1 /*--
2 Copyright (C) 2005 Tim Solley.
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions
7 are met:
8
9 1. Redistributions of source code must retain the above copyright
10 notice, this list of conditions, and the following disclaimer.
11
12 2. Redistributions in binary form must reproduce the above copyright
13 notice, this list of conditions, and the disclaimer that follows
14 these conditions in the documentation and/or other materials
15 provided with the distribution.
16
17 3. The name "Deadbolt" may be used to endorse or promote products
18 derived from this software without prior written permission.
19
20 4. Products derived from this software may not be called "Deadbolt", nor
21 may "Deadbolt" appear in their name, without prior written permission
22 from the Deadbolt Project Management timsolley@yahoo.com.
23
24 In addition, we request (but do not require) that you include in the
25 end-user documentation provided with the redistribution and/or in the
26 software itself an acknowledgement equivalent to the following:
27 "This product includes software developed by the
28 Deadbolt Project (http://deadbolt.sourceforge.net/)."
29 Alternatively, the acknowledgment may be graphical using the logos
30 available at http://deadbolt.sourceforge.net.
31
32 THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
33 WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
34 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
35 DISCLAIMED. IN NO EVENT SHALL THE DEADBOLT AUTHORS OR THE PROJECT
36 CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
37 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
38 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
39 USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
40 ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
41 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
42 OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43 SUCH DAMAGE.
44
45 This software consists of voluntary contributions made by many
46 individuals on behalf of the Deadbolt Project and was originally
47 created by Tim Solley timsolley@yahoo.com. For more information
48 on the Deadbolt Project, please see <http://deadbolt.sourceforge.net/>.
49 */
50 package net.sf.deadbolt.handlers;
51
52 import java.util.Arrays;
53 import java.util.List;
54
55 import javax.servlet.http.HttpServletRequest;
56 import javax.servlet.http.HttpServletResponse;
57
58 import net.sf.deadbolt.model.Room;
59
60 import org.apache.log4j.Logger;
61
62 /***
63 * This class is used to restrict or allow access to resources based on the user's
64 * IP address.
65 *
66 * @author Tim Solley <timsolley@yahoo.com>
67 */
68 public class IPFilterHandler extends DeadboltHandler {
69 private static Logger logger = Logger.getLogger(IPFilterHandler.class.getName());
70
71 /***
72 * This is the standard Deadbolt authenticate method. It will reject or allow
73 * access to resources based on what parameter and addresses are specified in
74 * the Deadbolt descriptor.
75 */
76 public boolean authenticate(HttpServletRequest request,
77 HttpServletResponse response, Room room) {
78 logger.debug("ENTERING: authenticate");
79
80 // Get the IP address of the client
81 String remoteAddress = request.getRemoteAddr();
82 logger.debug("Remote IP address: " + remoteAddress);
83
84 // Get the host name of of the client
85 String remoteHost = request.getRemoteHost();
86 logger.debug("Remote host: " + remoteAddress);
87
88 // Check for the existence of both params, and let the developer know
89 // that only one should be used
90 if(room.initParamExists("EXCLUDED-LIST") && room.initParamExists("INCLUDED-LIST")) {
91 logger.warn("Either EXCLUDED-LIST or INCLUDED-LIST should be specified, not both. Deadbolt will default to using the EXCLUDED-LIST only.");
92 }
93
94 // Get the list of excluded addresses
95 if(room.initParamExists("EXCLUDED-LIST")) {
96 logger.debug("EXCLUDED-LIST was specified.");
97 String excludedAddressesParam = room.getInitParam("EXCLUDED-LIST");
98 List excludedAddresses;
99 String[] excludedAddressesArray = excludedAddressesParam.split(",");
100 for(int i = 0; i < excludedAddressesArray.length; i++) {
101 excludedAddressesArray[i] = excludedAddressesArray[i].trim();
102 }
103 excludedAddresses = Arrays.asList(excludedAddressesArray);
104
105 if(excludedAddresses.contains(remoteAddress) | excludedAddresses.contains(remoteHost)) {
106 logger.debug("The address is in the excluded list. Return false.");
107 addErrorKey(request, "ip.filter.handler.restricted");
108 return false;
109 } else {
110 logger.debug("The address is not in the excluded list. Return true.");
111 return true;
112 }
113 }
114
115 // Get the list of included addresses
116 if(room.initParamExists("INCLUDED-LIST")) {
117 logger.debug("INCLUDED-LIST was specified.");
118 String includedAddressesParam = room.getInitParam("INCLUDED-LIST");
119 List includedAddresses;
120 String[] includedAddressesArray = includedAddressesParam.split(",");
121 for(int i = 0; i < includedAddressesArray.length; i++) {
122 includedAddressesArray[i] = includedAddressesArray[i].trim();
123 }
124 includedAddresses = Arrays.asList(includedAddressesArray);
125
126 if(includedAddresses.contains(remoteAddress) | includedAddresses.contains(remoteHost)) {
127 logger.debug("The address is in the included list. Return true.");
128 return true;
129 } else {
130 logger.debug("The address is not in the included list. Return false.");
131 addErrorKey(request, "ip.filter.handler.restricted");
132 return false;
133 }
134 }
135
136 logger.debug("EXITING: authenticate");
137 return false;
138 }
139
140 }