org.eclipse.jetty.server.handler
Class IPAccessHandler
java.lang.Object
org.eclipse.jetty.util.component.AbstractLifeCycle
org.eclipse.jetty.server.handler.AbstractHandler
org.eclipse.jetty.server.handler.AbstractHandlerContainer
org.eclipse.jetty.server.handler.HandlerWrapper
org.eclipse.jetty.server.handler.IPAccessHandler
- All Implemented Interfaces:
- Handler, HandlerContainer, LifeCycle
public class IPAccessHandler
- extends HandlerWrapper
IP Access Handler
Control access to the wrapped handler by the real remote IP.
The real IP of the connection is used (not the IP reported in the forwarded for headers),
as this cannot be as easily forged.
Control is provided by white/black lists of both internet addresses and URIs.
Internet addresses may be absolute (eg 10.1.2.3) or a prefix pattern (eg 10.1.3. ).
URI patterns follow the servlet specification for simple prefix and suffix wild cards.
An empty white list is treated as match all. If there is at least one entry in the
white list, then a request must match a white list entry. Black list entries are always
appied, so that even if an entry matches the white list, a black list entry will override.
Examples of match specifications are:
- 10.1.2.3 - all requests from IP 10.1.2.3
- 10.1.2.3/foo/bar - all requests from IP 10.1.2.3 to URI /foo/bar
- 10.1.2.3/foo/* - all requests from IP 10.1.2.3 to URIs starting with /foo/
- 10.1.2.3/*.html - all requests from IP 10.1.2.3 to URIs ending with .html
- 10.1. - all requests from IPs starting with 10.1.
- 10.1./foo/bar - all requests from IPs starting with 10.1. to URI /foo/bar
- 10.1./foo/* - all requests from IPs starting with 10.1. to URIs starting with /foo/
Typically, the black/white lists will be used in one of three modes:
Blocking a few specific IPs/URLs by specifying several black list entries.
Allowing only some specific IPs/URLs by specifying several white lists entries.
Allowing a general range of IPs/URLs by specifying serveral general white list
entries, that are then further refined by several specific black list exceptions
Method Summary |
protected void |
add(String addrPath,
Map<String,PathMap> addrMap,
List<String> patternList)
|
void |
addBlack(String addrPath)
|
void |
addWhite(String addrPath)
|
void |
handle(String target,
Request baseRequest,
HttpServletRequest request,
HttpServletResponse response)
Handle a request. |
protected boolean |
isAddrUriAllowed(String addr,
String path)
|
protected void |
set(String[] addrPaths,
Map<String,PathMap> addrMap,
List<String> patternList)
|
void |
setBlack(String[] addrPaths)
|
void |
setWhite(String[] addrPaths)
|
Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle |
addLifeCycleListener, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop |
IPAccessHandler
public IPAccessHandler()
addBlack
public void addBlack(String addrPath)
addWhite
public void addWhite(String addrPath)
setBlack
public void setBlack(String[] addrPaths)
setWhite
public void setWhite(String[] addrPaths)
handle
public void handle(String target,
Request baseRequest,
HttpServletRequest request,
HttpServletResponse response)
throws IOException,
ServletException
- Description copied from interface:
Handler
- Handle a request.
- Specified by:
handle
in interface Handler
- Overrides:
handle
in class HandlerWrapper
- Parameters:
target
- The target of the request - either a URI or a name.baseRequest
- The original unwrapped request object.request
- The request either as the Request
object or a wrapper of that request. The HttpConnection.getCurrentConnection()
method can be used access the Request object if required.response
- The response as the Response
object or a wrapper of that request. The HttpConnection.getCurrentConnection()
method can be used access the Response object if required.
- Throws:
IOException
ServletException
add
protected void add(String addrPath,
Map<String,PathMap> addrMap,
List<String> patternList)
set
protected void set(String[] addrPaths,
Map<String,PathMap> addrMap,
List<String> patternList)
isAddrUriAllowed
protected boolean isAddrUriAllowed(String addr,
String path)
Copyright © 1995-2010 Mort Bay Consulting. All Rights Reserved.