHosts = null; - + protected Set<String> allowedHostsIgnoreCase = new HashSet(); protected static HashMap<String, String> replacements = new HashMap<String, String>(); static { @@ -391,8 +393,20 @@ public void setAllowedHosts(Set<String> allowedHosts) { this.allowedHosts = allowedHosts; - + addAllowedHostsToLowerCaseSet(); } + + private void addAllowedHostsToLowerCaseSet() { + Iterator<String> it = allowedHosts.iterator(); + while (it.hasNext()) { + String allowedHost = it.next(); + allowedHostsIgnoreCase.add(allowedHost.toLowerCase()); + } + } + + public Set<String> getAllowedHostsIgnoreCase() { + return allowedHostsIgnoreCase; + } /** * Is this connector available for processing requests? Modified: branches/JBOSSWEB_7_0_16_FINAL_JBPAPP-9404/java/org/apache/catalina/connector/CoyoteAdapter.java =================================================================== --- branches/JBOSSWEB_7_0_16_FINAL_JBPAPP-9404/java/org/apache/catalina/connector/CoyoteAdapter.java 2012-08-10 12:13:30 UTC (rev 2060) +++ branches/JBOSSWEB_7_0_16_FINAL_JBPAPP-9404/java/org/apache/catalina/connector/CoyoteAdapter.java 2012-08-10 15:33:30 UTC (rev 2061) @@ -55,6 +55,7 @@ import org.apache.catalina.Context; import org.apache.catalina.Globals; +import org.apache.catalina.Host; import org.apache.catalina.Manager; import org.apache.catalina.Session; import org.apache.catalina.Wrapper; @@ -542,11 +543,13 @@ res.setMessage("Context not mapped"); return false; } - if (connector.getAllowedHosts() != null - && !connector.getAllowedHosts().contains(request.getMappingData().host)) { - res.setStatus(403); - res.setMessage("Host access is forbidden through this connector"); - return false; + if (connector.getAllowedHosts() != null) { + Host host = (Host) request.getMappingData().host; + if (!connector.getAllowedHostsIgnoreCase().contains(host.getName())) { + res.setStatus(403); + res.setMessage("Host access is forbidden through this connector"); + return false; + } } // Filter trace method