All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.aspectran.web.servlet.SpecificIPAllowedWebActivityServlet Maven / Gradle / Ivy

There is a newer version: 8.1.5
Show newest version
/*
 * Copyright (c) 2008-2024 The Aspectran Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.aspectran.web.servlet;

import com.aspectran.utils.annotation.jsr305.NonNull;
import com.aspectran.utils.logging.Logger;
import com.aspectran.utils.logging.LoggerFactory;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;

import java.io.IOException;
import java.io.Serial;
import java.util.HashSet;
import java.util.Set;
import java.util.StringTokenizer;

/**
 * The Class SpecificIPAllowedWebActivityServlet.
 */
public class SpecificIPAllowedWebActivityServlet extends WebActivityServlet {

    @Serial
    private static final long serialVersionUID = -2369788867122156319L;

    private static final Logger logger = LoggerFactory.getLogger(SpecificIPAllowedWebActivityServlet.class);

    private static final String DELIMITERS = " ,;\t\r\n\f";

    private Set allowedAddresses;

    /**
     * Instantiates a new SpecificIPAllowedWebActivityServlet.
     */
    public SpecificIPAllowedWebActivityServlet() {
        super();
    }

    @Override
    public void init() throws ServletException {
        String addresses = getServletConfig().getInitParameter("allowedAddresses");
        if (addresses != null) {
            allowedAddresses = new HashSet<>();
            StringTokenizer st = new StringTokenizer(addresses, DELIMITERS);
            while (st.hasMoreTokens()) {
                String token = st.nextToken();
                allowedAddresses.add(token);
            }
        }

        super.init();
    }

    @Override
    public void service(@NonNull HttpServletRequest req, @NonNull HttpServletResponse res) throws IOException {
        String remoteAddr = req.getRemoteAddr();
        if (!isAllowedAddress(remoteAddr)) {
            if (logger.isDebugEnabled()) {
                logger.debug("Access Denied: " + remoteAddr);
            }
            res.sendError(HttpServletResponse.SC_FORBIDDEN);
            return;
        }

        super.service(req, res);
    }

    /**
     * Returns whether IP address is valid.
     * @param ipAddress the IP address
     * @return true if IP address is a valid; false otherwise
     */
    private boolean isAllowedAddress(@NonNull String ipAddress) {
        if (allowedAddresses == null) {
            return false;
        }

        // IPv4
        int offset = ipAddress.lastIndexOf('.');
        if (offset == -1) {
            // IPv6
            offset = ipAddress.lastIndexOf(':');
            if (offset == -1) {
                return false;
            }
        }

        String ipAddressClass = ipAddress.substring(0, offset + 1) + '*';
        return (allowedAddresses.contains(ipAddressClass) || allowedAddresses.contains(ipAddress));
    }

}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy