IfNetwork.java example

Explorer
resin-master
/*
 * Copyright (c) 1998-2011 Caucho Technology -- all rights reserved
 *
 * This file is part of Resin(R) Open Source
 *
 * Each copy or derived work must preserve the copyright notice and this
 * notice unmodified.
 *
 * Resin Open Source is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * Resin Open Source is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, or any warranty
 * of NON-INFRINGEMENT.  See the GNU General Public License for more
 * details.
 *
 * You should have received a copy of the GNU General Public License
 * along with Resin Open Source; if not, write to the
 *
 *   Free Software Foundation, Inc.
 *   59 Temple Place, Suite 330
 *   Boston, MA 02111-1307  USA
 *
 * @author Scott Ferguson
 */

package com.caucho.rewrite;

import com.caucho.config.ConfigException;
import com.caucho.config.Configurable;
import com.caucho.util.InetNetwork;
import com.caucho.util.LruCache;
import com.caucho.util.L10N;

import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.logging.Level;
import java.util.logging.Logger;

/**
 * Match if the remote IP address matches one of the pattern networks.
 * Standard IP network syntax is allowed, so 192.168/16 matches the entire
 * subnetwork.
 *
 * <pre>
 * <resin:Allow url-pattern="/admin/*"
 *                xmlns:resin="urn:java:com.caucho.resin">
 *   <resin:IfNetwork value="192.168.17.0/24"/>
 * </resin:Allow>
 * </pre>
 * 
 * <pre> 
 * <resin:Forbidden
 *         xmlns:resin="urn:java:com.caucho.resin">
 *   <resin:IfNetwork>
 *     <value>205.11.12.3</value>
 *     <value>123.4.45.6</value>
 *     <value>233.15.25.35</value>
 *     <value>233.14.87.12</value>
 *   </resin:IfNetwork>
 * </resin:Forbidden>
 * </pre>
 *
 * <p>RequestPredicates may be used for both security and rewrite conditions.
 */
@Configurable
public class IfNetwork implements RequestPredicate {
  private static final Logger log
    = Logger.getLogger(IfNetwork.class.getName());
  static L10N L = new L10N(IfNetwork.class);

  private ArrayList<InetNetwork> _networkList = new ArrayList<InetNetwork>();

  private int _cacheSize = 256;

  private LruCache<String,Boolean> _cache;

  /**
   * Size of the cache used to hold whether or not to allow a certain IP
   * address, default is 256.  The first time a request is received from an ip,
   * the allow and deny rules are checked to determine if the ip is allowed.
   * The result of this check is cached in a an LRU cache.  Subsequent requests
   * can do a cache lookup based on the ip instead of checking the rules.  This
   * is especially important if there are a large number of allow and/or deny
   * rules, and to protect against denial of service attacks.  
   */ 
  @Configurable
  public void setCacheSize(int cacheSize)
  {
    _cacheSize = cacheSize;
  }

  /** 
   * Size of the cache used to hold whether or not to allow a certain IP
   * address.
   */ 
  public int getCacheSize()
  {
    return _cacheSize;
  }

  /**
   * Add an ip network to allow.  If allow is never used, (only deny is used),
   * then all are allowed except those in deny.
   * @throws UnknownHostException 
   */
  @Configurable
  public void addValue(String network) 
    throws UnknownHostException
  {
    if (_networkList == null)
      _networkList = new ArrayList<InetNetwork>();

    _networkList.add(InetNetwork.create(network));
  }

  @PostConstruct
  public void init()
    throws ConfigException
  {
    _cache = new LruCache<String,Boolean>(_cacheSize);
  }

  /**
   * True if the predicate matches.
   *
   * @param request the servlet request to test
   */
  @Override
  public boolean isMatch(HttpServletRequest request)
  {
    String remoteAddr = request.getRemoteAddr();

    if (remoteAddr == null)
      return false;
    
    if (_cache != null) {
      Boolean cacheValue = _cache.get(remoteAddr);

      if (cacheValue != null)
        return cacheValue;
    }

    InetAddress addr = null;
    
    try {
      addr = InetAddress.getByName(remoteAddr);
    } catch (Exception e) {
      log.log(Level.FINE, e.toString(), e);
      
      return false;
    }

    boolean isMatch = false;
    for (int i = 0; i < _networkList.size(); i++) {
      InetNetwork net = _networkList.get(i);
      
      if (net.isMatch(addr)) {
        isMatch = true;
        break;
      }
    }
    
    if (log.isLoggable(Level.FINER)) {
      log.finer(this + " match=" + isMatch + " " + addr);
    }

    // update cache

    if (_cache != null)
      _cache.put(remoteAddr, isMatch);

    return isMatch;
  }

  @Override
  public String toString()
  {
    return getClass().getSimpleName() + _networkList;
  }
}