org.apache.shiro.web.filter.authz

Class HostFilter

java.lang.Object

org.apache.shiro.web.servlet.ServletContextSupport

org.apache.shiro.web.servlet.AbstractFilter

org.apache.shiro.web.servlet.NameableFilter

org.apache.shiro.web.servlet.OncePerRequestFilter

org.apache.shiro.web.servlet.AdviceFilter

org.apache.shiro.web.filter.PathMatchingFilter

org.apache.shiro.web.filter.AccessControlFilter

org.apache.shiro.web.filter.authz.AuthorizationFilter

org.apache.shiro.web.filter.authz.HostFilter

All Implemented Interfaces:

javax.servlet.Filter, org.apache.shiro.util.Nameable, PathConfigProcessor

public class HostFilter
extends AuthorizationFilter

A Filter that can allow or deny access based on the host that sent the request. WARNING: NOT YET FULLY IMPLEMENTED!!! Work in progress.

Since:

1.0

Field Summary

Fields

Modifier and Type	Field and Description
static Pattern	IPV4_PATTERN
static String	IPV4_QUAD_REGEX
static String	IPV4_REGEX
static String	PRIVATE_CLASS_A_REGEX
static String	PRIVATE_CLASS_B_REGEX
static String	PRIVATE_CLASS_B_SUBSET
static String	PRIVATE_CLASS_C_REGEX

Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter

DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD

Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter

appliedPaths, pathMatcher

Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter

filterConfig

Constructor Summary

Constructors

Constructor and Description
HostFilter()

Method Summary

Modifier and Type	Method and Description
protected boolean	isAccessAllowed(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, Object mappedValue) Returns true if the request is allowed to proceed through the filter normally, or false if the request should be handled by the onAccessDenied(request,response,mappedValue) method instead.
protected boolean	isIpv4Candidate(String host)
void	setAuthorizedHosts(String authorizedHosts)
void	setDeniedHosts(String deniedHosts)

Methods inherited from class org.apache.shiro.web.filter.authz.AuthorizationFilter

getUnauthorizedUrl, onAccessDenied, setUnauthorizedUrl

Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter

getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl

Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter

getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig

Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter

afterCompletion, cleanup, doFilterInternal, executeChain, postHandle

Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter

Methods inherited from class org.apache.shiro.web.servlet.NameableFilter

getName, setName, toStringBuilder

Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter

destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig

Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport

getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

IPV4_QUAD_REGEX

public static final String IPV4_QUAD_REGEX

See Also:

Constant Field Values

IPV4_REGEX

public static final String IPV4_REGEX

See Also:

Constant Field Values

IPV4_PATTERN

public static final Pattern IPV4_PATTERN

PRIVATE_CLASS_B_SUBSET

public static final String PRIVATE_CLASS_B_SUBSET

See Also:

Constant Field Values

PRIVATE_CLASS_A_REGEX

public static final String PRIVATE_CLASS_A_REGEX

See Also:

Constant Field Values

PRIVATE_CLASS_B_REGEX

public static final String PRIVATE_CLASS_B_REGEX

See Also:

Constant Field Values

PRIVATE_CLASS_C_REGEX

public static final String PRIVATE_CLASS_C_REGEX

See Also:

Constant Field Values

Constructor Detail

HostFilter

public HostFilter()

Method Detail

setAuthorizedHosts

public void setAuthorizedHosts(String authorizedHosts)

setDeniedHosts

public void setDeniedHosts(String deniedHosts)

isIpv4Candidate

protected boolean isIpv4Candidate(String host)

isAccessAllowed

protected boolean isAccessAllowed(javax.servlet.ServletRequest request,
                                  javax.servlet.ServletResponse response,
                                  Object mappedValue)
                           throws Exception

Description copied from class: AccessControlFilter

Returns true if the request is allowed to proceed through the filter normally, or false if the request should be handled by the onAccessDenied(request,response,mappedValue) method instead.

Specified by:

isAccessAllowed in class AccessControlFilter

Parameters:

request - the incoming ServletRequest

response - the outgoing ServletResponse

mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.

Returns:

true if the request should proceed through the filter normally, false if the request should be processed by this filter's AccessControlFilter.onAccessDenied(ServletRequest,ServletResponse,Object) method instead.

Throws:

Exception - if an error occurs during processing.