Class InetAccessHandler
- All Implemented Interfaces:
Handler
,HandlerContainer
,Container
,Destroyable
,Dumpable
,Dumpable.DumpableContainer
,LifeCycle
Controls access to the wrapped handler using the real remote IP. Control is
provided by and IncludeExcludeSet
over a InetAddressSet
. This
handler uses the real internet address of the connection, not one reported in
the forwarded for headers, as this cannot be as easily forged.
-
Nested Class Summary
Nested classes/interfaces inherited from class org.eclipse.jetty.server.handler.AbstractHandler
AbstractHandler.ErrorDispatchHandler
Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
AbstractLifeCycle.AbstractLifeCycleListener, AbstractLifeCycle.StopException
Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container
Container.InheritedListener, Container.Listener
Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Dumpable
Dumpable.DumpableContainer
Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle
LifeCycle.Listener
-
Field Summary
Fields inherited from class org.eclipse.jetty.server.handler.HandlerWrapper
_handler
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
clear()
Clears all the includes, excludes, included connector names and excluded connector names.void
dump
(Appendable out, String indent) Dump this object (and children) into an Appendable using the provided indent after any new lines.void
Excludes an InetAccess entry pattern with an optional connector name, address and URI mapping.void
Excludes InetAccess patternsvoid
Excludes an InetAccess entry.void
excludeConnector
(String name) Deprecated.void
excludeConnectors
(String... names) Deprecated.useinclude(String)
instead.void
handle
(String target, Request baseRequest, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Checks the incoming request against the whitelist and blacklistvoid
Includes an InetAccess pattern with an optional connector name, address and URI mapping.void
Includes InetAccess patternsvoid
Includes an InetAccess entry.void
includeConnector
(String name) Deprecated.useinclude(String)
instead.void
includeConnectors
(String... names) Deprecated.useinclude(String)
instead.protected boolean
isAllowed
(InetAddress addr, Request baseRequest, jakarta.servlet.http.HttpServletRequest request) Checks if specified address and request are allowed by current InetAddress rules.Methods inherited from class org.eclipse.jetty.server.handler.HandlerWrapper
destroy, expandChildren, getHandler, getHandlers, insertHandler, setHandler
Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandlerContainer
expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass, setServer
Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandler
doError, doStart, doStop, getServer
Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle
addBean, addBean, addEventListener, addManaged, contains, dump, dump, dumpObjects, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, start, stop, unmanage, updateBean, updateBean, updateBeans, updateBeans
Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, setEventListeners, start, stop, toString
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface org.eclipse.jetty.util.component.Container
getCachedBeans, getEventListeners
Methods inherited from interface org.eclipse.jetty.util.component.Dumpable.DumpableContainer
isDumpable
Methods inherited from interface org.eclipse.jetty.util.component.LifeCycle
addEventListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeEventListener, start, stop
-
Constructor Details
-
InetAccessHandler
public InetAccessHandler()
-
-
Method Details
-
clear
public void clear()Clears all the includes, excludes, included connector names and excluded connector names. -
include
Includes an InetAccess pattern with an optional connector name, address and URI mapping.The connector name is separated from the InetAddress pattern with an '@' character, and the InetAddress pattern is separated from the URI pattern using the "|" (pipe) character. URI patterns follow the servlet specification for simple * prefix and suffix wild cards (e.g. /, /foo, /foo/bar, /foo/bar/*, *.baz).
Examples:- "connector1@127.0.0.1|/foo"
- "127.0.0.1|/foo"
- "connector1@127.0.0.1"
- "127.0.0.1"
- Parameters:
pattern
- InetAccess pattern to include- See Also:
-
include
Includes InetAccess patterns- Parameters:
patterns
- InetAddress patterns to include- See Also:
-
include
Includes an InetAccess entry.- Parameters:
connectorName
- optional name of a connector to include.addressPattern
- optional InetAddress pattern to include.pathSpec
- optional pathSpec to include.
-
exclude
Excludes an InetAccess entry pattern with an optional connector name, address and URI mapping.The connector name is separated from the InetAddress pattern with an '@' character, and the InetAddress pattern is separated from the URI pattern using the "|" (pipe) character. URI patterns follow the servlet specification for simple * prefix and suffix wild cards (e.g. /, /foo, /foo/bar, /foo/bar/*, *.baz).
Examples:- "connector1@127.0.0.1|/foo"
- "127.0.0.1|/foo"
- "connector1@127.0.0.1"
- "127.0.0.1"
- Parameters:
pattern
- InetAddress pattern to exclude- See Also:
-
exclude
Excludes InetAccess patterns- Parameters:
patterns
- InetAddress patterns to exclude- See Also:
-
exclude
Excludes an InetAccess entry.- Parameters:
connectorName
- optional name of a connector to exclude.addressPattern
- optional InetAddress pattern to exclude.pathSpec
- optional pathSpec to exclude.
-
includeConnector
Deprecated.useinclude(String)
instead.Includes a connector name.- Parameters:
name
- Connector name to include in this handler.
-
excludeConnector
Deprecated.useinclude(String)
instead.Excludes a connector name.- Parameters:
name
- Connector name to exclude in this handler.
-
includeConnectors
Deprecated.useinclude(String)
instead.Includes connector names.- Parameters:
names
- Connector names to include in this handler.
-
excludeConnectors
Deprecated.useinclude(String)
instead.Excludes connector names.- Parameters:
names
- Connector names to exclude in this handler.
-
handle
public void handle(String target, Request baseRequest, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException, jakarta.servlet.ServletException Checks the incoming request against the whitelist and blacklist- Specified by:
handle
in interfaceHandler
- Overrides:
handle
in classHandlerWrapper
- Parameters:
target
- The target of the request - either a URI or a name.baseRequest
- The original unwrapped request object.request
- The request either as theRequest
object or a wrapper of that request. The
method can be used access the Request object if required.HttpConnection.getCurrentConnection()
.getHttpChannel()
.getRequest()
response
- The response as theResponse
object or a wrapper of that request. The
method can be used access the Response object if required.HttpConnection.getCurrentConnection()
.getHttpChannel()
.getResponse()
- Throws:
IOException
- if unable to handle the request or response processingjakarta.servlet.ServletException
- if unable to handle the request or response due to underlying servlet issue
-
isAllowed
protected boolean isAllowed(InetAddress addr, Request baseRequest, jakarta.servlet.http.HttpServletRequest request) Checks if specified address and request are allowed by current InetAddress rules.- Parameters:
addr
- the inetAddress to checkbaseRequest
- the base request to checkrequest
- the HttpServletRequest request to check- Returns:
- true if inetAddress and request are allowed
-
dump
Description copied from interface:Dumpable
Dump this object (and children) into an Appendable using the provided indent after any new lines. The indent should not be applied to the first object dumped.- Specified by:
dump
in interfaceDumpable
- Overrides:
dump
in classContainerLifeCycle
- Parameters:
out
- The appendable to dump toindent
- The indent to apply after any new lines.- Throws:
IOException
- if unable to write to Appendable
-
include(String)
instead.