From 93ce7e9bf4bfdcf4935bb65a557bc1211c4095ba Mon Sep 17 00:00:00 2001 From: Dominic Schabel Date: Fri, 10 Jun 2016 10:59:45 +0200 Subject: [PATCH] Constant for security log prefix introduced. Signed-off-by: Dominic Schabel --- .../eclipse/hawkbit/security/DosFilter.java | 36 +++++++------------ .../hawkbit/security/SecurityConstants.java | 24 +++++++++++++ 2 files changed, 36 insertions(+), 24 deletions(-) create mode 100644 hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SecurityConstants.java diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/DosFilter.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/DosFilter.java index f0d8f7d48..3f5d8437e 100644 --- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/DosFilter.java +++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/DosFilter.java @@ -8,8 +8,10 @@ */ package org.eclipse.hawkbit.security; +import static java.util.concurrent.TimeUnit.SECONDS; +import static org.eclipse.hawkbit.security.SecurityConstants.SECURITY_LOG_PREFIX; + import java.io.IOException; -import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicInteger; import java.util.regex.Pattern; @@ -31,25 +33,21 @@ import com.google.common.cache.CacheBuilder; /** * Filter for protection against denial of service attacks. It reduces the * maximum number of request per seconds which can be separately configured for - * read (GET) and write (PUT/POST/DELETE) requests. requests - * - * - * - * + * read (GET) and write (PUT/POST/DELETE) requests. */ public class DosFilter extends OncePerRequestFilter { private static final Logger LOG = LoggerFactory.getLogger(DosFilter.class); - private static final Logger LOG_DOS = LoggerFactory.getLogger("server-security.dos"); - private static final Logger LOG_BLACKLIST = LoggerFactory.getLogger("server-security.blacklist"); + private static final Logger LOG_DOS = LoggerFactory.getLogger(SECURITY_LOG_PREFIX + ".dos"); + private static final Logger LOG_BLACKLIST = LoggerFactory.getLogger(SECURITY_LOG_PREFIX + ".blacklist"); private final Pattern ipAdressBlacklist; - private final Cache readCountCache = CacheBuilder.newBuilder() - .expireAfterAccess(1, TimeUnit.SECONDS).build(); + private final Cache readCountCache = CacheBuilder.newBuilder().expireAfterAccess(1, SECONDS) + .build(); - private final Cache writeCountCache = CacheBuilder.newBuilder() - .expireAfterAccess(1, TimeUnit.SECONDS).build(); + private final Cache writeCountCache = CacheBuilder.newBuilder().expireAfterAccess(1, SECONDS) + .build(); private final Integer maxRead; private final Integer maxWrite; @@ -78,7 +76,7 @@ public class DosFilter extends OncePerRequestFilter { */ public DosFilter(final Integer maxRead, final Integer maxWrite, final String ipDosWhiteListPattern, final String ipBlackListPattern, final String forwardHeader) { - super(); + this.maxRead = maxRead; this.maxWrite = maxWrite; this.forwardHeader = forwardHeader; @@ -96,14 +94,6 @@ public class DosFilter extends OncePerRequestFilter { } } - /* - * (non-Javadoc) - * - * @see - * org.springframework.web.filter.OncePerRequestFilter#doFilterInternal( - * javax.servlet.http. HttpServletRequest, - * javax.servlet.http.HttpServletResponse, javax.servlet.FilterChain) - */ @Override protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response, final FilterChain filterChain) throws ServletException, IOException { @@ -152,11 +142,9 @@ public class DosFilter extends OncePerRequestFilter { } private static boolean handleMissingIpAddress(final HttpServletResponse response) { - boolean processChain; LOG.error("Failed to get peer IP adress"); response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value()); - processChain = false; - return processChain; + return false; } private boolean handleWriteRequest(final HttpServletResponse response, final String ip) { diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SecurityConstants.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SecurityConstants.java new file mode 100644 index 000000000..dc30411d0 --- /dev/null +++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SecurityConstants.java @@ -0,0 +1,24 @@ +/** + * Copyright (c) 2016 Bosch Software Innovations GmbH and others. + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + */ +package org.eclipse.hawkbit.security; + +/** + * Constants related to security. + */ +public final class SecurityConstants { + + /** + * Logger prefix used for security logging. + */ + public static final String SECURITY_LOG_PREFIX = "server-security"; + + private SecurityConstants() { + + } +}