public final class RestrictUrisProcessor extends AbstractClientHttpRequestFactoryProcessor
This processor check urls against a set of url matchers to see if the request should be allowed or rejected.
Usage of processor is as follows:
- !restrictUris
matchers:
- !localMatch {}
- !ipMatch
ip: www.camptocamp.org
- !dnsMatch
host: mapfish-geoportal.demo-camptocamp.com
port: 80
- !dnsMatch
host: labs.metacarta.com
port: 80
- !dnsMatch
host: terraservice.net
port: 80
- !dnsMatch
host: tile.openstreetmap.org
port: 80
- !dnsMatch
host: www.geocat.ch
port: 80
By default a matcher allows the URL, but it can be setup to reject the URL (by setting reject to true). The first matcher that matches will be the one picking the final outcome. If no matcher matches, the URI is rejected. So, for example, you can allow every URLs apart from the internal URLs like that:
- !restrictUris
matchers:
- !ipMatch
ip : 192.178.0.0
mask : 255.255.0.0
reject: true
- !acceptAll
If the Print service is in your DMZ and needs to allow access to any WMS server, it is strongly recommended to have a configuration like the previous one in order to avoid having the Print service being used as a proxy to access your internal servers.
Note: if this class is part of a CompositeClientHttpRequestFactoryProcessor (!configureHttpRequests) then it should be the last one so that the checks are done after all changes to the URIs
[[examples=http_processors]]AcceptAllMatcher,
AddressHostMatcher,
DnsHostMatcher,
LocalHostMatcherAbstractProcessor.ContextProcessor.ExecutionContextmatchers| Constructor and Description |
|---|
RestrictUrisProcessor() |
| Modifier and Type | Method and Description |
|---|---|
MfClientHttpRequestFactory |
createFactoryWrapper(ClientHttpFactoryProcessorParam clientHttpFactoryProcessorParam,
MfClientHttpRequestFactory requestFactory)
Create the
MfClientHttpRequestFactory to use. |
createInputParameter, execute, extraValidation, setMatcherscheckCancelState, getInputMapperBiMap, getInputPrefix, getOutputMapperBiMap, getOutputPrefix, getOutputType, setInputMapper, setInputPrefix, setOutputMapper, setOutputPrefix, setPrefix, toString, validateclone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitgetInputMapperBiMap, getInputPrefix, getOutputMapperBiMap, getOutputPrefix, getOutputTypevalidatepublic MfClientHttpRequestFactory createFactoryWrapper(ClientHttpFactoryProcessorParam clientHttpFactoryProcessorParam, MfClientHttpRequestFactory requestFactory)
HttpProcessorMfClientHttpRequestFactory to use.clientHttpFactoryProcessorParam - extra parameters required to create the updated request factoryrequestFactory - the basic request factory. It should be unmodified and just wrapped with a proxy class.