|
WebLogic Server 6.0 Code Examples, BEA Systems, Inc. | |||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--examples.security.net.SimpleConnectionFilter
Simple rules-based connection filter example. This example reads in a set of rules from a file and bases its filtering decisions on these rules.
Syntax of the rule file is as follows: each rule is written on a single line. Tokens in a rule are separated by white space. "#" is the comment character; everything after it on a line is ignored. Whitespace before or after a rule is ignored. Lines consisting solely of whitespace or comments are skipped.
All rules follow this form:
target action protocolswhere target is a specification of one or more hosts to filter, action is the action to perform (and must be either allow or deny), and protocols is the list of protocol names to match (must be one of http, https, t3, t3s, giop, or giops; if no protocols are listed, all protocols will match a rule).
This example recognizes two kinds of rule:
dialup-650-555-1212.pa.example.net deny t3 t3s # http and https OK 192.168.81.0/255.255.254.0 allow # 23-bit netmask 192.168.0.0/16 deny # like /255.255.0.0Hostnames for fast rules are looked up once, at server startup time. While this greatly reduces connect-time overhead, it can result in the filter having an out-of-date idea of what addresses correspond to a hostname. For maximal comfort of mind, use numeric IP addresses instead.
.script-kiddiez.org denyThe "*" only matches at the head of a pattern. If you specify one anywhere else, it will be treated as part of the pattern (and so that pattern will never match anything, since "*" is not a legal part of a domain name).
If you want to "lock down" your server and only allow connections from certain addresses, you can specify 0.0.0.0/0 deny as your last rule.
Note: This example does not take full advantage of the information provided by the connection filter. Further expansion is left as an exercise for the reader. It assumes IPv4 addresses, but it should be easy to convert it to use IPv6 addresses, if necessary.
Field Summary | |
static java.lang.String |
FILTER_FILE
The name of the filter rule file. |
Constructor Summary | |
SimpleConnectionFilter()
Constructs a new connection filter. |
|
SimpleConnectionFilter(java.io.InputStream is)
Constructs a new connection filter. |
Method Summary | |
void |
accept(weblogic.security.net.ConnectionEvent evt)
Filters a client connection event. |
(package private) static int |
addressToInt(java.net.InetAddress addr)
Turns an address object into a single IPv4 address. |
static void |
main(java.lang.String[] args)
Simple test harness. |
protected static boolean |
parseAction(java.lang.String whatever)
Parses an action and returns its meaning. |
protected static int[] |
parseAddresses(java.lang.String str)
Given a string, returns an array of IPv4 addresses corresponding to that string as a host. |
protected void |
parseLine(java.lang.String line,
java.util.Vector entries)
Parses an individual line of the rule file. |
protected static int |
parseNetmask(java.lang.String maskStr)
Returns an IPv4 netmask, as derived from a spec string. |
protected static int |
parseProtocols(java.util.StringTokenizer toks)
Parses a list of protocols and returns a bitmask that will let us match a protocol quickly at connect time. |
Methods inherited from class java.lang.Object |
|
Field Detail |
public static final java.lang.String FILTER_FILE
Constructor Detail |
public SimpleConnectionFilter() throws java.io.IOException
java.io.IOException
- a problem occurred while reading the rule
fileFILTER_FILE
public SimpleConnectionFilter(java.io.InputStream is) throws java.io.IOException
is
- stream to read fromjava.io.IOException
- a problem occurred while reading the rule
fileMethod Detail |
public void accept(weblogic.security.net.ConnectionEvent evt) throws weblogic.security.net.FilterException
accept
in interface weblogic.security.net.ConnectionFilter
evt
- the connection eventweblogic.security.net.FilterException
- the connection should be rejected by
the serverstatic final int addressToInt(java.net.InetAddress addr)
public static void main(java.lang.String[] args) throws java.lang.Exception
protected static final boolean parseAction(java.lang.String whatever) throws java.io.IOException
whatever
- the action stringprotected static final int[] parseAddresses(java.lang.String str) throws java.io.IOException
str
- hostname or IPv4 address in string formprotected void parseLine(java.lang.String line, java.util.Vector entries) throws java.io.IOException, java.lang.IllegalArgumentException
line
- the line to parse (guaranteed not to contain
comments, surrounding whitespace, or be empty)entries
- the running list of rulesprotected static final int parseNetmask(java.lang.String maskStr) throws java.io.IOException
maskStr
- mask spec stringprotected static final int parseProtocols(java.util.StringTokenizer toks) throws weblogic.security.net.FilterException
|
Documentation is available at http://e-docs.bea.com/wls/docs60 |
|||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |