public class InetAccessHandler extends HandlerWrapper
Controls access to the wrapped handler using the real remote IP. Control is
provided by and IncludeExcludeSet
over a InetAddressSet
. This
handler uses the real internet address of the connection, not one reported in
the forwarded for headers, as this cannot be as easily forged.
Additionally, there may be times when you want to only apply this handler to a subset of your connectors. In this situation you can use connectorNames to specify the connector names that you want this IP access filter to apply to.
AbstractHandler.ErrorDispatchHandler
AbstractLifeCycle.AbstractLifeCycleListener
LifeCycle.Listener
Container.InheritedListener, Container.Listener
Modifier and Type | Field and Description |
---|---|
private IncludeExcludeSet<java.lang.String,java.net.InetAddress> |
_addrs |
private IncludeExclude<java.lang.String> |
_names |
private static Logger |
LOG |
_handler
Constructor and Description |
---|
InetAccessHandler() |
Modifier and Type | Method and Description |
---|---|
void |
clear()
Clears all the includes, excludes, included connector names and excluded
connector names.
|
void |
dump(java.lang.Appendable out,
java.lang.String indent)
Dump this object (and children) into an Appendable using the provided indent after any new lines.
|
void |
exclude(java.lang.String... patterns)
Excludes InetAddress patterns
|
void |
exclude(java.lang.String pattern)
Excludes an InetAddress pattern
|
void |
excludeConnector(java.lang.String name)
Excludes a connector name.
|
void |
excludeConnectors(java.lang.String... names)
Excludes connector names.
|
void |
handle(java.lang.String target,
Request baseRequest,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Checks the incoming request against the whitelist and blacklist
|
void |
include(java.lang.String... patterns)
Includes InetAddress patterns
|
void |
include(java.lang.String pattern)
Includes an InetAddress pattern
|
void |
includeConnector(java.lang.String name)
Includes a connector name.
|
void |
includeConnectors(java.lang.String... names)
Includes connector names.
|
protected boolean |
isAllowed(java.net.InetAddress addr,
Request baseRequest,
javax.servlet.http.HttpServletRequest request)
Checks if specified address and request are allowed by current InetAddress rules.
|
destroy, expandChildren, getHandler, getHandlers, insertHandler, setHandler
doShutdown, expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass, setServer
doError, doStart, doStop, getServer
addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dump, dumpBeans, dumpObject, dumpObjects, dumpStdErr, dumpThis, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, setStopTimeout, start, stop, unmanage, updateBean, updateBean, updateBeans
addLifeCycleListener, getState, getState, getStopTimeout, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop, toString
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, start, stop, stop
dumpContainer, dumpIterable, dumpMapEntries, dumpObjects, dumpSelf, named
private static final Logger LOG
private final IncludeExcludeSet<java.lang.String,java.net.InetAddress> _addrs
private final IncludeExclude<java.lang.String> _names
public void clear()
public void include(java.lang.String pattern)
pattern
- InetAddress pattern to includeInetAddressSet
public void include(java.lang.String... patterns)
patterns
- InetAddress patterns to includeInetAddressSet
public void exclude(java.lang.String pattern)
pattern
- InetAddress pattern to excludeInetAddressSet
public void exclude(java.lang.String... patterns)
patterns
- InetAddress patterns to excludeInetAddressSet
public void includeConnector(java.lang.String name)
name
- Connector name to include in this handler.public void excludeConnector(java.lang.String name)
name
- Connector name to exclude in this handler.public void includeConnectors(java.lang.String... names)
names
- Connector names to include in this handler.public void excludeConnectors(java.lang.String... names)
names
- Connector names to exclude in this handler.public void handle(java.lang.String target, Request baseRequest, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws java.io.IOException, javax.servlet.ServletException
handle
in interface Handler
handle
in class HandlerWrapper
target
- The target of the request - either a URI or a name.baseRequest
- The original unwrapped request object.request
- The request either as the Request
object or a wrapper of that request. The
HttpConnection.getCurrentConnection()
.getHttpChannel()
.getRequest()
method can be used access the Request object if required.response
- The response as the Response
object or a wrapper of that request. The
HttpConnection.getCurrentConnection()
.getHttpChannel()
.getResponse()
method can be used access the Response object if required.java.io.IOException
- if unable to handle the request or response processingjavax.servlet.ServletException
- if unable to handle the request or response due to underlying servlet issueprotected boolean isAllowed(java.net.InetAddress addr, Request baseRequest, javax.servlet.http.HttpServletRequest request)
addr
- the inetAddress to checkbaseRequest
- the base request to checkrequest
- the HttpServletRequest request to checkpublic void dump(java.lang.Appendable out, java.lang.String indent) throws java.io.IOException
Dumpable
dump
in interface Dumpable
dump
in class ContainerLifeCycle
out
- The appendable to dump toindent
- The indent to apply after any new lines.java.io.IOException
- if unable to write to Appendable