IPConstraint (Resin 4.0.s170329)

java.lang.Object
- com.caucho.server.security.AbstractConstraint
- - com.caucho.server.security.IPConstraint

public class IPConstraint
extends AbstractConstraint

Allow or deny requests based on the ip address of the client.

 <security-constraint>
   <ip-constraint>
     <allow>192.168.17.0/24</allow>
   </ip-constraint>
 
   <web-resource-collection>
     <url-pattern>/admin/*</url-pattern>
   </web-resource-collection>
 </security-constraint>

 
 <security-constraint>
   <ip-constraint>
     <deny>205.11.12.3</deny>
     <deny>213.43.62.45</deny>
     <deny>123.4.45.6</deny>
     <deny>233.15.25.35</deny>
     <deny>233.14.87.12</deny>
   </ip-constraint>
 
   <web-resource-collection>
     <url-pattern>/*</url-pattern>
   </web-resource-collection>
 </security-constraint>

Constructor Summary

Constructors
Constructor and Description

IPConstraint()

Constructors
Constructor and Description
`IPConstraint()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`addAllow(java.lang.String network)` Add an ip network to allow.
`void`	`addDeny(java.lang.String network)` Add an ip network to deny.
`void`	`addText(java.lang.String network)` backwards compatibility, same as addAllow()
`int`	`getCacheSize()` Size of the cache used to hold whether or not to allow a certain IP address.
`int`	`getErrorCode()` The error code to send with response.sendError, default is 403.
`java.lang.String`	`getErrorMessage()` The error message to send with response.sendError, default is "Forbidden IP Address"
`void`	`init()`
`AuthorizationResult`	`isAuthorized(HttpServletRequest request, HttpServletResponse response, ServletContext application)` Returns true if the user is authorized for the resource.
`void`	`setCacheSize(int cacheSize)` Size of the cache used to hold whether or not to allow a certain IP address, default is 256.
`void`	`setErrorCode(int errorCode)` The error code to send with response.sendError, default is 403.
`void`	`setErrorMessage(java.lang.String errorMessage)` The error message to send with response.sendError, default is "Forbidden IP Address"

Methods inherited from class com.caucho.server.security.AbstractConstraint
isPrivateCache, needsAuthentication, toArray

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - IPConstraint
```
public IPConstraint()
```
- Method Detail
  - setErrorCode
```
public void setErrorCode(int errorCode)
```
    The error code to send with response.sendError, default is 403.
  - getErrorCode
```
public int getErrorCode()
```
    The error code to send with response.sendError, default is 403.
  - setErrorMessage
```
public void setErrorMessage(java.lang.String errorMessage)
```
    The error message to send with response.sendError, default is "Forbidden IP Address"
  - getErrorMessage
```
public java.lang.String getErrorMessage()
```
    The error message to send with response.sendError, default is "Forbidden IP Address"
  - setCacheSize
```
public void setCacheSize(int cacheSize)
```
    Size of the cache used to hold whether or not to allow a certain IP address, default is 256. The first time a request is received from an ip, the allow and deny rules are checked to determine if the ip is allowed. The result of this check is cached in a an LRU cache. Subsequent requests can do a cache lookup based on the ip instead of checking the rules. This is especially important if there are a large number of allow and/or deny rules, and to protect against denial of service attacks.
  - getCacheSize
```
public int getCacheSize()
```
    Size of the cache used to hold whether or not to allow a certain IP address.
  - addAllow
```
public void addAllow(java.lang.String network)
              throws java.net.UnknownHostException
```
    Add an ip network to allow. If allow is never used, (only deny is used), then all are allowed except those in deny.
    
    Throws:
    
    java.net.UnknownHostException
  - addDeny
```
public void addDeny(java.lang.String network)
             throws java.net.UnknownHostException
```
    Add an ip network to deny.
    
    Throws:
    
    java.net.UnknownHostException
  - addText
```
public void addText(java.lang.String network)
             throws java.net.UnknownHostException
```
    backwards compatibility, same as addAllow()
    
    Throws:
    
    java.net.UnknownHostException
  - init
```
@PostConstruct
public void init()
                         throws ConfigException
```
    Throws:
    
    ConfigException
  - isAuthorized
```
public AuthorizationResult isAuthorized(HttpServletRequest request,
                                        HttpServletResponse response,
                                        ServletContext application)
                                 throws ServletException,
                                        java.io.IOException
```
    Returns true if the user is authorized for the resource.
    
    Specified by:
    
    isAuthorized in class AbstractConstraint
    
    Parameters:
    
    request - the servlet request
    
    response - the servlet response
    
    Returns:
    
    true if the request is authorized.
    
    Throws:
    
    ServletException
    
    java.io.IOException

Class IPConstraint

Constructor Summary

Method Summary

Methods inherited from class com.caucho.server.security.AbstractConstraint

Methods inherited from class java.lang.Object

Constructor Detail

IPConstraint

Method Detail

setErrorCode

getErrorCode

setErrorMessage

getErrorMessage

setCacheSize

getCacheSize

addAllow

addDeny

addText

init

isAuthorized