package org.jboss.remotehostfilter;import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;/** * Accept or deny a request based on the IP address of the client who made the * request. JDK 1.4 or higher is required. * * This filter is configured by setting the "allow" and/or "deny" properties to a comma-delimited list of regular expressions * (in the syntax supported by the java.util.regex package) to which the client IP address will be compared. * * <filter> * <filter-name>RemoteHostFilter</filter-name> * <filter-class>org.jboss.remotehostfilter.RemoteHostFilter</filter-class> * <init-param> * <param-name>deny</param-name> * <param-value>128.0.*,192.4.5.7</param-value> * </init-param> * <init-param> * <param-name>allow</param-name> * <param-value>192.4.5.6,127.0.0.*</param-value> * </init-param> * </filter> * * Evaluation proceeds as follows: * * If there are any deny expressions configured, the IP will be compared to each expression. If a match is found, this request will be rejected with a "Forbidden" HTTP response. * If there are any allow expressions configured, the IP will be compared to each such expression. If a match is NOT found, this request will be rejected with a "Forbidden" HTTP response. * Otherwise, the request will continue normally. * * @author Stan Silvert */public class RemoteHostFilter implements Filter {
private String[] allow; private String[] deny;
private FilterConfig filterConfig = null;
public RemoteHostFilter() { }
/** * * @param request The servlet request we are processing * @param result The servlet response we are creating * @param chain The filter chain we are processing * * @exception IOException if an input/output error occurs * @exception ServletException if a servlet error occurs */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { String clientAddr = request.getRemoteAddr();
if (hasMatch(clientAddr, deny)) { handleInvalidAccess(request, response, clientAddr); return; }
private boolean hasMatch(String clientAddr, String[] regExps) { for (int i=0; i < regExps.length; i++) { if (clientAddr.matches(regExps[i])) return true; }
return false; }
/** * Destroy method for this filter * */ public void destroy() { this.filterConfig = null; this.allow = null; this.deny = null; }
/** * Init method for this filter * */ public void init(FilterConfig filterConfig) { this.filterConfig = filterConfig; this.allow = extractRegExps(filterConfig.getInitParameter("allow")); this.deny = extractRegExps(filterConfig.getInitParameter("deny")); }
private String[] extractRegExps(String initParam) { if (initParam == null) { return new String[0]; } else { return initParam.split(","); } }
/** * Return a String representation of this object. */ public String toString() { if (filterConfig == null) return ("ClientAddrFilter()"); StringBuffer sb = new StringBuffer("ClientAddrFilter("); sb.append(filterConfig); sb.append(")"); return (sb.toString()); }}
<filter>
<filter-name>EncodingFilter</filter-name>
<filter-class>com.ilongman.acs.web.EncodingFilter</filter-class>
</filter>
<filter>
<filter-name>RemoteHostFilter</filter-name>
<filter-class>org.jboss.remotehostfilter.RemoteHostFilter</filter-class>
<init-param>
<param-name>allow</param-name>
<param-value>192.168.168.*,127.0.0.*,210.3.23.222,202.177.25.243,202.177.25.248</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>RemoteHostFilter</filter-name>
<url-pattern>/App/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>EncodingFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
package org.jboss.remotehostfilter;import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;/**
* Accept or deny a request based on the IP address of the client who made the
* request. JDK 1.4 or higher is required.
*
* This filter is configured by setting the "allow" and/or "deny" properties to a comma-delimited list of regular expressions
* (in the syntax supported by the java.util.regex package) to which the client IP address will be compared.
*
* <filter>
* <filter-name>RemoteHostFilter</filter-name>
* <filter-class>org.jboss.remotehostfilter.RemoteHostFilter</filter-class>
* <init-param>
* <param-name>deny</param-name>
* <param-value>128.0.*,192.4.5.7</param-value>
* </init-param>
* <init-param>
* <param-name>allow</param-name>
* <param-value>192.4.5.6,127.0.0.*</param-value>
* </init-param>
* </filter>
*
* Evaluation proceeds as follows:
*
* If there are any deny expressions configured, the IP will be compared to each expression. If a match is found, this request will be rejected with a "Forbidden" HTTP response.
* If there are any allow expressions configured, the IP will be compared to each such expression. If a match is NOT found, this request will be rejected with a "Forbidden" HTTP response.
* Otherwise, the request will continue normally.
*
* @author Stan Silvert
*/public class RemoteHostFilter implements Filter {
private String[] allow;
private String[] deny;
private FilterConfig filterConfig = null;
public RemoteHostFilter() {
}
/**
*
* @param request The servlet request we are processing
* @param result The servlet response we are creating
* @param chain The filter chain we are processing
*
* @exception IOException if an input/output error occurs
* @exception ServletException if a servlet error occurs
*/
public void doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
String clientAddr = request.getRemoteAddr();
if (hasMatch(clientAddr, deny)) {
handleInvalidAccess(request, response, clientAddr);
return;
}
if ((allow.length > 0) && !hasMatch(clientAddr, allow)) {
handleInvalidAccess(request, response, clientAddr);
return;
}
chain.doFilter(request, response);
}
private void handleInvalidAccess(ServletRequest request,
ServletResponse response,
String clientAddr) throws IOException {
String url = ((HttpServletRequest)request).getRequestURL().toString();
((HttpServletResponse)response).sendError(HttpServletResponse.SC_FORBIDDEN);
}
private boolean hasMatch(String clientAddr, String[] regExps) {
for (int i=0; i < regExps.length; i++) {
if (clientAddr.matches(regExps[i])) return true;
}
return false;
}
/**
* Destroy method for this filter
*
*/
public void destroy() {
this.filterConfig = null;
this.allow = null;
this.deny = null;
}
/**
* Init method for this filter
*
*/
public void init(FilterConfig filterConfig) {
this.filterConfig = filterConfig;
this.allow = extractRegExps(filterConfig.getInitParameter("allow"));
this.deny = extractRegExps(filterConfig.getInitParameter("deny"));
}
private String[] extractRegExps(String initParam) {
if (initParam == null) {
return new String[0];
} else {
return initParam.split(",");
}
}
/**
* Return a String representation of this object.
*/
public String toString() {
if (filterConfig == null) return ("ClientAddrFilter()");
StringBuffer sb = new StringBuffer("ClientAddrFilter(");
sb.append(filterConfig);
sb.append(")");
return (sb.toString());
}}