Module org.eclipse.jetty.server
Package org.eclipse.jetty.server.handler

Class InetAccessHandler

  • All Implemented Interfaces:
    Handler, HandlerContainer, org.eclipse.jetty.util.component.Container, org.eclipse.jetty.util.component.Destroyable, org.eclipse.jetty.util.component.Dumpable, org.eclipse.jetty.util.component.Dumpable.DumpableContainer, org.eclipse.jetty.util.component.LifeCycle
    public class InetAccessHandler
extends HandlerWrapper
    InetAddress Access Handler

    Controls access to the wrapped handler using the real remote IP. Control is provided by and IncludeExcludeSet over a InetAddressSet. This handler uses the real internet address of the connection, not one reported in the forwarded for headers, as this cannot be as easily forged.

    • Nested Class Summary

      • Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

        org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener, org.eclipse.jetty.util.component.AbstractLifeCycle.StopException

      • Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container

        org.eclipse.jetty.util.component.Container.InheritedListener, org.eclipse.jetty.util.component.Container.Listener

      • Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Dumpable

        org.eclipse.jetty.util.component.Dumpable.DumpableContainer

      • Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle

        org.eclipse.jetty.util.component.LifeCycle.Listener

    • Field Summary

      • Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

        FAILED, STARTED, STARTING, STOPPED, STOPPING

      • Fields inherited from interface org.eclipse.jetty.util.component.Dumpable

        KEY

    • Method Summary

      All Methods Instance Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      void clear()
      Clears all the includes, excludes, included connector names and excluded connector names.
      void dump​(java.lang.Appendable out, java.lang.String indent)  
      void exclude​(java.lang.String pattern)
      Excludes an InetAccess entry pattern with an optional connector name, address and URI mapping.
      void exclude​(java.lang.String... patterns)
      Excludes InetAccess patterns
      void exclude​(java.lang.String connectorName, java.lang.String addressPattern, org.eclipse.jetty.http.pathmap.PathSpec pathSpec)
      Excludes an InetAccess entry.
      void excludeConnector​(java.lang.String name)
      Deprecated.
      use include(String) instead.
      void excludeConnectors​(java.lang.String... names)
      Deprecated.
      use include(String) instead.
      void handle​(java.lang.String target, Request baseRequest, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Checks the incoming request against the whitelist and blacklist
      void include​(java.lang.String pattern)
      Includes an InetAccess pattern with an optional connector name, address and URI mapping.
      void include​(java.lang.String... patterns)
      Includes InetAccess patterns
      void include​(java.lang.String connectorName, java.lang.String addressPattern, org.eclipse.jetty.http.pathmap.PathSpec pathSpec)
      Includes an InetAccess entry.
      void includeConnector​(java.lang.String name)
      Deprecated.
      use include(String) instead.
      void includeConnectors​(java.lang.String... names)
      Deprecated.
      use include(String) instead.
      protected boolean isAllowed​(java.net.InetAddress addr, Request baseRequest, jakarta.servlet.http.HttpServletRequest request)
      Checks if specified address and request are allowed by current InetAddress rules.

      • Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle

        addBean, addBean, addEventListener, addManaged, contains, dump, dump, dumpObjects, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, start, stop, unmanage, updateBean, updateBean, updateBeans, updateBeans

      • Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

        getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, setEventListeners, start, stop, toString

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

      • Methods inherited from interface org.eclipse.jetty.util.component.Container

        getCachedBeans, getEventListeners

      • Methods inherited from interface org.eclipse.jetty.util.component.Dumpable

        dumpSelf

      • Methods inherited from interface org.eclipse.jetty.util.component.Dumpable.DumpableContainer

        isDumpable

      • Methods inherited from interface org.eclipse.jetty.util.component.LifeCycle

        addEventListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeEventListener, start, stop

    • Constructor Detail

      • InetAccessHandler

        public InetAccessHandler()

    • Method Detail

      • clear

        public void clear()
        Clears all the includes, excludes, included connector names and excluded connector names.

      • include

        public void include​(java.lang.String pattern)
        Includes an InetAccess pattern with an optional connector name, address and URI mapping.

        The connector name is separated from the InetAddress pattern with an '@' character, and the InetAddress pattern is separated from the URI pattern using the "|" (pipe) character. URI patterns follow the servlet specification for simple * prefix and suffix wild cards (e.g. /, /foo, /foo/bar, /foo/bar/*, *.baz).


