| java.lang.Object com.caucho.server.security.AbstractConstraint com.caucho.server.security.IPConstraint
IPConstraint | public class IPConstraint extends AbstractConstraint (Code) | | Allow or deny requests based on the ip address of the client.
<security-constraint>
<ip-constraint>
<allow>192.168.17.0/24</allow>
</ip-constraint>
<web-resource-collection>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<ip-constraint>
<deny>205.11.12.3</deny>
<deny>213.43.62.45</deny>
<deny>123.4.45.6</deny>
<deny>233.15.25.35</deny>
<deny>233.14.87.12</deny>
</ip-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
</security-constraint>
|
IPConstraint | public IPConstraint()(Code) | | |
addAllow | public void addAllow(String network)(Code) | | Add an ip network to allow. If allow is never used, (only deny is used),
then all are allowed except those in deny.
|
addDeny | public void addDeny(String network)(Code) | | Add an ip network to deny.
|
addText | public void addText(String network)(Code) | | backwards compatibility, same as addAllow()
|
copyInto | void copyInto(IPConstraint target)(Code) | | backwards compatibility, used by SecurityConstraint.addIPConstraint()
|
getCacheSize | public int getCacheSize()(Code) | | Size of the cache used to hold whether or not to allow a certain IP
address.
|
getErrorCode | public int getErrorCode()(Code) | | The error code to send with response.sendError, default is 403.
|
getErrorMessage | public String getErrorMessage()(Code) | | The error message to send with response.sendError, default is
"Forbidden IP Address"
|
init | public void init() throws ConfigException(Code) | | |
isOldStyle | boolean isOldStyle()(Code) | | backwards compatibility, used by SecurityConstraint.addIPConstraint()
|
setCacheSize | public void setCacheSize(int cacheSize)(Code) | | Size of the cache used to hold whether or not to allow a certain IP
address, default is 256. The first time a request is received from an ip,
the allow and deny rules are checked to determine if the ip is allowed.
The result of this check is cached in a an LRU cache. Subsequent requests
can do a cache lookup based on the ip instead of checking the rules. This
is especially important if there are a large number of allow and/or deny
rules, and to protect against denial of service attacks.
|
setErrorCode | public void setErrorCode(int errorCode)(Code) | | The error code to send with response.sendError, default is 403.
|
setErrorMessage | public void setErrorMessage(String errorMessage)(Code) | | The error message to send with response.sendError, default is
"Forbidden IP Address"
|
|
|