Class InetAccessHandler

java.lang.Object
org.eclipse.jetty.util.component.AbstractLifeCycle
org.eclipse.jetty.util.component.ContainerLifeCycle
org.eclipse.jetty.server.handler.AbstractHandler
org.eclipse.jetty.server.handler.AbstractHandlerContainer
org.eclipse.jetty.server.handler.HandlerWrapper
org.eclipse.jetty.server.handler.InetAccessHandler
All Implemented Interfaces:
Handler, HandlerContainer, Container, Destroyable, Dumpable, Dumpable.DumpableContainer, LifeCycle
public class InetAccessHandler extends HandlerWrapper
InetAddress Access Handler

Controls access to the wrapped handler using the real remote IP. Control is provided by and IncludeExcludeSet over a InetAddressSet. This handler uses the real internet address of the connection, not one reported in the forwarded for headers, as this cannot be as easily forged.

Additionally, there may be times when you want to only apply this handler to a subset of your connectors. In this situation you can use connectorNames to specify the connector names that you want this IP access filter to apply to.

  • Field Details

  • Constructor Details

    • InetAccessHandler

      public InetAccessHandler()

  • Method Details

    • clear

      public void clear()
      Clears all the includes, excludes, included connector names and excluded connector names.

    • include

      public void include(String pattern)
      Includes an InetAddress pattern
      Parameters:
      pattern - InetAddress pattern to include
      See Also:

    • include

      public void include(String... patterns)
      Includes InetAddress patterns
      Parameters:
      patterns - InetAddress patterns to include
      See Also:

    • exclude

      public void exclude(String pattern)
      Excludes an InetAddress pattern
      Parameters:
      pattern - InetAddress pattern to exclude
      See Also:

    • exclude

      public void exclude(String... patterns)
      Excludes InetAddress patterns
      Parameters:
      patterns - InetAddress patterns to exclude
      See Also:

    • includeConnector

      public void includeConnector(String name)
      Includes a connector name.
      Parameters:
      name - Connector name to include in this handler.

    • excludeConnector

      public void excludeConnector(String name)
      Excludes a connector name.
      Parameters:
      name - Connector name to exclude in this handler.

    • includeConnectors

      public void includeConnectors(String... names)
      Includes connector names.
      Parameters:
      names - Connector names to include in this handler.

    • excludeConnectors

      public void excludeConnectors(String... names)
      Excludes connector names.
      Parameters:
      names - Connector names to exclude in this handler.

    • handle

      public void handle(String target, Request baseRequest, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException, javax.servlet.ServletException
      Checks the incoming request against the whitelist and blacklist
      Specified by:
      handle in interface Handler
      Overrides:
      handle in class HandlerWrapper
      Parameters:
      target - The target of the request - either a URI or a name.
      baseRequest - The original unwrapped request object.
      request - The request either as the Request object or a wrapper of that request. The HttpConnection.getCurrentConnection().getHttpChannel().getRequest() method can be used access the Request object if required.
      response - The response as the Response object or a wrapper of that request. The HttpConnection.getCurrentConnection().getHttpChannel().getResponse() method can be used access the Response object if required.
      Throws:
      IOException - if unable to handle the request or response processing
      javax.servlet.ServletException - if unable to handle the request or response due to underlying servlet issue

    • isAllowed

      protected boolean isAllowed(InetAddress addr, Request baseRequest, javax.servlet.http.HttpServletRequest request)
      Checks if specified address and request are allowed by current InetAddress rules.
      Parameters:
      addr - the inetAddress to check
      baseRequest - the base request to check
      request - the HttpServletRequest request to check
      Returns:
      true if inetAddress and request are allowed

    • dump

      public void dump(Appendable out, String indent) throws IOException
      Description copied from interface: Dumpable
      Dump this object (and children) into an Appendable using the provided indent after any new lines. The indent should not be applied to the first object dumped.
      Specified by:
      dump in interface Dumpable
      Overrides:
      dump in class ContainerLifeCycle
      Parameters:
      out - The appendable to dump to
      indent - The indent to apply after any new lines.
      Throws:
      IOException - if unable to write to Appendable