Class IpFilter

java.lang.Object
org.apache.shiro.web.servlet.ServletContextSupport
org.apache.shiro.web.servlet.AbstractFilter
org.apache.shiro.web.servlet.NameableFilter
org.apache.shiro.web.servlet.OncePerRequestFilter
org.apache.shiro.web.servlet.AdviceFilter
org.apache.shiro.web.filter.PathMatchingFilter
org.apache.shiro.web.filter.AccessControlFilter
org.apache.shiro.web.filter.authz.AuthorizationFilter
org.apache.shiro.web.filter.authz.IpFilter
All Implemented Interfaces:
javax.servlet.Filter, org.apache.shiro.lang.util.Nameable, PathConfigProcessor
public class IpFilter extends AuthorizationFilter
A Filter that requires the request to be from within a specific set of IP address ranges and / or not from with a specific (denied) set.

Example config: 

 [main]
 localLan = org.apache.shiro.web.filter.authz.IpFilter
 localLan.authorizedIps = 192.168.10.0/24
 localLan.deniedIps = 192.168.10.10/32
 

 [urls]
 /some/path/** = localLan
 # override for just this path:
 /another/path/** = localLan
Since:
2.0

  • Constructor Details

  • Method Details

    • setAuthorizedIps

      public void setAuthorizedIps(String authorizedIps)
      Specifies a set of (comma, tab or space-separated) strings representing IP address representing IPv4 or IPv6 ranges / CIDRs from which access should be allowed (if the IP is not included in either the list of statically defined denied IPs or the dynamic list of IPs obtained from the IP source.

    • setDeniedIps

      public void setDeniedIps(String deniedIps)
      Specified a set of (comma, tab or space-separated) strings representing IP address representing IPv4 or IPv6 ranges / CIDRs from which access should be blocked.

    • setIpSource

      public void setIpSource(IpSource source)

    • getHostFromRequest

      public String getHostFromRequest(javax.servlet.ServletRequest request)
      Returns the remote host for a given HTTP request. By default uses the remote method ServletRequest.getRemoteAddr(). May be overridden by subclasses to obtain address information from specific headers (e.g. XFF or Forwarded) in situations with reverse proxies.

    • isAccessAllowed

      protected boolean isAccessAllowed(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, Object mappedValue) throws Exception
      Description copied from class: AccessControlFilter
      Returns true if the request is allowed to proceed through the filter normally, or false if the request should be handled by the onAccessDenied(request,response,mappedValue) method instead.
      Specified by:
      isAccessAllowed in class AccessControlFilter
      Parameters:
      request - the incoming ServletRequest
      response - the outgoing ServletResponse
      mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.
      Returns:
      true if the request should proceed through the filter normally, false if the request should be processed by this filter's AccessControlFilter.onAccessDenied(ServletRequest, ServletResponse, Object) method instead.
      Throws:
      Exception - if an error occurs during processing.