Code cleanup.
This commit is contained in:
parent
bc67969135
commit
fe1aed24c0
|
@ -35,94 +35,79 @@ import org.eclipse.jetty.util.InetAddressSet;
|
||||||
import org.eclipse.jetty.util.log.Log;
|
import org.eclipse.jetty.util.log.Log;
|
||||||
import org.eclipse.jetty.util.log.Logger;
|
import org.eclipse.jetty.util.log.Logger;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Inet Address Access Handler
|
* InetAddress Access Handler
|
||||||
* <p>
|
* <p>
|
||||||
* Controls access to the wrapped handler by the real remote IP. Control is provided
|
* Controls access to the wrapped handler using the real remote IP. Control is provided
|
||||||
* by and {@link IncludeExcludeSet} over a {@link InetAddressSet}. This handler
|
* by and {@link IncludeExcludeSet} over a {@link InetAddressSet}. This handler
|
||||||
* uses the real internet address of the connection, not one reported in the forwarded
|
* uses the real internet address of the connection, not one reported in the forwarded
|
||||||
* for headers, as this cannot be as easily forged.
|
* for headers, as this cannot be as easily forged.
|
||||||
* <p>
|
|
||||||
|
|
||||||
*/
|
*/
|
||||||
public class InetAccessHandler extends HandlerWrapper
|
public class InetAccessHandler extends HandlerWrapper
|
||||||
{
|
{
|
||||||
private static final Logger LOG = Log.getLogger(InetAccessHandler.class);
|
private static final Logger LOG = Log.getLogger(InetAccessHandler.class);
|
||||||
IncludeExcludeSet<String, InetAddress> _set = new IncludeExcludeSet<>(InetAddressSet.class);
|
|
||||||
|
|
||||||
/* ------------------------------------------------------------ */
|
private final IncludeExcludeSet<String, InetAddress> _set = new IncludeExcludeSet<>(InetAddressSet.class);
|
||||||
/**
|
|
||||||
* Creates new handler object
|
|
||||||
*/
|
|
||||||
public InetAccessHandler()
|
|
||||||
{
|
|
||||||
super();
|
|
||||||
}
|
|
||||||
|
|
||||||
/* ------------------------------------------------------------ */
|
|
||||||
/**
|
/**
|
||||||
* Include a InetAddress pattern
|
* Includes an InetAddress pattern
|
||||||
|
*
|
||||||
|
* @param pattern InetAddress pattern to include
|
||||||
* @see InetAddressSet
|
* @see InetAddressSet
|
||||||
* @param pattern InetAddress pattern to exclude
|
|
||||||
*/
|
*/
|
||||||
public void include(String pattern)
|
public void include(String pattern)
|
||||||
{
|
{
|
||||||
_set.include(pattern);
|
_set.include(pattern);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ------------------------------------------------------------ */
|
|
||||||
/**
|
/**
|
||||||
* Include a InetAddress pattern
|
* Includes InetAddress patterns
|
||||||
|
*
|
||||||
|
* @param patterns InetAddress patterns to include
|
||||||
* @see InetAddressSet
|
* @see InetAddressSet
|
||||||
* @param patterns InetAddress patterns to exclude
|
|
||||||
*/
|
*/
|
||||||
public void include(String... patterns)
|
public void include(String... patterns)
|
||||||
{
|
{
|
||||||
_set.include(patterns);
|
_set.include(patterns);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ------------------------------------------------------------ */
|
|
||||||
/**
|
/**
|
||||||
* Exclude a InetAddress pattern
|
* Excludes an InetAddress pattern
|
||||||
* @see InetAddressSet
|
*
|
||||||
* @param pattern InetAddress pattern to exclude
|
* @param pattern InetAddress pattern to exclude
|
||||||
|
* @see InetAddressSet
|
||||||
*/
|
*/
|
||||||
public void exclude(String pattern)
|
public void exclude(String pattern)
|
||||||
{
|
{
|
||||||
_set.exclude(pattern);
|
_set.exclude(pattern);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ------------------------------------------------------------ */
