Enhancement Request 37862184 - [37669786->25.09] ENH: Add support for comma separated list of hosts for the authorized-hosts host-address element (main->ce-main)

Remote remote.full on coherence-ce/main success, changes 115813, synced @115813, job.9.20250423025227.8218

[git-p4: depot-paths = "//dev/coherence-ce/main/": change = 115816]

Author: jfialli

prj/coherence-core/src/main/java/com/tangosol/coherence/config/xml/processor/AuthorizedHostsProcessor.java

@@ -1,8 +1,8 @@
 /*
- * Copyright (c) 2000, 2020, Oracle and/or its affiliates.
+ * Copyright (c) 2000, 2025, Oracle and/or its affiliates.
  *
  * Licensed under the Universal Permissive License v 1.0 as shown at
- * http://oss.oracle.com/licenses/upl.
+ * https://oss.oracle.com/licenses/upl.
  */
 package com.tangosol.coherence.config.xml.processor;
 
@@ -19,6 +19,7 @@
 
 import com.tangosol.util.Filter;
 
+import java.util.Arrays;
 import java.util.Iterator;
 
 /**
@@ -32,7 +33,10 @@ public class AuthorizedHostsProcessor
         implements ElementProcessor<ParameterizedBuilder<Filter>>
     {
     /**
-     * {@inheritDoc}
+     * An {@link ElementProcessor} for &lt;authorized-hosts&gt; Configuration Elements.
+     * <p>
+     * Since 25.03.1, the {@code authorized-hosts.host-address} value can be either an IP host address or
+     * a comma separated list of IP host addresses.
      */
     @Override
     public ParameterizedBuilder<Filter> process(ProcessingContext context, XmlElement xmlElement)
@@ -54,9 +58,18 @@ public ParameterizedBuilder<Filter> process(ProcessingContext context, XmlElemen
             // <host-address>
             for (Iterator iter = xmlElement.getElements("host-address"); iter.hasNext(); )
                 {
-                XmlElement xmlHost = (XmlElement) iter.next();
+                String hostString = ((XmlElement) iter.next()).getString();
 
-                builder.addAuthorizedHostsToFilter(xmlHost.getString(), null);
+                if (hostString.contains(","))
+                    {
+                    Arrays.stream(hostString.split(","))
+                            .map(String::trim)
+                            .forEach(s -> builder.addAuthorizedHostsToFilter(s, null));
+                    }
+                else
+                    {
+                    builder.addAuthorizedHostsToFilter(hostString, null);
+                    }
                 }
 
             // <host-range>

prj/coherence-core/src/main/java/com/tangosol/internal/net/LegacyXmlConfigHelper.java

@@ -1,8 +1,8 @@
 /*
- * Copyright (c) 2000, 2020, Oracle and/or its affiliates.
+ * Copyright (c) 2000, 2025, Oracle and/or its affiliates.
  *
  * Licensed under the Universal Permissive License v 1.0 as shown at
- * http://oss.oracle.com/licenses/upl.
+ * https://oss.oracle.com/licenses/upl.
  */
 package com.tangosol.internal.net;
 
@@ -28,6 +28,7 @@
 import java.net.InetSocketAddress;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.Iterator;
 import java.util.List;
@@ -94,6 +95,9 @@ else if (!xml.getElementList().isEmpty())
 
     /**
      * Parse the XML and return the authorized hosts filter.
+     * <p>
+     * Since 25.03.1, the {@code authorized-hosts.host-address} element's value can be either an IP host address or
+     * a comma separated list of IP host addresses.
      *
      * @param xml  the parent of the authorized-hosts XML element
      *
@@ -122,7 +126,19 @@ public static ParameterizedBuilder<Filter> parseAuthorizedHosts(XmlElement xml)
                 {
                 xmlVal = (XmlElement) iter.next();
 
-                builder.addAuthorizedHostsToFilter(xmlVal.getString(), null);
+                String hostString = xmlVal.getString();
+
+                // enable comma separated list of host for coherence.extend.authorized.hosts system property for host-address element.
+                if (hostString.contains(","))
+                    {
+                    Arrays.stream(hostString.split(","))
+                            .map(String::trim)
+                            .forEach(s -> builder.addAuthorizedHostsToFilter(s, null));
+                    }
+                else
+                    {
+                    builder.addAuthorizedHostsToFilter(hostString, null);
+                    }
                 }
 
