Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

fr.xebia.servlet.filter
Class SecuredRemoteAddressFilter

java.lang.Object
  extended by fr.xebia.servlet.filter.SecuredRemoteAddressFilter
All Implemented Interfaces:
javax.servlet.Filter
public class SecuredRemoteAddressFilter
extends Object
implements javax.servlet.Filter

Sets RequestFacade#isSecure() to true if ServletRequest.getRemoteAddr() matches one of the securedRemoteAddresses of this filter.

This filter is often preceded by the XForwardedFilter to get the remote address of the client even if the request goes through load balancers (e.g. F5 Big IP, Nortel Alteon) or proxies (e.g. Apache mod_proxy_http)

Configuration parameters:

XForwardedFilter property Description Format Default value
securedRemoteAddresses IP addresses for which ServletRequest.isSecure() must return true Comma delimited list of regular expressions (in the syntax supported by the Pattern library) Class A, B and C private network IP address blocks : 10\.\d{1,3}\.\d{1,3}\.\d{1,3}, 192\.168\.\d{1,3}\.\d{1,3}, 172\\.(?:1[6-9]|2\\d|3[0-1]).\\d{1,3}.\\d{1,3}, 169\.254\.\d{1,3}\.\d{1,3}, 127\.\d{1,3}\.\d{1,3}\.\d{1,3}
Note : the default configuration is can usually be used as internal servers are often trusted.

Sample with secured remote addresses limited to 192.168.0.10 and 192.168.0.11

SecuredRemoteAddressFilter configuration sample : 

 <filter>
    <filter-name>SecuredRemoteAddressFilter</filter-name>
    <filter-class>fr.xebia.servlet.filter.SecuredRemoteAddressFilter</filter-class>
    <init-param>
       <param-name>securedRemoteAddresses</param-name><param-value>192\.168\.0\.10, 192\.168\.0\.11</param-value>
    </init-param>
 </filter>
 
 <filter-mapping>
    <filter-name>SecuredRemoteAddressFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
 </filter-mapping>

A request with ServletRequest.getRemoteAddr() = 192.168.0.10 or 192.168.0.11 will be seen as ServletRequest.isSecure() == true even if ServletRequest.getScheme() == "http".

Author:
Cyrille Le Clerc

Field Summary
protected static String SECURED_REMOTE_ADDRESSES_PARAMETER
           
 
Constructor Summary
SecuredRemoteAddressFilter()
           
 
Method Summary
protected static Pattern[] commaDelimitedListToPatternArray(String commaDelimitedPatterns)
          Convert a given comma delimited list of regular expressions into an array of compiled Pattern
protected static String[] commaDelimitedListToStringArray(String commaDelimitedStrings)
          Convert a given comma delimited list of regular expressions into an array of String
 void destroy()
          Nothing to do.
 void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
          If incoming remote address matches one of the declared IP pattern, wraps the incoming HttpServletRequest to override ServletRequest.isSecure() to set it to true.
 void init(javax.servlet.FilterConfig filterConfig)
          Compile the secured remote addresses patterns.
protected static boolean matchesOne(String str, Pattern... patterns)
          Return true if the given str matches at least one of the given patterns.
 void setSecuredRemoteAdresses(String comaDelimitedSecuredRemoteAddresses)
           Comma delimited list of secured remote addresses.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

SECURED_REMOTE_ADDRESSES_PARAMETER

protected static final String SECURED_REMOTE_ADDRESSES_PARAMETER
See Also:
Constant Field Values
Constructor Detail

SecuredRemoteAddressFilter

public SecuredRemoteAddressFilter()
Method Detail

commaDelimitedListToPatternArray

protected static Pattern[] commaDelimitedListToPatternArray(String commaDelimitedPatterns)
Convert a given comma delimited list of regular expressions into an array of compiled Pattern

commaDelimitedListToStringArray

protected static String[] commaDelimitedListToStringArray(String commaDelimitedStrings)
Convert a given comma delimited list of regular expressions into an array of String

matchesOne

protected static boolean matchesOne(String str,
                                    Pattern... patterns)
Return true if the given str matches at least one of the given patterns.

destroy

public void destroy()
Nothing to do. No resource to release.

Specified by:
destroy in interface javax.servlet.Filter

doFilter

public void doFilter(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException
If incoming remote address matches one of the declared IP pattern, wraps the incoming HttpServletRequest to override ServletRequest.isSecure() to set it to true.

Specified by:
doFilter in interface javax.servlet.Filter
Throws:
IOException
javax.servlet.ServletException

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException
Compile the secured remote addresses patterns.

Specified by:
init in interface javax.servlet.Filter
Throws:
javax.servlet.ServletException

setSecuredRemoteAdresses

public void setSecuredRemoteAdresses(String comaDelimitedSecuredRemoteAddresses)

Comma delimited list of secured remote addresses. Expressed with regular expressions.

Default value : 10\.\d{1,3}\.\d{1,3}\.\d{1,3}, 192\.168\.\d{1,3}\.\d{1,3}, 172\\.(?:1[6-9]|2\\d|3[0-1]).\\d{1,3}.\\d{1,3}, 169\.254\.\d{1,3}\.\d{1,3}, 127\.\d{1,3}\.\d{1,3}\.\d{1,3}

Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2012. All Rights Reserved.