WhitelistFilter.java

package com.mossle.core.whitelist;

import java.io.IOException;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.mossle.core.servlet.UrlPatternMatcher;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class WhitelistFilter implements Filter {
    private static Logger logger = LoggerFactory
            .getLogger(WhitelistFilter.class);
    private String value;
    private Map<UrlPatternMatcher, List<String>> map = new HashMap<UrlPatternMatcher, List<String>>();

    public void destroy() {
    }

    public void init(FilterConfig config) throws ServletException {
        this.init();
    }

    public void init() {
        for (String line : value.split("\n")) {
            String[] array = line.split("=");
            UrlPatternMatcher urlPatternMatcher = UrlPatternMatcher
                    .create(array[0]);
            List<String> ips = new ArrayList<String>();
            ips.addAll(Arrays.asList(array[1].split(",")));

            map.put(urlPatternMatcher, ips);
        }
    }

    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse res = (HttpServletResponse) response;
        String contextPath = req.getContextPath();
        String requestUri = req.getRequestURI();
        String path = requestUri.substring(contextPath.length());

        for (Map.Entry<UrlPatternMatcher, List<String>> entry : map.entrySet()) {
            UrlPatternMatcher urlPatternMatcher = entry.getKey();

            if (urlPatternMatcher.matches(path)) {
                List<String> ips = entry.getValue();

                if (!ips.contains(req.getRemoteAddr())) {
                    logger.info(req.getRemoteAddr() + " access denied");
                    res.sendError(HttpServletResponse.SC_FORBIDDEN);

                    return;
                } else {
                    logger.info(req.getRemoteAddr() + " access "
                            + urlPatternMatcher);
                }
            }
        }

        chain.doFilter(req, res);
    }

    public void setValue(String value) {
        this.value = value;
    }
}