org.eclipse.jetty.server.handler
类 IPAccessHandler

java.lang.Object
  org.eclipse.jetty.util.component.AbstractLifeCycle
      org.eclipse.jetty.util.component.AggregateLifeCycle
          org.eclipse.jetty.server.handler.AbstractHandler
              org.eclipse.jetty.server.handler.AbstractHandlerContainer
                  org.eclipse.jetty.server.handler.HandlerWrapper
                      org.eclipse.jetty.server.handler.IPAccessHandler

所有已实现的接口：

Handler, HandlerContainer, Destroyable, Dumpable, LifeCycle

public class IPAccessHandler
extends HandlerWrapper

IP Access Handler

Controls access to the wrapped handler by the real remote IP. Control is provided by white/black lists that include both internet addresses and URIs. This handler uses the real internet address of the connection, not one reported in the forwarded for headers, as this cannot be as easily forged.

Typically, the black/white lists will be used in one of three modes:

• Blocking a few specific IPs/URLs by specifying several black list entries.
• Allowing only some specific IPs/URLs by specifying several white lists entries.
• Allowing a general range of IPs/URLs by specifying several general white list entries, that are then further refined by several specific black list exceptions

An empty white list is treated as match all. If there is at least one entry in the white list, then a request must match a white list entry. Black list entries are always applied, so that even if an entry matches the white list, a black list entry will override it.

Internet addresses may be specified as absolute address or as a combination of four octet wildcard specifications (a.b.c.d) that are defined as follows.

 nnn - an absolute value (0-255)
 mmm-nnn - an inclusive range of absolute values, 
           with following shorthand notations:
           nnn- => nnn-255
           -nnn => 0-nnn
           -    => 0-255
 a,b,... - a list of wildcard specifications
 

Internet address specification is separated from the URI pattern using the "|" (pipe) character. URI patterns follow the servlet specification for simple * prefix and suffix wild cards (e.g. /, /foo, /foo/bar, /foo/bar/*, *.baz).

Earlier versions of the handler used internet address prefix wildcard specification to define a range of the internet addresses (e.g. 127., 10.10., 172.16.1.). They also used the first "/" character of the URI pattern to separate it from the internet address. Both of these features have been deprecated in the current version.

Examples of the entry specifications are:

• 10.10.1.2 - all requests from IP 10.10.1.2
• 10.10.1.2|/foo/bar - all requests from IP 10.10.1.2 to URI /foo/bar
• 10.10.1.2|/foo/* - all requests from IP 10.10.1.2 to URIs starting with /foo/
• 10.10.1.2|*.html - all requests from IP 10.10.1.2 to URIs ending with .html
• 10.10.0-255.0-255 - all requests from IPs within 10.10.0.0/16 subnet
• 10.10.0-.-255|/foo/bar - all requests from IPs within 10.10.0.0/16 subnet to URI /foo/bar
• 10.10.0-3,1,3,7,15|/foo/* - all requests from IPs addresses with last octet equal to 1,3,7,15 in subnet 10.10.0.0/22 to URIs starting with /foo/

Earlier versions of the handler used internet address prefix wildcard specification to define a range of the internet addresses (e.g. 127., 10.10., 172.16.1.). They also used the first "/" character of the URI pattern to separate it from the internet address. Both of these features have been deprecated in the current version.

嵌套类摘要

从类 org.eclipse.jetty.util.component.AbstractLifeCycle 继承的嵌套类/接口

AbstractLifeCycle.AbstractLifeCycleListener

从接口 org.eclipse.jetty.util.component.LifeCycle 继承的嵌套类/接口

LifeCycle.Listener

字段摘要

从类 org.eclipse.jetty.server.handler.HandlerWrapper 继承的字段

_handler

从类 org.eclipse.jetty.util.component.AbstractLifeCycle 继承的字段

_listeners, FAILED, RUNNING, STARTED, STARTING, STOPPED, STOPPING

构造方法摘要

IPAccessHandler()
Creates new handler object

IPAccessHandler(String[] white, String[] black)
Creates new handler object and initializes white- and black-list

