IPAddressAccessController.java

/*
 * JLibs: Common Utilities for Java
 * Copyright (C) 2009  Santhosh Kumar T <santhosh.tekuri@gmail.com>
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 */

package jlibs.nio.http.filters;

import jlibs.nio.http.FilterType;
import jlibs.nio.http.ServerExchange;
import jlibs.nio.http.ServerFilter;
import jlibs.nio.http.msg.Status;
import jlibs.nio.util.IPV4Pattern;
import jlibs.nio.util.IPV6Pattern;

import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;

/**
 * @author Santhosh Kumar Tekuri
 *
 * Server Request Filter
 */
public class IPAddressAccessController implements ServerFilter{
    public Map<IPV4Pattern, Boolean> ipv4ACL = new LinkedHashMap<>();
    public Map<IPV6Pattern, Boolean> ipv6ACL = new LinkedHashMap<>();
    public boolean defaultAllow;
    public Status denyStatus = Status.FORBIDDEN;

    public IPAddressAccessController defaultAllow(boolean allow){
        defaultAllow = allow;
        return this;
    }

    public IPAddressAccessController denyStatus(Status status){
        denyStatus = status;
        return this;
    }

    public void addPattern(String pattern, boolean allow){
        if(pattern.indexOf('.')>=0)
            ipv4ACL.put(new IPV4Pattern(pattern), allow);
        else
            ipv6ACL.put(new IPV6Pattern(pattern), allow);
    }

    @Override
    public boolean filter(ServerExchange exchange, FilterType type) throws Exception{
        assert type==FilterType.REQUEST;
        InetAddress address = exchange.getClientAddress();
        boolean allow = defaultAllow;
        if(address instanceof Inet4Address){
            for(Map.Entry<IPV4Pattern, Boolean> entry: ipv4ACL.entrySet()){
                if(entry.getKey().matches(address)){
                    allow = entry.getValue();
                    break;
                }
            }
        }else if(address instanceof Inet6Address){
            for(Map.Entry<IPV6Pattern, Boolean> entry: ipv6ACL.entrySet()){
                if(entry.getKey().matches(address)){
                    allow = entry.getValue();
                    break;
                }
            }
        }
        if(allow)
            return true;
        else
            throw denyStatus;
    }
}