001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 */ 019package org.apache.shiro.web.filter.authz; 020 021import org.apache.shiro.util.StringUtils; 022 023import javax.servlet.ServletRequest; 024import javax.servlet.ServletResponse; 025import java.util.regex.Pattern; 026import java.util.Map; 027 028/** 029 * A Filter that can allow or deny access based on the host that sent the request. 030 * 031 * <b>WARNING:</b> NOT YET FULLY IMPLEMENTED!!! Work in progress. 032 * 033 * @since 1.0 034 */ 035public class HostFilter extends AuthorizationFilter { 036 037 public static final String IPV4_QUAD_REGEX = "(?:[0-9]|[1-9][0-9]|1[0-9][0-9]|2(?:[0-4][0-9]|5[0-5]))"; 038 039 public static final String IPV4_REGEX = "(?:" + IPV4_QUAD_REGEX + "\\.){3}" + IPV4_QUAD_REGEX + "$"; 040 public static final Pattern IPV4_PATTERN = Pattern.compile(IPV4_REGEX); 041 042 public static final String PRIVATE_CLASS_B_SUBSET = "(?:1[6-9]|2[0-9]|3[0-1])"; 043 044 public static final String PRIVATE_CLASS_A_REGEX = "10\\.(?:" + IPV4_QUAD_REGEX + "\\.){2}" + IPV4_QUAD_REGEX + "$"; 045 046 public static final String PRIVATE_CLASS_B_REGEX = 047 "172\\." + PRIVATE_CLASS_B_SUBSET + "\\." + IPV4_QUAD_REGEX + "\\." + IPV4_QUAD_REGEX + "$"; 048 049 public static final String PRIVATE_CLASS_C_REGEX = "192\\.168\\." + IPV4_QUAD_REGEX + "\\." + IPV4_QUAD_REGEX + "$"; 050 051 Map<String, String> authorizedIps; //user-configured IP (which can be wildcarded) to constructed regex mapping 052 Map<String, String> deniedIps; 053 Map<String, String> authorizedHostnames; 054 Map<String, String> deniedHostnames; 055 056 057 public void setAuthorizedHosts(String authorizedHosts) { 058 if (!StringUtils.hasText(authorizedHosts)) { 059 throw new IllegalArgumentException("authorizedHosts argument cannot be null or empty."); 060 } 061 String[] hosts = StringUtils.tokenizeToStringArray(authorizedHosts, ", \t"); 062 063 for (String host : hosts) { 064 //replace any periods with \\. to ensure the regex works: 065 String periodsReplaced = host.replace(".", "\\."); 066 //check for IPv4: 067 String wildcardsReplaced = periodsReplaced.replace("*", IPV4_QUAD_REGEX); 068 069 if (IPV4_PATTERN.matcher(wildcardsReplaced).matches()) { 070 authorizedIps.put(host, wildcardsReplaced); 071 } else { 072 073 } 074 075 076 } 077 078 } 079 080 public void setDeniedHosts(String deniedHosts) { 081 if (!StringUtils.hasText(deniedHosts)) { 082 throw new IllegalArgumentException("deniedHosts argument cannot be null or empty."); 083 } 084 } 085 086 protected boolean isIpv4Candidate(String host) { 087 String[] quads = StringUtils.tokenizeToStringArray(host, "."); 088 if (quads == null || quads.length != 4) { 089 return false; 090 } 091 for (String quad : quads) { 092 if (!quad.equals("*")) { 093 try { 094 Integer.parseInt(quad); 095 } catch (NumberFormatException nfe) { 096 return false; 097 } 098 } 099 } 100 return true; 101 } 102 103 protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { 104 throw new UnsupportedOperationException("Not yet fully implemented!!!" ); 105 } 106}