View Javadoc

1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License.
18   *
19   */
20  package org.apache.mina.filter;
21  
22  import java.net.InetAddress;
23  import java.net.InetSocketAddress;
24  import java.net.SocketAddress;
25  import java.util.Collection;
26  import java.util.Set;
27  import java.util.concurrent.CopyOnWriteArraySet;
28  
29  import org.apache.mina.common.IdleStatus;
30  import org.apache.mina.common.IoFilter;
31  import org.apache.mina.common.IoFilterAdapter;
32  import org.apache.mina.common.IoSession;
33  import org.apache.mina.util.SessionLog;
34  
35  /**
36   * A {@link IoFilter} which blocks connections from blacklisted remote
37   * address.
38   *
39   * @author The Apache Directory Project (mina-dev@directory.apache.org)
40   * @version $Rev: 555855 $, $Date: 2007-07-13 12:19:00 +0900 (금, 13  7월 2007) $
41   */
42  public class BlacklistFilter extends IoFilterAdapter {
43      private final Set<InetAddress> blacklist = new CopyOnWriteArraySet<InetAddress>();
44  
45      /**
46       * Sets the addresses to be blacklisted.
47       *
48       * NOTE: this call will remove any previously blacklisted addresses.
49       *
50       * @param addresses an array of addresses to be blacklisted.
51       */
52      public void setBlacklist(InetAddress... addresses) {
53          if (addresses == null)
54              throw new NullPointerException("addresses");
55          blacklist.clear();
56          for (int i = 0; i < addresses.length; i++) {
57              InetAddress addr = addresses[i];
58              block(addr, "addresses[" + i + ']');
59          }
60      }
61  
62      /**
63       * Sets the addresses to be blacklisted.
64       *
65       * NOTE: this call will remove any previously blacklisted addresses.
66       *
67       * @param addresses a collection of InetAddress objects representing the
68       *        addresses to be blacklisted.
69       * @throws IllegalArgumentException if the specified collections contains
70       *         non-{@link InetAddress} objects.
71       */
72      public void setBlacklist(Collection<InetAddress> addresses) {
73          if (addresses == null)
74              throw new NullPointerException("addresses");
75  
76          InetAddress[] inetAddresses = new InetAddress[addresses.size()];
77          try {
78              setBlacklist(addresses.toArray(inetAddresses));
79          } catch (ArrayStoreException ase) {
80              IllegalArgumentException iae = new IllegalArgumentException(
81                      "Collection of addresses must contain only InetAddress instances.");
82              iae.initCause(ase);
83              throw iae;
84          }
85      }
86  
87      /**
88       * Blocks the specified endpoint.
89       */
90      public void block(InetAddress address, String error_string) {
91          if (address == null)
92              throw new NullPointerException(error_string);
93          blacklist.add(address);
94      }
95  
96      /**
97       * Blocks the specified endpoint.
98       */
99      public void block(InetAddress address) {
100         block(address, "address");
101     }
102 
103     /**
104      * Unblocks the specified endpoint.
105      */
106     public void unblock(InetAddress address) {
107         if (address == null)
108             throw new NullPointerException("address");
109         blacklist.remove(address);
110     }
111 
112     @Override
113     public void sessionCreated(NextFilter nextFilter, IoSession session) {
114         if (!isBlocked(session)) {
115             // forward if not blocked
116             nextFilter.sessionCreated(session);
117         } else {
118             blockSession(session);
119         }
120     }
121 
122     @Override
123     public void sessionOpened(NextFilter nextFilter, IoSession session)
124             throws Exception {
125         if (!isBlocked(session)) {
126             // forward if not blocked
127             nextFilter.sessionOpened(session);
128         } else {
129             blockSession(session);
130         }
131     }
132 
133     @Override
134     public void sessionClosed(NextFilter nextFilter, IoSession session)
135             throws Exception {
136         if (!isBlocked(session)) {
137             // forward if not blocked
138             nextFilter.sessionClosed(session);
139         } else {
140             blockSession(session);
141         }
142     }
143 
144     @Override
145     public void sessionIdle(NextFilter nextFilter, IoSession session,
146             IdleStatus status) throws Exception {
147         if (!isBlocked(session)) {
148             // forward if not blocked
149             nextFilter.sessionIdle(session, status);
150         } else {
151             blockSession(session);
152         }
153     }
154 
155     @Override
156     public void messageReceived(NextFilter nextFilter, IoSession session,
157             Object message) {
158         if (!isBlocked(session)) {
159             // forward if not blocked
160             nextFilter.messageReceived(session, message);
161         } else {
162             blockSession(session);
163         }
164     }
165 
166     @Override
167     public void messageSent(NextFilter nextFilter, IoSession session,
168             Object message) throws Exception {
169         if (!isBlocked(session)) {
170             // forward if not blocked
171             nextFilter.messageSent(session, message);
172         } else {
173             blockSession(session);
174         }
175     }
176 
177     private void blockSession(IoSession session) {
178         SessionLog.info(session, "Remote address in the blacklist; closing.");
179         session.close();
180     }
181 
182     private boolean isBlocked(IoSession session) {
183         SocketAddress remoteAddress = session.getRemoteAddress();
184         if (remoteAddress instanceof InetSocketAddress) {
185             if (blacklist.contains(((InetSocketAddress) remoteAddress)
186                     .getAddress())) {
187                 return true;
188             }
189         }
190 
191         return false;
192     }
193 }