             // <host-range>

prj/coherence-core/src/main/java/com/tangosol/internal/net/cluster/LegacyXmlClusterDependencies.java

@@ -675,6 +675,9 @@ private void configureOutgoingMessageHandler(XmlElement xml)
 
     /**
      * Configure the authorized hosts fields.
+     * <p>
+     * Since 25.03.1, the {@code authorized-hosts.host-address} element's value can be either an IP host address or
+     * a comma separated list of IP host addresses.
      *
      * @param xml  the authorized-hosts xml element
      */
@@ -701,10 +704,25 @@ private void configureAuthorizedHosts(XmlElement xml)
         // <host-address>
         for (Iterator iter = xmlCat.getElements("host-address"); iter.hasNext(); )
             {
-            xmlVal = (XmlElement) iter.next();
-            if (addAuthorizedHostsToFilter(filter, xmlVal.getString(), /* sAddrTo */ null))
+            String hostString = ((XmlElement) iter.next()).getString();
+
+            // enable comma separated list of hosts for coherence.authorized.hosts system property for host-address element.
+            if (hostString.contains(","))
                 {
-                fFilterAdded = true;
+                for (String host : hostString.split(","))
+                    {
+                    if (addAuthorizedHostsToFilter(filter, host, /* sAddrTo */ null))
+                        {
+                        fFilterAdded = true;
+                        }
+                    }
+                }
+            else
+                {
+                if (addAuthorizedHostsToFilter(filter, hostString, /* sAddrTo */ null))
+                    {
+                    fFilterAdded = true;
+                    }
                 }
             }
 

prj/coherence-core/src/main/resources/coherence-config-base.xsd

@@ -1,6 +1,6 @@
 <?xml version="1.0"?>
 <!--
-  Copyright (c) 2000, 2024, Oracle and/or its affiliates.
+  Copyright (c) 2000, 2025, Oracle and/or its affiliates.
 
   Licensed under the Universal Permissive License v 1.0 as shown at
   https://oss.oracle.com/licenses/upl.
@@ -1821,6 +1821,7 @@
         <xsd:annotation>
             <xsd:documentation>
                 The host-address element specifies a host IP address.
+                Since 25.03.1, it also can be a comma separated list of host IP addresses.
 
                 Used in: authorized-hosts
             </xsd:documentation>

prj/coherence-core/src/main/resources/com/oracle/coherence/defaults/coherence-cache-config.xml

@@ -323,6 +323,9 @@ class path, or module path, of the JVM.
             <address system-property="coherence.extend.address"/>
             <port system-property="coherence.extend.port"/>
           </local-address>
+          <authorized-hosts>
+            <host-address system-property="coherence.extend.authorized.hosts"></host-address>
+          </authorized-hosts>
         </tcp-acceptor>
         <serializer>${coherence.extend.serializer ${coherence.serializer}}</serializer>
       </acceptor-config>

prj/coherence-core/src/main/resources/tangosol-coherence.xml

@@ -191,7 +191,7 @@ to find specific notes on changes suggested for production use.
     </outgoing-message-handler>
 
     <authorized-hosts>
-      <host-address></host-address>
+      <host-address system-property="coherence.authorized.hosts"></host-address>
       <host-range>
         <from-address></from-address>
         <to-address></to-address>

prj/test/functional/extend/src/main/java/extend/AuthorizedHostsRejectedBySystemPropertyTests.java