|
|
||||||
/**
|
/**
|
||||||
* Include a InetAddress pattern
|
* Excludes InetAddress patterns
|
||||||
* @see InetAddressSet
|
*
|
||||||
* @param patterns InetAddress patterns to exclude
|
* @param patterns InetAddress patterns to exclude
|
||||||
|
* @see InetAddressSet
|
||||||
*/
|
*/
|
||||||
public void exclude(String... patterns)
|
public void exclude(String... patterns)
|
||||||
{
|
{
|
||||||
_set.exclude(patterns);
|
_set.exclude(patterns);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* ------------------------------------------------------------ */
|
|
||||||
/**
|
/**
|
||||||
* Checks the incoming request against the whitelist and blacklist
|
* Checks the incoming request against the whitelist and blacklist
|
||||||
*
|
|
||||||
* @see org.eclipse.jetty.server.handler.HandlerWrapper#handle(java.lang.String, org.eclipse.jetty.server.Request, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
|
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
|
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
|
||||||
{
|
{
|
||||||
// Get the real remote IP (not the one set by the forwarded headers (which may be forged))
|
// Get the real remote IP (not the one set by the forwarded headers (which may be forged))
|
||||||
HttpChannel channel = baseRequest.getHttpChannel();
|
HttpChannel channel = baseRequest.getHttpChannel();
|
||||||
if (channel!=null)
|
if (channel != null)
|
||||||
{
|
{
|
||||||
EndPoint endp=channel.getEndPoint();
|
EndPoint endp = channel.getEndPoint();
|
||||||
if (endp!=null)
|
if (endp != null)
|
||||||
{
|
{
|
||||||
InetSocketAddress address = endp.getRemoteAddress();
|
InetSocketAddress address = endp.getRemoteAddress();
|
||||||
if (address!=null && !isAllowed(address.getAddress()))
|
if (address != null && !isAllowed(address.getAddress()))
|
||||||
{
|
{
|
||||||
response.sendError(HttpStatus.FORBIDDEN_403);
|
response.sendError(HttpStatus.FORBIDDEN_403);
|
||||||
baseRequest.setHandled(true);
|
baseRequest.setHandled(true);
|
||||||
|
@ -131,26 +116,26 @@ public class InetAccessHandler extends HandlerWrapper
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
getHandler().handle(target,baseRequest, request, response);
|
getHandler().handle(target, baseRequest, request, response);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ------------------------------------------------------------ */
|
|
||||||
/**
|
/**
|
||||||
* Check if specified request is allowed by current IPAccess rules.
|
* Check sif specified address is allowed by current IPAccess rules.
|
||||||
*
|
|
||||||
* @param address internet address
|
|
||||||
* @return true if address is allowed
|
|
||||||
*
|
*
|
||||||
|
* @param address the inetAddress to check
|
||||||
|
* @return true if inetAddress is allowed
|
||||||
*/
|
*/
|
||||||
protected boolean isAllowed(InetAddress address)
|
protected boolean isAllowed(InetAddress address)
|
||||||
{
|
{
|
||||||
return _set.test(address);
|
boolean allowed = _set.test(address);
|
||||||
|
if (LOG.isDebugEnabled())
|
||||||
|
LOG.debug("{} {} {}", this, allowed ? "allowed" : "denied", address);
|
||||||
|
return allowed;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ------------------------------------------------------------ */
|
|
||||||
@Override
|
@Override
|
||||||
public void dump(Appendable out, String indent) throws IOException
|
public void dump(Appendable out, String indent) throws IOException
|
||||||
{
|
{
|
||||||
dumpBeans(out,indent,_set.getIncluded(),_set.getExcluded());
|
dumpBeans(out, indent, _set.getIncluded(), _set.getExcluded());
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue