Package org.eclipse.jetty.server.handler

Class InetAccessHandler

java.lang.Object
org.eclipse.jetty.util.component.AbstractLifeCycle
org.eclipse.jetty.util.component.ContainerLifeCycle
org.eclipse.jetty.server.handler.AbstractHandler
org.eclipse.jetty.server.handler.AbstractHandlerContainer
org.eclipse.jetty.server.handler.HandlerWrapper
org.eclipse.jetty.server.handler.InetAccessHandler
All Implemented Interfaces:
Handler, HandlerContainer, Container, Destroyable, Dumpable, Dumpable.DumpableContainer, LifeCycle
public class InetAccessHandler extends HandlerWrapper
InetAddress Access Handler

Controls access to the wrapped handler using the real remote IP. Control is provided by and IncludeExcludeSet over a InetAddressSet. This handler uses the real internet address of the connection, not one reported in the forwarded for headers, as this cannot be as easily forged.

  • Constructor Details

    • InetAccessHandler

      public InetAccessHandler()

  • Method Details

    • clear

      public void clear()
      Clears all the includes, excludes, included connector names and excluded connector names.

    • include

      public void include(String pattern)
      Includes an InetAccess pattern with an optional connector name, address and URI mapping.

      The connector name is separated from the InetAddress pattern with an '@' character, and the InetAddress pattern is separated from the URI pattern using the "|" (pipe) character. URI patterns follow the servlet specification for simple * prefix and suffix wild cards (e.g. /, /foo, /foo/bar, /foo/bar/*, *.baz).


      Examples:
      • "connector1@127.0.0.1|/foo"
      • "127.0.0.1|/foo"
      • "connector1@127.0.0.1"
      • "127.0.0.1"
      Parameters:
      pattern - InetAccess pattern to include
      See Also:

    • include

      public void include(String... patterns)
      Includes InetAccess patterns
      Parameters:
      patterns - InetAddress patterns to include
      See Also:

    • include

      public void include(String connectorName, String addressPattern, PathSpec pathSpec)
      Includes an InetAccess entry.
      Parameters:
      connectorName - optional name of a connector to include.
      addressPattern - optional InetAddress pattern to include.
      pathSpec - optional pathSpec to include.

    • exclude

      public void exclude(String pattern)
      Excludes an InetAccess entry pattern with an optional connector name, address and URI mapping.

      The connector name is separated from the InetAddress pattern with an '@' character, and the InetAddress pattern is separated from the URI pattern using the "|" (pipe) character. URI patterns follow the servlet specification for simple * prefix and suffix wild cards (e.g. /, /foo, /foo/bar, /foo/bar/*, *.baz).


      Examples:
      • "connector1@127.0.0.1|/foo"
      • "127.0.0.1|/foo"
      • "connector1@127.0.0.1"
      • "127.0.0.1"
      Parameters:
      pattern - InetAddress pattern to exclude
      See Also:

    • exclude

      public void exclude(String... patterns)
      Excludes InetAccess patterns
      Parameters:
      patterns - InetAddress patterns to exclude
      See Also:

    • exclude

      public void exclude(String connectorName, String addressPattern, PathSpec pathSpec)
      Excludes an InetAccess entry.
      Parameters:
      connectorName - optional name of a connector to exclude.
      addressPattern - optional InetAddress pattern to exclude.
      pathSpec - optional pathSpec to exclude.

    • includeConnector

      @Deprecated public void includeConnector(String name)
      Deprecated.
      use include(String) instead.
      Includes a connector name.
      Parameters:
      name - Connector name to include in this handler.

    • excludeConnector

      @Deprecated public void excludeConnector(String name)
      Deprecated.
      use include(String) instead.
      Excludes a connector name.
      Parameters:
      name - Connector name to exclude in this handler.

    • includeConnectors

      @Deprecated public void includeConnectors(String... names)
      Deprecated.
      use include(String) instead.
      Includes connector names.
      Parameters:
      names - Connector names to include in this handler.

    • excludeConnectors

      @Deprecated public void excludeConnectors(String... names)
      Deprecated.
      use include(String) instead.
      Excludes connector names.
      Parameters:
      names - Connector names to exclude in this handler.

    • handle

      public void handle(String target, Request baseRequest, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException, jakarta.servlet.ServletException
      Checks the incoming request against the whitelist and blacklist
      Specified by:
      handle in interface Handler
      Overrides:
      handle in class HandlerWrapper
      Parameters:
      target - The target of the request - either a URI or a name.
      baseRequest - The original unwrapped request object.
      request - The request either as the Request object or a wrapper of that request. The HttpConnection.getCurrentConnection().getHttpChannel().getRequest() method can be used access the Request object if required.
      response - The response as the Response object or a wrapper of that request. The HttpConnection.getCurrentConnection().getHttpChannel().getResponse() method can be used access the Response object if required.
      Throws:
      IOException - if unable to handle the request or response processing
      jakarta.servlet.ServletException - if unable to handle the request or response due to underlying servlet issue

    • isAllowed

      protected boolean isAllowed(InetAddress addr, Request baseRequest, jakarta.servlet.http.HttpServletRequest request)
      Checks if specified address and request are allowed by current InetAddress rules.
      Parameters:
      addr - the inetAddress to check
      baseRequest - the base request to check
      request - the HttpServletRequest request to check
      Returns:
      true if inetAddress and request are allowed

    • dump

      public void dump(Appendable out, String indent) throws IOException
      Description copied from interface: Dumpable
      Dump this object (and children) into an Appendable using the provided indent after any new lines. The indent should not be applied to the first object dumped.
      Specified by:
      dump in interface Dumpable
      Overrides:
      dump in class ContainerLifeCycle
      Parameters:
      out - The appendable to dump to
      indent - The indent to apply after any new lines.
      Throws:
      IOException - if unable to write to Appendable