InetAddressFilter xref

View Javadoc

1   /*
2    * SymmetricDS is an open source database synchronization solution.
3    *   
4    * Copyright (C) Dave Michels <dmichels2@users.sourceforge.net>,
5    *
6    * This library is free software; you can redistribute it and/or
7    * modify it under the terms of the GNU Lesser General Public
8    * License as published by the Free Software Foundation; either
9    * version 3 of the License, or (at your option) any later version.
10   *
11   * This library is distributed in the hope that it will be useful,
12   * but WITHOUT ANY WARRANTY; without even the implied warranty of
13   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14   * Lesser General Public License for more details.
15   *
16   * You should have received a copy of the GNU Lesser General Public
17   * License along with this library; if not, see
18   * <http://www.gnu.org/licenses/>.
19   */
20  
21  package org.jumpmind.symmetric.web;
22  
23  import java.io.IOException;
24  import java.net.InetAddress;
25  import java.net.UnknownHostException;
26  
27  import javax.servlet.FilterChain;
28  import javax.servlet.FilterConfig;
29  import javax.servlet.ServletException;
30  import javax.servlet.ServletRequest;
31  import javax.servlet.ServletResponse;
32  import javax.servlet.http.HttpServletRequest;
33  import javax.servlet.http.HttpServletResponse;
34  
35  import org.apache.commons.lang.StringUtils;
36  import org.apache.commons.logging.Log;
37  import org.apache.commons.logging.LogFactory;
38  import org.jumpmind.symmetric.transport.InetAddressResourceHandler;
39  
40  /***
41   * This better be the first filter that executes ! TODO: if this thing fails,
42   * should it prevent further processing of the request?
43   */
44  public class InetAddressFilter extends AbstractTransportFilter<InetAddressResourceHandler> {
45      public static final String INET_ADDRESS_FILTERS = "inetAddressFilters";
46  
47      public static final String INET_ADDRESS_ALLOW_MULICAST = "inetAddressAllowMultcast";
48  
49      private static final Log logger = LogFactory.getLog(InetAddressFilter.class);
50  
51      private InetAddressResourceHandler authorizer;
52  
53      @Override
54      public void init(final FilterConfig config) throws ServletException {
55          super.init(config);
56          authorizer = getTransportResourceHandler();
57          final String addressFilters = config.getInitParameter(INET_ADDRESS_FILTERS);
58          if (addressFilters != null) {
59              try {
60                  authorizer.setAddressFilters(addressFilters);
61              } catch (final UnknownHostException e) {
62                  throw new ServletException("Invalid fddress filter string: " + addressFilters, e);
63              }
64          }
65  
66          final String multicastAllowed = config.getInitParameter(INET_ADDRESS_ALLOW_MULICAST);
67          if (!StringUtils.isBlank(multicastAllowed)) {
68              authorizer.setMulicastAllowed(Boolean.parseBoolean(multicastAllowed.trim()));
69          }
70      }
71  
72      @Override
73      public boolean isContainerCompatible() {
74          return true;
75      }
76  
77      public void doFilter(final ServletRequest req, final ServletResponse resp, final FilterChain chain)
78              throws IOException, ServletException {
79          // final IInetAddressAuthorizer authorizer =
80          // getTransportResourceHandler();
81          final HttpServletRequest httpRequest = (HttpServletRequest) req;
82          final String sourceAddrString = httpRequest.getRemoteAddr();
83          try {
84              final InetAddress sourceAddr = InetAddress.getByName(sourceAddrString);
85              if (logger.isDebugEnabled()) {
86                  logger.debug("Authorizing address: " + sourceAddr.toString());
87              }
88              if (authorizer.isAuthorized(sourceAddr)) {
89                  chain.doFilter(req, resp);
90              } else {
91                  logger.info("Denied address: " + sourceAddr.toString());
92                  sendError(resp, HttpServletResponse.SC_FORBIDDEN);
93              }
94          } catch (final UnknownHostException uhe) {
95              sendError(resp, HttpServletResponse.SC_FORBIDDEN);
96          }
97      }
98  
99      @Override
100     public void destroy() {
101         super.destroy();
102         authorizer.clearFilters();
103     }
104 
105     @Override
106     protected Log getLogger() {
107         return logger;
108     }
109 }