Class InetAccessHandler

  • All Implemented Interfaces:
    Handler, HandlerContainer, Container, Destroyable, Dumpable, LifeCycle

    public class InetAccessHandler
    extends HandlerWrapper
    InetAddress Access Handler

    Controls access to the wrapped handler using the real remote IP. Control is provided by and IncludeExcludeSet over a InetAddressSet. This handler uses the real internet address of the connection, not one reported in the forwarded for headers, as this cannot be as easily forged.

    Additionally, there may be times when you want to only apply this handler to a subset of your connectors. In this situation you can use connectorNames to specify the connector names that you want this IP access filter to apply to.

    • Constructor Detail

      • InetAccessHandler

        public InetAccessHandler()
    • Method Detail

      • clear

        public void clear()
        Clears all the includes, excludes, included connector names and excluded connector names.
      • include

        public void include​(java.lang.String pattern)
        Includes an InetAddress pattern
        Parameters:
        pattern - InetAddress pattern to include
        See Also:
        InetAddressSet
      • include

        public void include​(java.lang.String... patterns)
        Includes InetAddress patterns
        Parameters:
        patterns - InetAddress patterns to include
        See Also:
        InetAddressSet
      • exclude

        public void exclude​(java.lang.String pattern)
        Excludes an InetAddress pattern
        Parameters:
        pattern - InetAddress pattern to exclude
        See Also:
        InetAddressSet
      • exclude

        public void exclude​(java.lang.String... patterns)
        Excludes InetAddress patterns
        Parameters:
        patterns - InetAddress patterns to exclude
        See Also:
        InetAddressSet
      • includeConnector

        public void includeConnector​(java.lang.String name)
        Includes a connector name.
        Parameters:
        name - Connector name to include in this handler.
      • excludeConnector

        public void excludeConnector​(java.lang.String name)
        Excludes a connector name.
        Parameters:
        name - Connector name to exclude in this handler.
      • includeConnectors

        public void includeConnectors​(java.lang.String... names)
        Includes connector names.
        Parameters:
        names - Connector names to include in this handler.
      • excludeConnectors

        public void excludeConnectors​(java.lang.String... names)
        Excludes connector names.
        Parameters:
        names - Connector names to exclude in this handler.
      • handle

        public void handle​(java.lang.String target,
                           Request baseRequest,
                           javax.servlet.http.HttpServletRequest request,
                           javax.servlet.http.HttpServletResponse response)
                    throws java.io.IOException,
                           javax.servlet.ServletException
        Checks the incoming request against the whitelist and blacklist
        Specified by:
        handle in interface Handler
        Overrides:
        handle in class HandlerWrapper
        Parameters:
        target - The target of the request - either a URI or a name.
        baseRequest - The original unwrapped request object.
        request - The request either as the Request object or a wrapper of that request. The HttpConnection.getCurrentConnection().getHttpChannel().getRequest() method can be used access the Request object if required.
        response - The response as the Response object or a wrapper of that request. The HttpConnection.getCurrentConnection().getHttpChannel().getResponse() method can be used access the Response object if required.
        Throws:
        java.io.IOException - if unable to handle the request or response processing
        javax.servlet.ServletException - if unable to handle the request or response due to underlying servlet issue
      • isAllowed

        protected boolean isAllowed​(java.net.InetAddress addr,
                                    Request baseRequest,
                                    javax.servlet.http.HttpServletRequest request)
        Checks if specified address and request are allowed by current InetAddress rules.
        Parameters:
        addr - the inetAddress to check
        baseRequest - the base request to check
        request - the HttpServletRequest request to check
        Returns:
        true if inetAddress and request are allowed
      • dump

        public void dump​(java.lang.Appendable out,
                         java.lang.String indent)
                  throws java.io.IOException
        Description copied from interface: Dumpable
        Dump this object (and children) into an Appendable using the provided indent after any new lines. The indent should not be applied to the first object dumped.
        Specified by:
        dump in interface Dumpable
        Overrides:
        dump in class ContainerLifeCycle
        Parameters:
        out - The appendable to dump to
        indent - The indent to apply after any new lines.
        Throws:
        java.io.IOException - if unable to write to Appendable