Package com.zfabrik.servletjsp.security

Class NonLocalhostWhitelist

java.lang.Object
org.eclipse.jetty.util.component.AbstractLifeCycle
org.eclipse.jetty.util.component.ContainerLifeCycle
org.eclipse.jetty.server.handler.AbstractHandler
org.eclipse.jetty.server.handler.AbstractHandlerContainer
org.eclipse.jetty.server.handler.HandlerWrapper
com.zfabrik.servletjsp.security.NonLocalhostWhitelist
All Implemented Interfaces:
org.eclipse.jetty.server.Handler, org.eclipse.jetty.server.HandlerContainer, org.eclipse.jetty.util.component.Container, org.eclipse.jetty.util.component.Destroyable, org.eclipse.jetty.util.component.Dumpable, org.eclipse.jetty.util.component.Dumpable.DumpableContainer, org.eclipse.jetty.util.component.LifeCycle
public class NonLocalhostWhitelist extends org.eclipse.jetty.server.handler.HandlerWrapper
A simple whitelisting filter for Jetty access to grant access for Web application paths for non localhost sources.

This filter can be used to increase security by restricting access to Web applications that are only used for debugging and development to access from localhost.

To configure see the Jetty configuration file z2-nonlocalhostwhitelist.xml that might look like this to grant access to the root path "/" and the context path /abc: 

 
 <Configure id="Server" class="org.eclipse.jetty.server.Server">
   <Call name="insertHandler">
     <Arg>
       <New id="NonLocalhostWhitelist" class="com.zfabrik.servletjsp.security.NonLocalhostWhitelist">
         <Set name="patterns">
           <Array type="String">
             <Item>^/abc($|/.*)</Item>
             <Item>^/$</Item>
         </Array>
       </Set>
     </New>
   </Arg>
 </Call>
 </Configure>

  • Nested Class Summary

    Nested classes/interfaces inherited from class org.eclipse.jetty.server.handler.AbstractHandler

    org.eclipse.jetty.server.handler.AbstractHandler.ErrorDispatchHandler

    Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

    org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener, org.eclipse.jetty.util.component.AbstractLifeCycle.StopException

    Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container

    org.eclipse.jetty.util.component.Container.InheritedListener, org.eclipse.jetty.util.component.Container.Listener

    Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Dumpable

    org.eclipse.jetty.util.component.Dumpable.DumpableContainer

    Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle

    org.eclipse.jetty.util.component.LifeCycle.Listener

  • Field Summary

    Fields inherited from class org.eclipse.jetty.server.handler.HandlerWrapper

    _handler

    Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

    FAILED, STARTED, STARTING, STOPPED, STOPPING

    Fields inherited from interface org.eclipse.jetty.util.component.Dumpable

    KEY

  • Constructor Summary

    Constructors
    Constructor
    Description
    NonLocalhostWhitelist()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected void
    doStart()
     
    void
    handle​(String target, org.eclipse.jetty.server.Request baseRequest, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
     
    void
    setPatterns​(String[] patterns)
     

    Methods inherited from class org.eclipse.jetty.server.handler.HandlerWrapper

    destroy, expandChildren, getHandler, getHandlers, insertHandler, setHandler

    Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandlerContainer

    expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass, setServer

    Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandler

    doError, doStop, getServer

    Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle

    addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dumpObjects, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, start, stop, unmanage, updateBean, updateBean, updateBeans, updateBeans

    Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

    getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, setEventListeners, start, stop, toString

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

    Methods inherited from interface org.eclipse.jetty.util.component.Container

    getCachedBeans, getEventListeners

    Methods inherited from interface org.eclipse.jetty.util.component.Dumpable

    dumpSelf

    Methods inherited from interface org.eclipse.jetty.util.component.Dumpable.DumpableContainer

    isDumpable

    Methods inherited from interface org.eclipse.jetty.util.component.LifeCycle

    addEventListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeEventListener, start, stop

  • Constructor Details

    • NonLocalhostWhitelist

      public NonLocalhostWhitelist()

  • Method Details

    • setPatterns

      public void setPatterns(String[] patterns)

    • handle

      public void handle(String target, org.eclipse.jetty.server.Request baseRequest, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException, javax.servlet.ServletException
      Specified by:
      handle in interface org.eclipse.jetty.server.Handler
      Overrides:
      handle in class org.eclipse.jetty.server.handler.HandlerWrapper
      Throws:
      IOException
      javax.servlet.ServletException

    • doStart

      protected void doStart() throws Exception
      Overrides:
      doStart in class org.eclipse.jetty.server.handler.AbstractHandler
      Throws:
      Exception