org.eclipse.jetty.server.handler
Class IPAccessHandler

java.lang.Object
  org.eclipse.jetty.util.component.AbstractLifeCycle
      org.eclipse.jetty.server.handler.AbstractHandler
          org.eclipse.jetty.server.handler.AbstractHandlerContainer
              org.eclipse.jetty.server.handler.HandlerWrapper
                  org.eclipse.jetty.server.handler.IPAccessHandler

All Implemented Interfaces:

Handler, HandlerContainer, LifeCycle

public class IPAccessHandler
extends HandlerWrapper

IP Access Handler

Control access to the wrapped handler by the real remote IP. The real IP of the connection is used (not the IP reported in the forwarded for headers), as this cannot be as easily forged.

Control is provided by white/black lists of both internet addresses and URIs. Internet addresses may be absolute (eg 10.1.2.3) or a prefix pattern (eg 10.1.3. ). URI patterns follow the servlet specification for simple prefix and suffix wild cards.

An empty white list is treated as match all. If there is at least one entry in the white list, then a request must match a white list entry. Black list entries are always appied, so that even if an entry matches the white list, a black list entry will override.

Examples of match specifications are:

• 10.1.2.3 - all requests from IP 10.1.2.3
• 10.1.2.3/foo/bar - all requests from IP 10.1.2.3 to URI /foo/bar
• 10.1.2.3/foo/* - all requests from IP 10.1.2.3 to URIs starting with /foo/
• 10.1.2.3/*.html - all requests from IP 10.1.2.3 to URIs ending with .html
• 10.1. - all requests from IPs starting with 10.1.
• 10.1./foo/bar - all requests from IPs starting with 10.1. to URI /foo/bar
• 10.1./foo/* - all requests from IPs starting with 10.1. to URIs starting with /foo/

Typically, the black/white lists will be used in one of three modes:

Blocking a few specific IPs/URLs by specifying several black list entries.

Allowing only some specific IPs/URLs by specifying several white lists entries.

Allowing a general range of IPs/URLs by specifying serveral general white list entries, that are then further refined by several specific black list exceptions

Nested Class Summary

Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

AbstractLifeCycle.AbstractLifeCycleListener

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle

LifeCycle.Listener

Field Summary

Fields inherited from class org.eclipse.jetty.server.handler.HandlerWrapper

_handler

Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

_listeners, FAILED, RUNNING, STARTED, STARTING, STOPPED, STOPPING

Constructor Summary

IPAccessHandler()

Method Summary

protected void	add(String addrPath, Map<String,PathMap> addrMap, List<String> patternList)
void	addBlack(String addrPath)
void	addWhite(String addrPath)
void	handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) Handle a request.
protected boolean	isAddrUriAllowed(String addr, String path)
protected void	set(String[] addrPaths, Map<String,PathMap> addrMap, List<String> patternList)
void	setBlack(String[] addrPaths)
void	setWhite(String[] addrPaths)

Methods inherited from class org.eclipse.jetty.server.handler.HandlerWrapper

doStart, doStop, expandChildren, getHandler, getHandlers, setHandler, setServer

Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandlerContainer

dump, expandHandler, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass

Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandler

destroy, dump, getServer, toString

Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

addLifeCycleListener, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.eclipse.jetty.util.component.LifeCycle

addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop

Constructor Detail

IPAccessHandler

public IPAccessHandler()

Method Detail

addBlack

public void addBlack(String addrPath)

addWhite

public void addWhite(String addrPath)

setBlack

public void setBlack(String[] addrPaths)

setWhite

public void setWhite(String[] addrPaths)

handle

public void handle(String target,
                   Request baseRequest,
                   HttpServletRequest request,
                   HttpServletResponse response)
            throws IOException,
                   ServletException

Description copied from interface: Handler

Handle a request.

Specified by:

handle in interface Handler

Overrides:

handle in class HandlerWrapper

Parameters:

target - The target of the request - either a URI or a name.

baseRequest - The original unwrapped request object.

request - The request either as the Request object or a wrapper of that request. The HttpConnection.getCurrentConnection() method can be used access the Request object if required.

response - The response as the Response object or a wrapper of that request. The HttpConnection.getCurrentConnection() method can be used access the Response object if required.

Throws:

IOException

ServletException

add

protected void add(String addrPath,
                   Map<String,PathMap> addrMap,
                   List<String> patternList)

set

protected void set(String[] addrPaths,
                   Map<String,PathMap> addrMap,
                   List<String> patternList)

isAddrUriAllowed

protected boolean isAddrUriAllowed(String addr,
                                   String path)