X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?a=blobdiff_plain;ds=sidebyside;f=opendaylight%2Fnetconf%2Fnetconf-util%2Fsrc%2Fmain%2Fjava%2Forg%2Fopendaylight%2Fcontroller%2Fnetconf%2Futil%2Fosgi%2FNetconfConfigUtil.java;h=b23a2d6697b2ab5623431741fb0ecb374cb22411;hb=1ded3b4311dc761d39c132f9f38fcceb761ea997;hp=f2f0419b9d87392324fcd4444d741e464f50f074;hpb=6e5e1650f635c6c817a3eaf8cd2893aa030d3324;p=controller.git

diff --git a/opendaylight/netconf/netconf-util/src/main/java/org/opendaylight/controller/netconf/util/osgi/NetconfConfigUtil.java b/opendaylight/netconf/netconf-util/src/main/java/org/opendaylight/controller/netconf/util/osgi/NetconfConfigUtil.java
index f2f0419b9d..b23a2d6697 100644
--- a/opendaylight/netconf/netconf-util/src/main/java/org/opendaylight/controller/netconf/util/osgi/NetconfConfigUtil.java
+++ b/opendaylight/netconf/netconf-util/src/main/java/org/opendaylight/controller/netconf/util/osgi/NetconfConfigUtil.java
@@ -17,12 +17,12 @@ import java.net.InetSocketAddress;
 
 import static com.google.common.base.Preconditions.checkNotNull;
 
-public class NetconfConfigUtil {
+public final class NetconfConfigUtil {
     private static final Logger logger = LoggerFactory.getLogger(NetconfConfigUtil.class);
 
     private static final String PREFIX_PROP = "netconf.";
 
-
+    private NetconfConfigUtil() {}
 
     private enum InfixProp {
         tcp, ssh
@@ -54,10 +54,15 @@ public class NetconfConfigUtil {
 
         Optional<InetSocketAddress> inetSocketAddressOptional = extractSomeNetconfAddress(context, InfixProp.tcp, exceptionMessageIfNotFound, forClient);
 
-        if (inetSocketAddressOptional.isPresent() == false) {
+        if (!inetSocketAddressOptional.isPresent()) {
             throw new IllegalStateException("Netconf tcp address not found." + exceptionMessageIfNotFound);
         }
-        return inetSocketAddressOptional.get();
+        InetSocketAddress inetSocketAddress = inetSocketAddressOptional.get();
+        if (inetSocketAddress.getAddress().isAnyLocalAddress()) {
+            logger.warn("Unprotected netconf TCP address is configured to ANY local address. This is a security risk. " +
+                    "Consider changing {} to 127.0.0.1", PREFIX_PROP + InfixProp.tcp + ADDRESS_SUFFIX_PROP);
+        }
+        return inetSocketAddress;
     }
 
     public static Optional<InetSocketAddress> extractSSHNetconfAddress(BundleContext context, String exceptionMessage) {