com.caucho.server.security
Class IPConstraint

java.lang.Object
  extended by com.caucho.server.security.AbstractConstraint
      extended by com.caucho.server.security.IPConstraint

public class IPConstraint
extends AbstractConstraint

Allow or deny requests based on the ip address of the client.

 <security-constraint>
   <ip-constraint>
     <allow>192.168.17.0/24</allow>
   </ip-constraint>
 
   <web-resource-collection>
     <url-pattern>/admin/*</url-pattern>
   </web-resource-collection>
 </security-constraint>
 
 
 <security-constraint>
   <ip-constraint>
     <deny>205.11.12.3</deny>
     <deny>213.43.62.45</deny>
     <deny>123.4.45.6</deny>
     <deny>233.15.25.35</deny>
     <deny>233.14.87.12</deny>
   </ip-constraint>
 
   <web-resource-collection>
     <url-pattern>/*</url-pattern>
   </web-resource-collection>
 </security-constraint>
 


Constructor Summary
IPConstraint()
           
 
Method Summary
 void addAllow(java.lang.String network)
          Add an ip network to allow.
 void addDeny(java.lang.String network)
          Add an ip network to deny.
 void addText(java.lang.String network)
          backwards compatibility, same as addAllow()
 int getCacheSize()
          Size of the cache used to hold whether or not to allow a certain IP address.
 int getErrorCode()
          The error code to send with response.sendError, default is 403.
 java.lang.String getErrorMessage()
          The error message to send with response.sendError, default is "Forbidden IP Address"
 void init()
           
 AuthorizationResult isAuthorized(HttpServletRequest request, HttpServletResponse response, ServletContext application)
          Returns true if the user is authorized for the resource.
 void setCacheSize(int cacheSize)
          Size of the cache used to hold whether or not to allow a certain IP address, default is 256.
 void setErrorCode(int errorCode)
          The error code to send with response.sendError, default is 403.
 void setErrorMessage(java.lang.String errorMessage)
          The error message to send with response.sendError, default is "Forbidden IP Address"
 
Methods inherited from class com.caucho.server.security.AbstractConstraint
isPrivateCache, needsAuthentication, toArray
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

IPConstraint

public IPConstraint()
Method Detail

setErrorCode

public void setErrorCode(int errorCode)
The error code to send with response.sendError, default is 403.


getErrorCode

public int getErrorCode()
The error code to send with response.sendError, default is 403.


setErrorMessage

public void setErrorMessage(java.lang.String errorMessage)
The error message to send with response.sendError, default is "Forbidden IP Address"


getErrorMessage

public java.lang.String getErrorMessage()
The error message to send with response.sendError, default is "Forbidden IP Address"


setCacheSize

public void setCacheSize(int cacheSize)
Size of the cache used to hold whether or not to allow a certain IP address, default is 256. The first time a request is received from an ip, the allow and deny rules are checked to determine if the ip is allowed. The result of this check is cached in a an LRU cache. Subsequent requests can do a cache lookup based on the ip instead of checking the rules. This is especially important if there are a large number of allow and/or deny rules, and to protect against denial of service attacks.


getCacheSize

public int getCacheSize()
Size of the cache used to hold whether or not to allow a certain IP address.


addAllow

public void addAllow(java.lang.String network)
              throws java.net.UnknownHostException
Add an ip network to allow. If allow is never used, (only deny is used), then all are allowed except those in deny.

Throws:
java.net.UnknownHostException

addDeny

public void addDeny(java.lang.String network)
             throws java.net.UnknownHostException
Add an ip network to deny.

Throws:
java.net.UnknownHostException

addText

public void addText(java.lang.String network)
             throws java.net.UnknownHostException
backwards compatibility, same as addAllow()

Throws:
java.net.UnknownHostException

init

@PostConstruct
public void init()
          throws ConfigException
Throws:
ConfigException

isAuthorized

public AuthorizationResult isAuthorized(HttpServletRequest request,
                                        HttpServletResponse response,
                                        ServletContext application)
                                 throws ServletException,
                                        java.io.IOException
Returns true if the user is authorized for the resource.

Specified by:
isAuthorized in class AbstractConstraint
Parameters:
request - the servlet request
response - the servlet response
Returns:
true if the request is authorized.
Throws:
ServletException
java.io.IOException