@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 2000, 2025, Oracle and/or its affiliates.
+ *
+ * Licensed under the Universal Permissive License v 1.0 as shown at
+ * https://oss.oracle.com/licenses/upl.
+ */
+package extend;
+
+import java.util.Properties;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import com.oracle.coherence.testing.AbstractFunctionalTest;
+
+import static org.junit.Assert.*;
+
+/**
+ * A collection of functional tests for a Coherence*Extend proxy that uses
+ * system property coherence.extend.authorized hosts addresses and try to connect to an address that is not
+ * authorized.
+ *
+ * @author jf  2025.04.17
+ */
+public class AuthorizedHostsRejectedBySystemPropertyTests
+        extends AbstractFunctionalTest
+    {
+    // ----- constructors ---------------------------------------------------
+
+    /**
+     * Default constructor.
+     */
+    public AuthorizedHostsRejectedBySystemPropertyTests()
+        {
+        super(AbstractExtendTests.FILE_CLIENT_CFG_CACHE);
+        }
+
+    // ----- test lifecycle -------------------------------------------------
+
+    /**
+     * Initialize the test class.
+     */
+    @BeforeClass
+    public static void startup()
+        {
+        Properties props = new Properties();
+
+        props.put("coherence.extend.authorized.hosts", "baddomain.bad,2.3.4.5");
+        startCacheServer("AuthorizedHostsRejectedBySystemPropertyTests", "extend",
+                         "authorized-hosts-cache-config-sysprop.xml", props);
+        }
+
+    /**
+     * Shutdown the test class.
+     */
+    @AfterClass
+    public static void shutdown()
+        {
+        stopCacheServer("AuthorizedHostsRejectedBySystemPropertyTests");
+        }
+
+    // ----- AuthorizedHostsRejectedBySystemPropertyTests tests -----------------------------
+
+   /**
+    * Ensure that non-authorized hosts fails.
+    */
+    @Test
+    public void connect()
+        {
+    	try 
+    	    {
+            getNamedCache("dist-extend-direct");
+            // we should not get here. If it does it means that an non-authorized host failed
+            // to be rejected
+            fail("Authorized hosts check did not work");
+    	    }
+    	catch (Exception e) 
+    	    {
+            // this will cause an exception due to the unauthorized host.
+    		assertTrue("Did not get expected exception", e.getMessage().indexOf("could not establish a connection") != -1);
+    	    }
+        }
+    }

prj/test/functional/extend/src/main/resources/authorized-hosts-cache-config-sysprop.xml

@@ -0,0 +1,62 @@
+<?xml version="1.0"?>
+<!--
+  Copyright (c) 2000, 2025, Oracle and/or its affiliates.
+
+  Licensed under the Universal Permissive License v 1.0 as shown at
+  https://oss.oracle.com/licenses/upl.
+  -->
+<cache-config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xmlns="http://xmlns.oracle.com/coherence/coherence-cache-config"
+              xsi:schemaLocation="http://xmlns.oracle.com/coherence/coherence-cache-config coherence-cache-config.xsd">
+
+  <caching-scheme-mapping>
+    <cache-mapping>
+      <cache-name>dist-*</cache-name>
+      <scheme-name>dist-default</scheme-name>
+    </cache-mapping>
+  </caching-scheme-mapping>
+
+  <caching-schemes>
+    <distributed-scheme>
+      <scheme-name>dist-default</scheme-name>
+      <lease-granularity>member</lease-granularity>
+      <backing-map-scheme>
+        <local-scheme/>
+      </backing-map-scheme>
+      <autostart>true</autostart>
+    </distributed-scheme>
+
+    <proxy-scheme>
+      <service-name>ProxyService</service-name>
+      <acceptor-config>
+        <tcp-acceptor>
+          <local-address>
+            <address system-property="test.extend.address.local">127.0.0.1</address>
+            <port system-property="test.extend.port">9999</port>
+          </local-address>
+          <authorized-hosts>
+            <!-- an arbitrary hostname that should never be valid -->
+            <host-address system-property="coherence.extend.authorized.hosts">127.0.0.1</host-address>
+          </authorized-hosts>
+        </tcp-acceptor>
+        <outgoing-message-handler>
+          <heartbeat-interval>5s</heartbeat-interval>
+          <heartbeat-timeout>2s</heartbeat-timeout>
+          <request-timeout>5s</request-timeout>
+        </outgoing-message-handler>
+        <serializer>
+          <instance>
+            <class-name>com.tangosol.io.pof.ConfigurablePofContext</class-name>
+            <init-params>
+              <init-param>
+                <param-type>string</param-type>
+                <param-value>extend/test-pof-config.xml</param-value>
+              </init-param>
+            </init-params>
+          </instance>
+        </serializer>
+      </acceptor-config>
+      <autostart system-property="test.extend.enabled">true</autostart>
+    </proxy-scheme>
+  </caching-schemes>
+</cache-config>