IpAddressBasedExpirationPolicyEvaluator.java example

Explorer

cas-addons-master
- src
  - main
    - java
      - net
        unicon
        cas
        addons
        authentication
        AuthenticationSupport.java
        PasswordExpirationStatusPolicy.java
        handler
        EmailAddressToPrincipalNameTransformer.java
        ShiroHashServicePasswordEncoder.java
        StormpathAuthenticationHandler.java
        package-info.java
        internal
        DefaultAuthenticationSupport.java
        package-info.java
        package-info.java
        principal
        EmailAddressPasswordCredentialsToPrincipalResolver.java
        StormpathPrincipal.java
        StormpathPrincipalResolver.java
        package-info.java
        util
        PrincipalUtils.java
        package-info.java
        strong
        AdditionalAuthenticationFactorPolicy.java
        oath
        totp
        TOTP.java
        TOTPUtils.java
        TotpAuthenticationHandler.java
        TotpOathDetailsSource.java
        package-info.java
        package-info.java
        yubikey
        YubiKeyAccountRegistry.java
        YubiKeyAuthenticationHandler.java
        package-info.java
        support
        Assertions.java
        PasswordExpirationStatusPolicySupport.java
        package-info.java
        config
        CasNamespaceHandler.java
        package-info.java
        info
        CasServerVersionInfoEmitter.java
        SingleSignOnSessionsReport.java
        SingleSignOnSessionsReportResource.java
        events
        AbstractCasServiceAccessEvent.java
        AbstractCasSsoEvent.java
        CasServiceTicketGrantedEvent.java
        CasServiceTicketValidatedEvent.java
        CasSsoSessionDestroyedEvent.java
        CasSsoSessionEstablishedEvent.java
        CentralAuthenticationServiceEventsPublishingAspect.java
        listeners
        RedisStatsRecorderForServiceTicketValidatedEvents.java
        RedisStatsRecorderForSsoSessionEstablishedEvents.java
        package-info.java
        package-info.java
        internal
        DefaultSingleSignOnSessionsReport.java
        package-info.java
        package-info.java
        persondir
        GrouperPersonAttributeDao.java
        JsonBackedComplexStubPersonAttributeDao.java
        NamedStubPersonAttributeDao.java
        package-info.java
        response
        ServiceValidateFailureJsonView.java
        ServiceValidateSuccessJsonView.java
        TicketValidationJsonResponse.java
        package-info.java
        view
        saml
        NoSamlNamespaceAbstractSaml10ResponseView.java
        Saml10SuccessResponseView.java
        package-info.java
        serviceregistry
        JsonServiceRegistryDao.java
        ReadWriteJsonServiceRegistryDao.java
        RegexRegisteredServiceWithAttributes.java
        RegisteredServiceWithAttributes.java
        RegisteredServiceWithAttributesImpl.java
        RegisteredServicesReloadDisablingBeanFactoryPostProcessor.java
        mongodb
        MongoServiceRegistryDao.java
        package-info.java
        package-info.java
        services
        RegisteredServicesPolicies.java
        authorization
        RegisteredServiceAuthorizer.java
        RoleBasedServiceAuthorizationException.java
        ServiceAuthorizationAction.java
        package-info.java
        internal
        DefaultRegisteredServicesPolicies.java
        package-info.java
        package-info.java
        support
        GuardedBy.java
        Immutable.java
        NotThreadSafe.java
        ResourceChangeDetectingEventNotifier.java
        ThreadSafe.java
        TimingAspectRemovingBeanFactoryPostProcessor.java
        package-info.java
        ticket
        BulkRetrievalOfTicketsNotSupportedException.java
        TicketSupport.java
        expiration
        CompositeTicketGrantingTicketExpirationPolicy.java
        IpAddressBasedExpirationPolicyEvaluator.java
        TicketExpirationPolicyEvaluator.java
        package-info.java
        internal
        DefaultTicketSupport.java
        HostNameBasedUniqueTicketIdGenerator.java
        package-info.java
        package-info.java
        registry
        HazelcastTicketRegistry.java
        package-info.java
        web
        flow
        InMemoryServiceRedirectionByClientIpAddressAdvisor.java
        ServiceAuthorizationCheckWithCustomView.java
        ServiceRedirectionAction.java
        ServiceRedirectionAdvisor.java
        package-info.java
        support
        ServiceInitiatingWebSsoAwareCookieGenerator.java
        SsoDestroyingServiceValidateController.java
        package-info.java
        view
        CasLoginViewSelector.java
        RequestParameterCasLoginViewSelector.java
        package-info.java
  - test
    - java
      - net
        unicon
        cas
        addons
        config
        CasNamespaceAuthenticationManagerWithAcceptUsersHandlerParserTests.java
        CasNamespaceAuthenticationManagerWithBindLdapHandlerParserTests.java
        CasNamespaceEventsRedisRecorderBeanDefinitionParserTests.java
        CasNamespaceHazelcastTicketRegistryParserTests.java
        CasNamespaceParsersTests.java
        CasNamespaceReadWriteJsonServiceRegistryDaoParserTests.java
        ticket
        registry
        HazelcastTicketRegistryTests.java

package net.unicon.cas.addons.ticket.expiration;

import java.util.regex.Pattern;

import javax.servlet.http.HttpServletRequest;

import org.apache.http.conn.util.InetAddressUtils;
import org.jasig.cas.ticket.TicketState;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * An extension of the {@link TicketExpirationPolicyEvaluator} that is able to
 * determine whether the remote address of the incoming request matches a particular IP pattern.
 * The pattern may be specified as regular expression that is compiled and run against the remote address.
 * The retrieval of the remote IP address may be provided via IPv6 or IPv4 syntax.
 * 
 * <p><strong>NOTE:</strong> If you prefer to configure the pattern by IPv4 syntax only,
 * add the <code>-Djava.net.preferIPv4Stack=true</code> flag to your <code>JAVA_OPTS</code>
 * environment variable prior to restarting the container.
 * @author Misagh Moayyed
 * @since 1.9
 * @see CompositeTicketGrantingTicketExpirationPolicy
 */
public class IpAddressBasedExpirationPolicyEvaluator implements TicketExpirationPolicyEvaluator {

    private final Logger logger = LoggerFactory.getLogger(this.getClass());
         
    private Pattern ipAddressPattern;
    
    public IpAddressBasedExpirationPolicyEvaluator(final String ipPattern) {
        this.ipAddressPattern = Pattern.compile(ipPattern);
    }
    
    @Override
    public boolean doesSatisfyTicketExpirationPolicy(final HttpServletRequest request, final TicketState state) {
        final String currentIp = request.getRemoteAddr();
        if (InetAddressUtils.isIPv6Address(currentIp)) {
            logger.debug("Remote IP [{}] is a valid standard (non-compressed) IPv6 address", currentIp);
        } else if (InetAddressUtils.isIPv6HexCompressedAddress(currentIp)) {
            logger.debug("Remote IP [{}] is a valid IPv6 address (including compressed).", currentIp);
        } else if (InetAddressUtils.isIPv6StdAddress(currentIp)) {
            logger.debug("Remote IP [{}] is a valid compressed IPv6 address", currentIp);
        } else if (InetAddressUtils.isIPv4Address(currentIp)) {
            logger.debug("Remote IP [{}] is a valid IPv4 address ", currentIp);
        } else {
            logger.debug("Remote IP [{}] does not match a known IP syntax", currentIp);
        }
        
        return this.ipAddressPattern.matcher(currentIp).find();
    }

}