方法摘要

protected void	add(String entry, IPAddressMap<PathMap> patternMap) Helper method to parse the new entry and add it to the specified address pattern map.
void	addBlack(String entry) Add a blacklist entry to an existing handler configuration
void	addWhite(String entry) Add a whitelist entry to an existing handler configuration
protected void	doStart() Dump the white- and black-list configurations when started
String	dump() Dump the handler configuration
protected void	dump(StringBuilder buf, IPAddressMap<PathMap> patternMap) Dump a pattern map into a StringBuilder buffer
void	handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) Checks the incoming request against the whitelist and blacklist
protected boolean	isAddrUriAllowed(String addr, String path) Check if specified request is allowed by current IPAccess rules.
protected void	set(String[] entries, IPAddressMap<PathMap> patternMap) Helper method to process a list of new entries and replace the content of the specified address pattern map
void	setBlack(String[] entries) Re-initialize the blacklist of existing handler object
void	setWhite(String[] entries) Re-initialize the whitelist of existing handler object

从类 org.eclipse.jetty.server.handler.HandlerWrapper 继承的方法

destroy, doStop, expandChildren, getHandler, getHandlers, getNestedHandlerByClass, setHandler, setServer

从类 org.eclipse.jetty.server.handler.AbstractHandlerContainer 继承的方法

dump, expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass

从类 org.eclipse.jetty.server.handler.AbstractHandler 继承的方法

dumpThis, getServer

从类 org.eclipse.jetty.util.component.AggregateLifeCycle 继承的方法

addBean, addBean, contains, dump, dump, dump, dumpObject, dumpStdErr, getBean, getBeans, getBeans, isManaged, manage, removeBean, removeBeans, unmanage

从类 org.eclipse.jetty.util.component.AbstractLifeCycle 继承的方法

addLifeCycleListener, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop

从类 java.lang.Object 继承的方法

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

从接口 org.eclipse.jetty.util.component.LifeCycle 继承的方法

addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop

构造方法详细信息

IPAccessHandler

public IPAccessHandler()

Creates new handler object

IPAccessHandler

public IPAccessHandler(String[] white,
                       String[] black)

Creates new handler object and initializes white- and black-list

参数：

white - array of whitelist entries

black - array of blacklist entries

方法详细信息

addWhite

public void addWhite(String entry)

Add a whitelist entry to an existing handler configuration

参数：

entry - new whitelist entry

addBlack

public void addBlack(String entry)

Add a blacklist entry to an existing handler configuration

参数：

entry - new blacklist entry

setWhite

public void setWhite(String[] entries)

Re-initialize the whitelist of existing handler object

参数：

entries - array of whitelist entries

setBlack

public void setBlack(String[] entries)

Re-initialize the blacklist of existing handler object

参数：

entries - array of blacklist entries

handle

public void handle(String target,
                   Request baseRequest,
                   HttpServletRequest request,
                   HttpServletResponse response)
            throws IOException,
                   ServletException

Checks the incoming request against the whitelist and blacklist

指定者：

接口 Handler 中的 handle

覆盖：

类 HandlerWrapper 中的 handle

参数：

target - The target of the request - either a URI or a name.

baseRequest - The original unwrapped request object.

request - The request either as the Request object or a wrapper of that request. The AbstractHttpConnection.getCurrentConnection() method can be used access the Request object if required.

response - The response as the Response object or a wrapper of that request. The AbstractHttpConnection.getCurrentConnection() method can be used access the Response object if required.

抛出：

IOException

ServletException

另请参见：

HandlerWrapper.handle(java.lang.String, org.eclipse.jetty.server.Request, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)

add

protected void add(String entry,
                   IPAddressMap<PathMap> patternMap)

Helper method to parse the new entry and add it to the specified address pattern map.

参数：

entry - new entry

patternMap - target address pattern map

set

protected void set(String[] entries,
                   IPAddressMap<PathMap> patternMap)

Helper method to process a list of new entries and replace the content of the specified address pattern map

参数：

entries - new entries

patternMap - target address pattern map

isAddrUriAllowed

protected boolean isAddrUriAllowed(String addr,
                                   String path)

Check if specified request is allowed by current IPAccess rules.

参数：

addr - internet address

path - context path

返回：

true if request is allowed

doStart

protected void doStart()
                throws Exception

Dump the white- and black-list configurations when started

覆盖：

类 HandlerWrapper 中的 doStart

抛出：

Exception

另请参见：

HandlerWrapper.doStart()

dump

public String dump()

Dump the handler configuration

指定者：

接口 Dumpable 中的 dump

覆盖：

类 AggregateLifeCycle 中的 dump

dump

protected void dump(StringBuilder buf,
                    IPAddressMap<PathMap> patternMap)

Dump a pattern map into a StringBuilder buffer

参数：

buf - buffer

patternMap - pattern map to dump