RemoteHostFilter


1   /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10  * the License, or (at your option) any later version.
11  *
12  * This software is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this software; if not, write to the Free
19  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21  */
22  package org.jboss.web.tomcat.filters;
23  
24  import java.io.IOException  ;
25  import javax.servlet.Filter  ;
26  import javax.servlet.FilterChain  ;
27  import javax.servlet.FilterConfig  ;
28  import javax.servlet.ServletException  ;
29  import javax.servlet.ServletRequest  ;
30  import javax.servlet.ServletResponse  ;
31  import javax.servlet.http.HttpServletRequest  ;
32  import javax.servlet.http.HttpServletResponse  ;
33  
34  import org.jboss.logging.Logger;
35  
36  /**
37   * Accept or deny a request based on the IP address of the client who made the
38   * request.  JDK 1.4 or higher is required.
39   * <p/>
40   * This filter is configured by setting the "allow" and/or "deny" properties to
41   * a comma-delimited list of regular expressions (in the syntax supported by the
42   * java.util.regex package) to which the client IP address will be compared.
43   * <p/>
44   * <filter>
45   * <filter-name>RemoteHostFilter</filter-name>
46   * <filter-class>org.jboss.remotehostfilter.RemoteHostFilter</filter-class>
47   * <init-param>
48   * <param-name>deny</param-name>
49   * <param-value>128.0.*,192.4.5.7</param-value>
50   * </init-param>
51   * <init-param>
52   * <param-name>allow</param-name>
53   * <param-value>192.4.5.6,127.0.0.*</param-value>
54   * </init-param>
55   * </filter>
56   * <p/>
57   * Evaluation proceeds as follows:
58   * <p/>
59   * If there are any deny expressions configured, the IP will be compared to each
60   * expression. If a match is found, this request will be rejected with a
61   * "Forbidden" HTTP response.
62   * If there are any allow expressions configured, the IP will be compared to
63   * each such expression. If a match is NOT found, this request will be rejected
64   * with a "Forbidden" HTTP response.
65   * Otherwise, the request will be rejected with a "Forbidden" HTTP response.
66   *
67   * @author Stan Silvert
68   * @version $Revision: 37459 $
69   */
70  public class RemoteHostFilter implements Filter  
71  {
72     private static final Logger log = Logger.getLogger(RemoteHostFilter.class);
73     /** The list of hosts explicitly allowed */
74     private String  [] allow;
75     /** The list of hosts explicitly denied */
76     private String  [] deny;
77     /** The trace level log falg */
78     private boolean trace;
79  
80     private FilterConfig   filterConfig = null;
81  
82     public RemoteHostFilter()
83     {
84        trace = log.isTraceEnabled();
85     }
86  
87     /**
88      * @param request The servlet request we are processing
89      * @param response  The servlet response we are creating
90      * @param chain   The filter chain we are processing
91      * @throws IOException      if an input/output error occurs
92      * @throws ServletException if a servlet error occurs
93      */
94     public void doFilter(ServletRequest   request,
95                          ServletResponse   response,
96                          FilterChain   chain)
97        throws IOException  , ServletException  
98     {
99        String   clientAddr = request.getRemoteAddr();
100       if( trace )
101          log.trace("Client addres is: " + clientAddr);
102 
103       if (hasMatch(clientAddr, deny))
104       {
105          handleInvalidAccess(request, response, clientAddr);
106          return;
107       }
108 
109       if ((allow.length > 0) && !hasMatch(clientAddr, allow))
110       {
111          handleInvalidAccess(request, response, clientAddr);
112          return;
113       }
114 
115       chain.doFilter(request, response);
116    }
117 
118    private void handleInvalidAccess(ServletRequest   request,
119                                     ServletResponse   response,
120                                     String   clientAddr) throws IOException  
121    {
122       HttpServletRequest   httpRequest = (HttpServletRequest  ) request;
123       HttpServletResponse   httpResponse = (HttpServletResponse  ) response;
124       String   url = httpRequest.getRequestURL().toString();
125       if( trace )
126          log.trace("Invalid access attempt to " + url + " from " + clientAddr);
127       httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
128    }
129 
130    private boolean hasMatch(String   clientAddr, String  [] regExps)
131    {
132       for (int i = 0; i < regExps.length; i++)
133       {
134          if (clientAddr.matches(regExps[i]))
135             return true;
136       }
137 
138       return false;
139    }
140 
141    /**
142     * Destroy method for this filter
143     */
144    public void destroy()
145    {
146       this.filterConfig = null;
147       this.allow = null;
148       this.deny = null;
149    }
150 
151 
152    /**
153     * Init method for this filter
154     */
155    public void init(FilterConfig   filterConfig)
156    {
157       this.filterConfig = filterConfig;
158       this.allow = extractRegExps(filterConfig.getInitParameter("allow"));
159       this.deny = extractRegExps(filterConfig.getInitParameter("deny"));
160    }
161 
162    private String  [] extractRegExps(String   initParam)
163    {
164       if (initParam == null)
165       {
166          return new String  [0];
167       }
168       else
169       {
170          return initParam.split(",");
171       }
172    }
173 
174    /**
175     * Return a String representation of this object.
176     */
177    public String   toString()
178    {
179       if (filterConfig == null) return ("ClientAddrFilter()");
180       StringBuffer   sb = new StringBuffer  ("ClientAddrFilter(");
181       sb.append(filterConfig);
182       sb.append(")");
183       return sb.toString();
184    }
185 
186 }
187
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags