List of usage examples for io.netty.handler.ipfilter IpFilterRuleType ACCEPT
IpFilterRuleType ACCEPT
To view the source code for io.netty.handler.ipfilter IpFilterRuleType ACCEPT.
Click Source Link
From source file:org.curioswitch.common.server.framework.filter.IpFilteringService.java
License:Open Source License
private static List<IpFilterRule> parseRules(List<String> ipRules) { return ipRules.stream().map(rule -> { List<String> parts = RULE_SPLITTER.splitToList(rule); // TODO(choko): Add better validation. checkArgument(parts.size() == 2, "invalid rule: {}", rule); return new IpSubnetFilterRule(parts.get(0), Integer.parseInt(parts.get(1)), IpFilterRuleType.ACCEPT); }).collect(toImmutableList());//from w w w .jav a 2 s . c o m }
From source file:org.elasticsearch.xpack.security.transport.filter.IPFilter.java
License:Open Source License
public boolean accept(String profile, InetSocketAddress peerAddress) { if (licenseState.isSecurityEnabled() == false || licenseState.isIpFilteringAllowed() == false) { return true; }/*from www. j a va2 s . c o m*/ if (!rules.containsKey(profile)) { // FIXME we need to audit here return true; } for (SecurityIpFilterRule rule : rules.get(profile)) { if (rule.matches(peerAddress)) { boolean isAllowed = rule.ruleType() == IpFilterRuleType.ACCEPT; if (isAllowed) { auditTrail.connectionGranted(peerAddress.getAddress(), profile, rule); } else { auditTrail.connectionDenied(peerAddress.getAddress(), profile, rule); } return isAllowed; } } auditTrail.connectionGranted(peerAddress.getAddress(), profile, DEFAULT_PROFILE_ACCEPT_ALL); return true; }
From source file:org.elasticsearch.xpack.security.transport.filter.PatternRuleTests.java
License:Open Source License
public void testSingleLocalHostRule() throws UnknownHostException { PatternRule rule = new PatternRule(IpFilterRuleType.ACCEPT, "n:localhost"); assertTrue(rule.isLocalhost());//w w w .j ava 2s . c o m assertTrue(rule.matches(new InetSocketAddress(getLocalHost(), 0))); assertEquals(IpFilterRuleType.ACCEPT, rule.ruleType()); }
From source file:org.elasticsearch.xpack.security.transport.filter.PatternRuleTests.java
License:Open Source License
public void testMultiRules() throws UnknownHostException { PatternRule rule = new PatternRule(IpFilterRuleType.ACCEPT, "n:localhost,i:127.0.0.1,i:192.168.9.*"); assertTrue(rule.isLocalhost());/*from w w w . j a v a2 s. c o m*/ assertTrue(rule.matches(new InetSocketAddress(getLocalHost(), 0))); assertTrue(rule.matches(new InetSocketAddress(InetAddress.getByName("192.168.9.1"), 0))); assertTrue(rule.matches(new InetSocketAddress(InetAddress.getByName("127.0.0.1"), 0))); assertFalse(rule.matches(new InetSocketAddress(InetAddress.getByName("192.168.11.1"), 0))); assertEquals(IpFilterRuleType.ACCEPT, rule.ruleType()); }
From source file:org.elasticsearch.xpack.security.transport.filter.PatternRuleTests.java
License:Open Source License
public void testAll() throws UnknownHostException { PatternRule rule = new PatternRule(IpFilterRuleType.ACCEPT, "n:*"); assertFalse(rule.isLocalhost());// w w w .j ava 2 s . c om assertTrue(rule.matches(new InetSocketAddress(getLocalHost(), 0))); assertTrue(rule.matches(new InetSocketAddress(InetAddress.getByName("192.168.9.1"), 0))); assertTrue(rule.matches(new InetSocketAddress(InetAddress.getByName("127.0.0.1"), 0))); assertTrue(rule.matches(new InetSocketAddress(InetAddress.getByName("192.168.11.1"), 0))); assertEquals(IpFilterRuleType.ACCEPT, rule.ruleType()); }
From source file:org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule.java
License:Open Source License
@Override public String toString() { StringBuilder builder = new StringBuilder(); if (ruleType() == IpFilterRuleType.ACCEPT) { builder.append("allow "); } else {//from w w w. j a v a2s . co m builder.append("deny "); } builder.append(ruleSpec); return builder.toString(); }
From source file:org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule.java
License:Open Source License
static IpFilterRule getRule(boolean isAllowRule, String value) { IpFilterRuleType filterRuleType = isAllowRule ? IpFilterRuleType.ACCEPT : IpFilterRuleType.REJECT; String[] values = value.split(","); if (Arrays.stream(values).anyMatch("_all"::equals)) { // all rule was found. It should be the only rule! if (values.length != 1) { throw new IllegalArgumentException("rules that specify _all may not have other values!"); }//from w ww. j a va 2s . com return isAllowRule ? ACCEPT_ALL : DENY_ALL; } if (value.contains("/")) { // subnet rule... if (values.length != 1) { throw new IllegalArgumentException("multiple subnet filters cannot be specified in a single rule!"); } try { Tuple<InetAddress, Integer> inetAddressIntegerTuple = parseSubnetMask(value); return new IpSubnetFilterRule(inetAddressIntegerTuple.v1(), inetAddressIntegerTuple.v2(), filterRuleType); } catch (UnknownHostException e) { String ruleType = (isAllowRule ? "allow " : "deny "); throw new ElasticsearchException( "unable to create ip filter for rule [" + ruleType + " " + value + "]", e); } } else { // pattern rule - not netmask StringJoiner rules = new StringJoiner(","); for (String pattern : values) { if (InetAddresses.isInetAddress(pattern)) { // we want the inet addresses to be normalized especially in the IPv6 case where :0:0: is equivalent to :: // that's why we convert the address here and then format since PatternRule also uses the formatting to normalize // the value we are matching against InetAddress inetAddress = InetAddresses.forString(pattern); pattern = "i:" + NetworkAddress.format(inetAddress); } else { pattern = "n:" + pattern; } rules.add(pattern); } return new PatternRule(filterRuleType, rules.toString()); } }
From source file:org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRuleTests.java
License:Open Source License
public void testParseIpSubnetFilterRule() throws Exception { final boolean allow = randomBoolean(); IpFilterRule rule = getRule(allow, "127.0.0.0/24"); assertThat(rule, instanceOf(IpSubnetFilterRule.class)); if (allow) {/*from w w w .j a v a 2 s.c om*/ assertEquals(rule.ruleType(), IpFilterRuleType.ACCEPT); } else { assertEquals(rule.ruleType(), IpFilterRuleType.REJECT); } IpSubnetFilterRule ipSubnetFilterRule = (IpSubnetFilterRule) rule; assertTrue(ipSubnetFilterRule.matches(new InetSocketAddress(InetAddress.getByName("127.0.0.1"), 0))); }
From source file:org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRuleTests.java
License:Open Source License
public void testParsePatternRules() { final boolean allow = randomBoolean(); String ruleSpec = "127.0.0.1,::1,192.168.0.*,name*,specific_name"; IpFilterRule rule = getRule(allow, ruleSpec); assertThat(rule, instanceOf(PatternRule.class)); if (allow) {//from w w w . j a v a 2 s. com assertEquals(rule.ruleType(), IpFilterRuleType.ACCEPT); } else { assertEquals(rule.ruleType(), IpFilterRuleType.REJECT); } }
From source file:org.springframework.cloud.gateway.handler.predicate.RemoteAddrRoutePredicateFactory.java
License:Apache License
private void addSource(List<IpSubnetFilterRule> sources, String source) { if (!source.contains("/")) { // no netmask, add default source = source + "/32"; }/* w ww. j av a2 s.c o m*/ String[] ipAddressCidrPrefix = source.split("/", 2); String ipAddress = ipAddressCidrPrefix[0]; int cidrPrefix = Integer.parseInt(ipAddressCidrPrefix[1]); sources.add(new IpSubnetFilterRule(ipAddress, cidrPrefix, IpFilterRuleType.ACCEPT)); }