mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markus Rathgeb <maggu2...@gmail.com>
Subject FtpServer: configure programmatic
Date Mon, 05 Mar 2018 14:48:26 GMT

I would like to use the FtpServer configure the allowed remotes and
users programmatic.

Utility classes:
* AddressPlusPort: simple object that holds an inet address and a port
(wildcard for address and port is allowed)
* ConnectionInfo: an AddressPlusPort for the local endpoint and an
AddressPlusPort for the remote endpoint

I created a "SessionFilter" implementation that holds the information
about the allowed connections (a collection of "ConnectionInfo").
The accept methods checks if there is a match.

I created an "User" implementation that also stores an "InetAddress"
reference. The "InetAddress" reference is the expected remote peer
that uses that user to login.

I created an "UserManager" implementation that authenticate method
checks if the remote address matches to the address that is stored in
the user object.

At least all seems to be working.

But there is a problem to use this implementation in OSGi.

The public interface of the "UsernamePasswordAuthentication" interface
(that resides in a exported package) provides the method "public
UserMetadata getUserMetadata()".

The UserMetadata class itself that contains e.g. the remote address.
But the returned class UserMetadata resides in a non-exported package
(org.apache.ftpserver.usermanager.impl.UserMetadata). AFAIK the
exported (OSGi) API should not use / provide private stuff.

Would it be possible to create an "UserMetadata" interface that is
defined in an exported package and there is e.g. a non exported
UserMetadataImpl class that is used internally in your code?

Another problem I run into are the authorities used by the user.
If I create an user I would like to add instances of
"WritePermission", "ConcurrentLoginPermission" and
The classes itself resides in a non-exported package, so I cannot
create instances or use that classes in my OSGi code.

If you would like to have a look at my code it is available here:


The service that is provided as an OSGi component provides that interface:

The consumer can use the functions "add" and "remove" to grant or remove access.
The access is defined by an "AccessInfo" (the interface itself is
public the specific implementation is private).

A specific "AccessInfo" could be created using the

Arguments explained
* local host: used in the session filter to check if the remote
connection is established using this local host. The server is bound
to all interfaces and would like to be able to check if the incoming
connection from IP_x uses "local host" to access ourselves (wildcard
(any address) is supported)
* local port: should fit to the FTP server address or -1 if not limited
* remote host: the remote address used for the session filter and also
to limit the given username to exactly this remote address (wildcard -
(any address) is supported). (currently we "know" that username is
unique for every peer)
* remote port: if the remote port should be a special one or -1 if not limited
* username: the username (a user implementation object will be created
and added to the user manager implementation)
* password: the password for the user
* homeDir: the home directory for the user to limit the FS access


Currently I work around the non exported packages (impl) by embedding
the FTP server code into my bundle.
But how can this done by using the FtpServer bundle itself?
How to create the Authorities?
How to access USerMetadata?

Best regards,

View raw message