org.sakaiproject.util
Class RemoteHostFilter

java.lang.Object
  extended byorg.sakaiproject.util.RemoteHostFilter
All Implemented Interfaces:
Filter

public class RemoteHostFilter
extends Object
implements Filter

This Servlet Filter allows/denies requests based on comparing the remote hostname and/or ip-address against a set of regular expressions configured in the init parameters.

The allow and/or deny properties are expected to be comma-delimited list of regular expressions indicating hostnames and/or ip addresses of allowed/denied hosts. Here is the evaluation logic:

To summarize, the pseudo-code looks like:
      if (explicitly denied) "Forbidden";
      else if (explicitly allowed) "Pass";
      else if (allow set is null, but deny is not) "Pass";
      else "Forbidden";
 
log-allowed and log-denied may be specified to true/false to log allowed/denied requests. log-allowed defaults to false, and log-denied defaults to true;

Author:
Vishal Goenka

Field Summary
protected  Pattern[] allow
          The set of allowed hosts/addresses expressed as regular expressions
protected  String allowList
          The comma-delimited set of allowed hosts (hostnames/addresses).
protected  Pattern[] deny
          The set of denied hosts/addresses expressed as regular expressions
protected  String denyList
          The comma-delimited set of denied hosts (hostnames/addresses)
protected  boolean logAllowed
          Should allowed requests be logged
protected  boolean logDenied
          Should denied requests be logged
 
Constructor Summary
RemoteHostFilter()
           
 
Method Summary
 void destroy()
           
 void doFilter(ServletRequest sreq, ServletResponse sres, FilterChain chain)
           
protected  Pattern[] getRegExPatterns(String list)
          Converts the given list of comma-delimited regex patterns to an array of Pattern objects
 void init(FilterConfig config)
          Read the allow/deny parameters and initialize patterns
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

allowList

protected String allowList
The comma-delimited set of allowed hosts (hostnames/addresses).


denyList

protected String denyList
The comma-delimited set of denied hosts (hostnames/addresses)


allow

protected Pattern[] allow
The set of allowed hosts/addresses expressed as regular expressions


deny

protected Pattern[] deny
The set of denied hosts/addresses expressed as regular expressions


logAllowed

protected boolean logAllowed
Should allowed requests be logged


logDenied

protected boolean logDenied
Should denied requests be logged

Constructor Detail

RemoteHostFilter

public RemoteHostFilter()
Method Detail

init

public void init(FilterConfig config)
          throws ServletException
Read the allow/deny parameters and initialize patterns

Specified by:
init in interface Filter
Throws:
ServletException
See Also:
Filter.init(javax.servlet.FilterConfig)

doFilter

public void doFilter(ServletRequest sreq,
                     ServletResponse sres,
                     FilterChain chain)
              throws IOException,
                     ServletException
Specified by:
doFilter in interface Filter
Throws:
IOException
ServletException

destroy

public void destroy()
Specified by:
destroy in interface Filter
See Also:
Filter.destroy()

getRegExPatterns

protected Pattern[] getRegExPatterns(String list)
Converts the given list of comma-delimited regex patterns to an array of Pattern objects

Parameters:
list - The comma-separated list of patterns
Throws:
IllegalArgumentException - if one of the patterns has invalid regular expression syntax