        Examples:
        • "connector1@127.0.0.1|/foo"
        • "127.0.0.1|/foo"
        • "connector1@127.0.0.1"
        • "127.0.0.1"
        Parameters:
        pattern - InetAccess pattern to include
        See Also:
        InetAddressSet

      • include

        public void include​(java.lang.String... patterns)
        Includes InetAccess patterns
        Parameters:
        patterns - InetAddress patterns to include
        See Also:
        InetAddressSet

      • include

        public void include​(java.lang.String connectorName,
                    java.lang.String addressPattern,
                    org.eclipse.jetty.http.pathmap.PathSpec pathSpec)
        Includes an InetAccess entry.
        Parameters:
        connectorName - optional name of a connector to include.
        addressPattern - optional InetAddress pattern to include.
        pathSpec - optional pathSpec to include.

      • exclude

        public void exclude​(java.lang.String pattern)
        Excludes an InetAccess entry pattern with an optional connector name, address and URI mapping.

        The connector name is separated from the InetAddress pattern with an '@' character, and the InetAddress pattern is separated from the URI pattern using the "|" (pipe) character. URI patterns follow the servlet specification for simple * prefix and suffix wild cards (e.g. /, /foo, /foo/bar, /foo/bar/*, *.baz).


        Examples:
        • "connector1@127.0.0.1|/foo"
        • "127.0.0.1|/foo"
        • "connector1@127.0.0.1"
        • "127.0.0.1"
        Parameters:
        pattern - InetAddress pattern to exclude
        See Also:
        InetAddressSet

      • exclude

        public void exclude​(java.lang.String... patterns)
        Excludes InetAccess patterns
        Parameters:
        patterns - InetAddress patterns to exclude
        See Also:
        InetAddressSet

      • exclude

        public void exclude​(java.lang.String connectorName,
                    java.lang.String addressPattern,
                    org.eclipse.jetty.http.pathmap.PathSpec pathSpec)
        Excludes an InetAccess entry.
        Parameters:
        connectorName - optional name of a connector to exclude.
        addressPattern - optional InetAddress pattern to exclude.
        pathSpec - optional pathSpec to exclude.

      • includeConnector

        @Deprecated
public void includeConnector​(java.lang.String name)
        Deprecated.
        use include(String) instead.
        Includes a connector name.
        Parameters:
        name - Connector name to include in this handler.

      • excludeConnector

        @Deprecated
public void excludeConnector​(java.lang.String name)
        Deprecated.
        use include(String) instead.
        Excludes a connector name.
        Parameters:
        name - Connector name to exclude in this handler.

      • includeConnectors

        @Deprecated
public void includeConnectors​(java.lang.String... names)
        Deprecated.
        use include(String) instead.
        Includes connector names.
        Parameters:
        names - Connector names to include in this handler.

      • excludeConnectors

        @Deprecated
public void excludeConnectors​(java.lang.String... names)
        Deprecated.
        use include(String) instead.
        Excludes connector names.
        Parameters:
        names - Connector names to exclude in this handler.

      • handle

        public void handle​(java.lang.String target,
                   Request baseRequest,
                   jakarta.servlet.http.HttpServletRequest request,
                   jakarta.servlet.http.HttpServletResponse response)
            throws java.io.IOException,
                   jakarta.servlet.ServletException
        Checks the incoming request against the whitelist and blacklist
        Specified by:
        handle in interface Handler
        Overrides:
        handle in class HandlerWrapper
        Parameters:
        target - The target of the request - either a URI or a name.
        baseRequest - The original unwrapped request object.
        request - The request either as the Request object or a wrapper of that request. The HttpConnection.getCurrentConnection().getHttpChannel().getRequest() method can be used access the Request object if required.
        response - The response as the Response object or a wrapper of that request. The HttpConnection.getCurrentConnection().getHttpChannel().getResponse() method can be used access the Response object if required.
        Throws:
        java.io.IOException - if unable to handle the request or response processing
        jakarta.servlet.ServletException - if unable to handle the request or response due to underlying servlet issue

      • isAllowed

        protected boolean isAllowed​(java.net.InetAddress addr,
                            Request baseRequest,
                            jakarta.servlet.http.HttpServletRequest request)
        Checks if specified address and request are allowed by current InetAddress rules.
        Parameters:
        addr - the inetAddress to check
        baseRequest - the base request to check
        request - the HttpServletRequest request to check
        Returns:
        true if inetAddress and request are allowed

      • dump

        public void dump​(java.lang.Appendable out,
                 java.lang.String indent)
          throws java.io.IOException
        Specified by:
        dump in interface org.eclipse.jetty.util.component.Dumpable
        Overrides:
        dump in class org.eclipse.jetty.util.component.ContainerLifeCycle
        Throws:
        java.io.IOException