FirewallIpFilteringRule.java

/**
 * Copyright 2005-2014 Restlet
 * 
 * The contents of this file are subject to the terms of one of the following
 * open source licenses: Apache 2.0 or or EPL 1.0 (the "Licenses"). You can
 * select the license that you prefer but you may not use this file except in
 * compliance with one of these Licenses.
 * 
 * You can obtain a copy of the Apache 2.0 license at
 * http://www.opensource.org/licenses/apache-2.0
 * 
 * You can obtain a copy of the EPL 1.0 license at
 * http://www.opensource.org/licenses/eclipse-1.0
 * 
 * See the Licenses for the specific language governing permissions and
 * limitations under the Licenses.
 * 
 * Alternatively, you can obtain a royalty free commercial license with less
 * limitations, transferable or non-transferable, directly at
 * http://restlet.com/products/restlet-framework
 * 
 * Restlet is a registered trademark of Restlet S.A.S.
 */

package org.restlet.ext.apispark.internal.firewall.rule;

import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import java.util.logging.Level;

import org.restlet.Context;
import org.restlet.Request;
import org.restlet.Response;
import org.restlet.data.Status;
import org.restlet.routing.Filter;

/**
 * Filters requests by testing the presence of the user IP address from a white
 * list or a black list.
 * 
 * @author Manuel Boillod
 */
public class FirewallIpFilteringRule extends FirewallRule {

    private Set<String> filteredAddresses;

    private boolean whiteList;

    public FirewallIpFilteringRule() {

    }

    public FirewallIpFilteringRule(Collection<String> filteredAddresses,
            boolean whiteList) {
        this.filteredAddresses = new HashSet<>(filteredAddresses);
        this.whiteList = whiteList;
    }

    /**
     * Filters the request on the user IP address.
     * 
     * @param request
     *            The request to handle.
     * @param response
     *            The response to update.
     * @return The continuation status.
     */
    public int beforeHandle(Request request, Response response) {
        String address = request.getClientInfo().getUpstreamAddress();

        if (filteredAddresses.contains(address)) {
            if (!whiteList) {
                Context.getCurrentLogger().log(
                        Level.FINE,
                        "The current request has been blocked because \""
                                + address + "\" is in the black list.");

                response.setStatus(Status.CLIENT_ERROR_FORBIDDEN);
                return Filter.STOP;
            }
        } else {
            if (whiteList) {
                Context.getCurrentLogger().log(
                        Level.FINE,
                        "The current request has been blocked because \""
                                + address + "\" is not in the white list.");

                response.setStatus(Status.CLIENT_ERROR_FORBIDDEN);
                return Filter.STOP;
            }
        }
        return Filter.CONTINUE;
    }

    public Set<String> getFilteredAddresses() {
        return filteredAddresses;
    }

    public boolean isWhiteList() {
        return whiteList;
    }

    public void setFilteredAddresses(Set<String> filteredAddresses) {
        this.filteredAddresses = filteredAddresses;
    }

    public void setWhiteList(boolean whiteList) {
        this.whiteList = whiteList;
    }
}