org.apache.shiro.web.filter.authz
Class HostFilter

java.lang.Object
  extended by org.apache.shiro.web.servlet.ServletContextSupport
      extended by org.apache.shiro.web.servlet.AbstractFilter
          extended by org.apache.shiro.web.servlet.NameableFilter
              extended by org.apache.shiro.web.servlet.OncePerRequestFilter
                  extended by org.apache.shiro.web.servlet.AdviceFilter
                      extended by org.apache.shiro.web.filter.PathMatchingFilter
                          extended by org.apache.shiro.web.filter.AccessControlFilter
                              extended by org.apache.shiro.web.filter.authz.AuthorizationFilter
                                  extended by org.apache.shiro.web.filter.authz.HostFilter
All Implemented Interfaces:
Filter, Nameable, PathConfigProcessor

public class HostFilter
extends AuthorizationFilter

A Filter that can allow or deny access based on the host that sent the request. WARNING: NOT YET FULLY IMPLEMENTED!!! Work in progress.

Since:
1.0

Field Summary
static Pattern IPV4_PATTERN
           
static String IPV4_QUAD_REGEX
           
static String IPV4_REGEX
           
static String PRIVATE_CLASS_A_REGEX
           
static String PRIVATE_CLASS_B_REGEX
           
static String PRIVATE_CLASS_B_SUBSET
           
static String PRIVATE_CLASS_C_REGEX
           
 
Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter
DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD
 
Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
appliedPaths, pathMatcher
 
Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
 
Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
filterConfig
 
Constructor Summary
HostFilter()
           
 
Method Summary
protected  boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
          Returns true if the request is allowed to proceed through the filter normally, or false if the request should be handled by the onAccessDenied(request,response,mappedValue) method instead.
protected  boolean isIpv4Candidate(String host)
           
 void setAuthorizedHosts(String authorizedHosts)
           
 void setDeniedHosts(String deniedHosts)
           
 
Methods inherited from class org.apache.shiro.web.filter.authz.AuthorizationFilter
getUnauthorizedUrl, onAccessDenied, setUnauthorizedUrl
 
Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter
getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl
 
Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig
 
Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle
 
Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter
 
Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder
 
Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
 
Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

IPV4_QUAD_REGEX

public static final String IPV4_QUAD_REGEX
See Also:
Constant Field Values

IPV4_REGEX

public static final String IPV4_REGEX
See Also:
Constant Field Values

IPV4_PATTERN

public static final Pattern IPV4_PATTERN

PRIVATE_CLASS_B_SUBSET

public static final String PRIVATE_CLASS_B_SUBSET
See Also:
Constant Field Values

PRIVATE_CLASS_A_REGEX

public static final String PRIVATE_CLASS_A_REGEX
See Also:
Constant Field Values

PRIVATE_CLASS_B_REGEX

public static final String PRIVATE_CLASS_B_REGEX
See Also:
Constant Field Values

PRIVATE_CLASS_C_REGEX

public static final String PRIVATE_CLASS_C_REGEX
See Also:
Constant Field Values
Constructor Detail

HostFilter

public HostFilter()
Method Detail

setAuthorizedHosts

public void setAuthorizedHosts(String authorizedHosts)

setDeniedHosts

public void setDeniedHosts(String deniedHosts)

isIpv4Candidate

protected boolean isIpv4Candidate(String host)

isAccessAllowed

protected boolean isAccessAllowed(ServletRequest request,
                                  ServletResponse response,
                                  Object mappedValue)
                           throws Exception
Description copied from class: AccessControlFilter
Returns true if the request is allowed to proceed through the filter normally, or false if the request should be handled by the onAccessDenied(request,response,mappedValue) method instead.

Specified by:
isAccessAllowed in class AccessControlFilter
Parameters:
request - the incoming ServletRequest
response - the outgoing ServletResponse
mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.
Returns:
true if the request should proceed through the filter normally, false if the request should be processed by this filter's AccessControlFilter.onAccessDenied(ServletRequest,ServletResponse,Object) method instead.
Throws:
Exception - if an error occurs during processing.


Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.