diff --git a/bom/pom.xml b/bom/pom.xml
index 947f0855a2..b0d910c3ac 100644
--- a/bom/pom.xml
+++ b/bom/pom.xml
@@ -47,6 +47,8 @@
2.9.0
0.3.0
1.8.0
+ 5.7.3
+ 4.0.1
4.3.4
@@ -357,6 +359,16 @@
lz4-java
${lz4-java.version}
+
+ org.springframework.security
+ spring-security-web
+ ${spring-security-web.version}
+
+
+ javax.servlet
+ javax.servlet-api
+ ${javax.servlet-api.version}
+
io.netty
diff --git a/connectivity/service/pom.xml b/connectivity/service/pom.xml
index 10bee89462..5735b072d3 100644
--- a/connectivity/service/pom.xml
+++ b/connectivity/service/pom.xml
@@ -169,6 +169,14 @@ jmh-generator-annprocess). jmh-generator-annprocess overwrites the whole META-IN
com.fasterxml.jackson.core
jackson-annotations
+
+ org.springframework.security
+ spring-security-web
+
+
+ javax.servlet
+ javax.servlet-api
+
diff --git a/connectivity/service/src/main/java/org/eclipse/ditto/connectivity/service/messaging/validation/DefaultHostValidator.java b/connectivity/service/src/main/java/org/eclipse/ditto/connectivity/service/messaging/validation/DefaultHostValidator.java
index 4b3bcf0a4a..4bc1c68218 100644
--- a/connectivity/service/src/main/java/org/eclipse/ditto/connectivity/service/messaging/validation/DefaultHostValidator.java
+++ b/connectivity/service/src/main/java/org/eclipse/ditto/connectivity/service/messaging/validation/DefaultHostValidator.java
@@ -19,8 +19,8 @@
import java.util.stream.Collectors;
import java.util.stream.Stream;
-import org.apache.commons.net.util.SubnetUtils;
import org.eclipse.ditto.connectivity.service.config.ConnectivityConfig;
+import org.springframework.security.web.util.matcher.IpAddressMatcher;
import akka.event.LoggingAdapter;
@@ -35,7 +35,7 @@ final class DefaultHostValidator implements HostValidator {
private final Collection allowedHostnames;
private final Collection blockedAddresses;
- private final Collection blockedSubnets;
+ private final Collection blockedSubnets;
private final AddressResolver resolver;
private final Pattern hostRegexPattern;
@@ -117,8 +117,8 @@ private HostValidationResult validateInetAddressesAndSubnets(final String host)
// host is contained in the block-list --> block
return HostValidationResult.blocked(host);
}
- for (final SubnetUtils.SubnetInfo subnet : blockedSubnets) {
- if (subnet.isInRange(requestAddress.getHostAddress())) {
+ for (final IpAddressMatcher subnet : blockedSubnets) {
+ if (subnet.matches(requestAddress.getHostAddress())) {
// ip is contained in the blocked-subnet --> block
return HostValidationResult.blocked(host, "the hostname resides in a blocked subnet.");
}
@@ -163,14 +163,14 @@ private Collection calculateBlockedAddresses(final Collection calculateBlockedSubnets(final Collection blockedSubnets,
+ private Collection calculateBlockedSubnets(final Collection blockedSubnets,
final LoggingAdapter log) {
return blockedSubnets.stream()
.filter(blockedSubnet -> !blockedSubnet.isEmpty())
.flatMap(blockedSubnet -> {
try {
- return Stream.of(new SubnetUtils(blockedSubnet).getInfo());
+ return Stream.of(new IpAddressMatcher(blockedSubnet));
} catch (final IllegalArgumentException e) {
log.error(e, "Could not create subnet info during building blocked subnets set: <{}>",
blockedSubnet);