From 764c8171bc0fa8dbcc0ffbd987b7acf817a6fa4d Mon Sep 17 00:00:00 2001
From: Lachlan Roberts <lachlan@webtide.com>
Date: Fri, 25 Aug 2023 13:53:24 +1000
Subject: [PATCH] Issue #10388 - fix InetAccessHandler module

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
---
 .../src/main/config/modules/inetaccess.mod      | 16 +++++-----------
 .../config/modules/inetaccess/inetaccess.xml    | 13 -------------
 .../modules/inetaccess/jetty-inetaccess.xml     | 14 --------------
 .../jetty/server/handler/InetAccessSet.java     | 17 ++++++++++-------
 4 files changed, 15 insertions(+), 45 deletions(-)
 delete mode 100644 jetty-server/src/main/config/modules/inetaccess/inetaccess.xml

diff --git a/jetty-server/src/main/config/modules/inetaccess.mod b/jetty-server/src/main/config/modules/inetaccess.mod
index 8716b1d4e798..acd2ceacfe75 100644
--- a/jetty-server/src/main/config/modules/inetaccess.mod
+++ b/jetty-server/src/main/config/modules/inetaccess.mod
@@ -2,7 +2,7 @@
 
 [description]
 Enables the InetAccessHandler.
-Applies a include/exclude control of the remote IP of requests.
+Applies an include/exclude control of the remote IP of requests.
 
 [tags]
 connector
@@ -18,15 +18,9 @@ etc/jetty-inetaccess.xml
 
 [ini-template]
 
-## List of InetAddress patterns to include
-#jetty.inetaccess.include=127.0.0.1,127.0.0.2
+## List of InetAddress patterns to include (connectorName@addressPattern|pathSpec)
+#jetty.inetaccess.include=http@127.0.0.1-127.0.0.2|/pathSpec,tls@,|/pathSpec2,127.0.0.20
 
-## List of InetAddress patterns to exclude
-#jetty.inetaccess.exclude=127.0.0.1,127.0.0.2
-
-## List of Connector names to include
-#jetty.inetaccess.includeConnectors=http
-
-## List of Connector names to exclude
-#jetty.inetaccess.excludeConnectors=tls
+## List of InetAddress patterns to exclude (connectorName@addressPattern|pathSpec)
+#jetty.inetaccess.exclude=http@127.0.0.1-127.0.0.2|/pathSpec,tls@,|/pathSpec2,127.0.0.20
 
diff --git a/jetty-server/src/main/config/modules/inetaccess/inetaccess.xml b/jetty-server/src/main/config/modules/inetaccess/inetaccess.xml
deleted file mode 100644
index 34af6f2e8289..000000000000
--- a/jetty-server/src/main/config/modules/inetaccess/inetaccess.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "https://www.eclipse.org/jetty/configure_10_0.dtd">
-
-<Configure id="Server" class="org.eclipse.jetty.server.Server">
-  <Call name="insertHandler">
-    <Arg>
-      <New id="InetAccessHandler" class="org.eclipse.jetty.server.handler.InetAccessHandler">
-	<Call name="include"><Arg>127.0.0.1-127.0.0.255</Arg></Call>
-	<Call name="exclude"><Arg>127.0.0.128-127.0.0.129</Arg></Call>
-      </New>
-    </Arg>
-  </Call>
-</Configure>
diff --git a/jetty-server/src/main/config/modules/inetaccess/jetty-inetaccess.xml b/jetty-server/src/main/config/modules/inetaccess/jetty-inetaccess.xml
index e784968e37bc..f30fe062f66f 100644
--- a/jetty-server/src/main/config/modules/inetaccess/jetty-inetaccess.xml
+++ b/jetty-server/src/main/config/modules/inetaccess/jetty-inetaccess.xml
@@ -19,20 +19,6 @@
             </Call>
           </Arg>
         </Call>
-        <Call name="includeConnectors">
-          <Arg>
-            <Call class="org.eclipse.jetty.util.StringUtil" name="csvSplit">
-              <Arg><Property name="jetty.inetaccess.includeConnectors" default="" /></Arg>
-            </Call>
-          </Arg>
-        </Call>
-        <Call name="excludeConnectors">
-          <Arg>
-            <Call class="org.eclipse.jetty.util.StringUtil" name="csvSplit">
-              <Arg><Property name="jetty.inetaccess.excludeConnectors" default="" /></Arg>
-            </Call>
-          </Arg>
-        </Call>
       </New>
     </Arg>
   </Call>
diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/InetAccessSet.java b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/InetAccessSet.java
index bb4327fb38b0..505512c4280a 100644
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/InetAccessSet.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/InetAccessSet.java
@@ -27,7 +27,7 @@
 
 public class InetAccessSet extends AbstractSet<InetAccessSet.PatternTuple> implements Set<InetAccessSet.PatternTuple>, Predicate<InetAccessSet.AccessTuple>
 {
-    private ArrayList<PatternTuple> tuples = new ArrayList<>();
+    private final ArrayList<PatternTuple> tuples = new ArrayList<>();
 
     @Override
     public boolean add(PatternTuple storageTuple)
@@ -67,7 +67,7 @@ public boolean test(AccessTuple entry)
         return false;
     }
 
-    static class PatternTuple implements Predicate<AccessTuple>
+    public static class PatternTuple implements Predicate<AccessTuple>
     {
         private final String connector;
         private final InetAddressPattern address;
@@ -110,19 +110,22 @@ public boolean test(AccessTuple entry)
             if ((connector != null) && !connector.equals(entry.getConnector()))
                 return false;
 
-            // If we have a path we must must be at this path to match for an address.
+            // If we have a path we must be at this path to match for an address.
             if ((pathSpec != null) && !pathSpec.matches(entry.getPath()))
                 return false;
 
             // Match for InetAddress.
-            if ((address != null) && !address.test(entry.getAddress()))
-                return false;
+            return (address == null) || address.test(entry.getAddress());
+        }
 
-            return true;
+        @Override
+        public String toString()
+        {
+            return String.format("%s@%x{connector=%s, addressPattern=%s, pathSpec=%s}", getClass().getSimpleName(), hashCode(), connector, address, pathSpec);
         }
     }
 
-    static class AccessTuple
+    public static class AccessTuple
     {
         private final String connector;
         private final InetAddress address;