Code cleanup.
This commit is contained in:
Simone Bordet
parent
bc67969135
commit
fe1aed24c0
|
|
@ -35,94 +35,79 @@ import org.eclipse.jetty.util.InetAddressSet;
|
|||
import org.eclipse.jetty.util.log.Log;
|
||||
import org.eclipse.jetty.util.log.Logger;
|
||||
|
||||
|
||||
/**
|
||||
* Inet Address Access Handler
|
||||
* InetAddress Access Handler
|
||||
* <p>
|
||||
* Controls access to the wrapped handler by the real remote IP. Control is provided
|
||||
* Controls access to the wrapped handler using the real remote IP. Control is provided
|
||||
* by and {@link IncludeExcludeSet} over a {@link InetAddressSet}. This handler
|
||||
* uses the real internet address of the connection, not one reported in the forwarded
|
||||
* for headers, as this cannot be as easily forged.
|
||||
* <p>
|
||||
|
||||
*/
|
||||
public class InetAccessHandler extends HandlerWrapper
|
||||
{
|
||||
private static final Logger LOG = Log.getLogger(InetAccessHandler.class);
|
||||
IncludeExcludeSet<String, InetAddress> _set = new IncludeExcludeSet<>(InetAddressSet.class);
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
/**
|
||||
* Creates new handler object
|
||||
*/
|
||||
public InetAccessHandler()
|
||||
{
|
||||
super();
|
||||
}
|
||||
private final IncludeExcludeSet<String, InetAddress> _set = new IncludeExcludeSet<>(InetAddressSet.class);
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
/**
|
||||
* Include a InetAddress pattern
|
||||
* Includes an InetAddress pattern
|
||||
*
|
||||
* @param pattern InetAddress pattern to include
|
||||
* @see InetAddressSet
|
||||
* @param pattern InetAddress pattern to exclude
|
||||
*/
|
||||
public void include(String pattern)
|
||||
{
|
||||
_set.include(pattern);
|
||||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
|
||||
/**
|
||||
* Include a InetAddress pattern
|
||||
* Includes InetAddress patterns
|
||||
*
|
||||
* @param patterns InetAddress patterns to include
|
||||
* @see InetAddressSet
|
||||
* @param patterns InetAddress patterns to exclude
|
||||
*/
|
||||
public void include(String... patterns)
|
||||
{
|
||||
_set.include(patterns);
|
||||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
|
||||
/**
|
||||
* Exclude a InetAddress pattern
|
||||
* @see InetAddressSet
|
||||
* Excludes an InetAddress pattern
|
||||
*
|
||||
* @param pattern InetAddress pattern to exclude
|
||||
* @see InetAddressSet
|
||||
*/
|
||||
public void exclude(String pattern)
|
||||
{
|
||||
_set.exclude(pattern);
|
||||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
|
||||
/**
|
||||
* Include a InetAddress pattern
|
||||
* @see InetAddressSet
|
||||
* Excludes InetAddress patterns
|
||||
*
|
||||
* @param patterns InetAddress patterns to exclude
|
||||
* @see InetAddressSet
|
||||
*/
|
||||
public void exclude(String... patterns)
|
||||
{
|
||||
_set.exclude(patterns);
|
||||
}
|
||||
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
/**
|
||||
* Checks the incoming request against the whitelist and blacklist
|
||||
*
|
||||
* @see org.eclipse.jetty.server.handler.HandlerWrapper#handle(java.lang.String, org.eclipse.jetty.server.Request, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
|
||||
*/
|
||||
@Override
|
||||
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
|
||||
{
|
||||
// Get the real remote IP (not the one set by the forwarded headers (which may be forged))
|
||||
HttpChannel channel = baseRequest.getHttpChannel();
|
||||
if (channel!=null)
|
||||
if (channel != null)
|
||||
{
|
||||
EndPoint endp=channel.getEndPoint();
|
||||
if (endp!=null)
|
||||
EndPoint endp = channel.getEndPoint();
|
||||
if (endp != null)
|
||||
{
|
||||
InetSocketAddress address = endp.getRemoteAddress();
|
||||
if (address!=null && !isAllowed(address.getAddress()))
|
||||
if (address != null && !isAllowed(address.getAddress()))
|
||||
{
|
||||
response.sendError(HttpStatus.FORBIDDEN_403);
|
||||
baseRequest.setHandled(true);
|
||||
|
|
@ -131,26 +116,26 @@ public class InetAccessHandler extends HandlerWrapper
|
|||
}
|
||||
}
|
||||
|
||||
getHandler().handle(target,baseRequest, request, response);
|
||||
getHandler().handle(target, baseRequest, request, response);
|
||||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
/**
|
||||
* Check if specified request is allowed by current IPAccess rules.
|
||||
*
|
||||
* @param address internet address
|
||||
* @return true if address is allowed
|
||||
* Check sif specified address is allowed by current IPAccess rules.
|
||||
*
|
||||
* @param address the inetAddress to check
|
||||
* @return true if inetAddress is allowed
|
||||
*/
|
||||
protected boolean isAllowed(InetAddress address)
|
||||
{
|
||||
return _set.test(address);
|
||||
boolean allowed = _set.test(address);
|
||||
if (LOG.isDebugEnabled())
|
||||
LOG.debug("{} {} {}", this, allowed ? "allowed" : "denied", address);
|
||||
return allowed;
|
||||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
@Override
|
||||
public void dump(Appendable out, String indent) throws IOException
|
||||
{
|
||||
dumpBeans(out,indent,_set.getIncluded(),_set.getExcluded());
|
||||
dumpBeans(out, indent, _set.getIncluded(), _set.getExcluded());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue