Add IpFilter for restricting access IP ranges #57
Conversation
…om without (or outside) specific IP ranges. Add IpAddressMatcher taken from Spring Security used for range tests
| * Both IPv6 and IPv4 addresses are supported, but a matcher which is configured with an | ||
| * IPv4 address will never match a request which returns an IPv6 address, and vice-versa. | ||
| * | ||
| * @author Luke Taylor originally written for Spring Security |
| * address ranges and / or not from with a specific (denied) set. | ||
| * <p/> | ||
| * Example config: | ||
| * <pre> |
There was a problem hiding this comment.
Old Javadoc
The [filters] section is deprecated. but you can replace this with [main]
There was a problem hiding this comment.
Also changing in PortFilter - which is where I cribbed it from.
| * /another/path/** = localLan | ||
| * </pre> | ||
| * | ||
| * @since 1.0 |
|
|
||
| import java.util.Collection; | ||
|
|
||
| public interface IpSource { |
| import org.junit.Test; | ||
|
|
||
| /** | ||
| * @author Modified by Richard Wheeldon from an original by Luke Taylor for Spring Security |
| * @author Modified by Richard Wheeldon from an original by Luke Taylor for Spring Security | ||
| * @since 1.4.0 | ||
| */ | ||
| public class IpAddressMatcherTests { |
There was a problem hiding this comment.
Thanks for including the tests as well!!
|
This should probably be added to |
|
@rswheeldon Thanks for working on this! I added a few minor things, nothing major. You should also sign a Apache CLA. |
|
CLA was signed years ago when I pushed a load of stuff to Apache FOP. It should still be valid. If not, I'll sign a new one. |
|
Cool, I only took a quick look, I'll look again |
|
Updated with fixes for all the above. |
|
@rswheeldon Any thoughts on the |
|
ip - it's only one character shorter than ssl. rest, port and user aren't exactly verbose either. If you agree, I'll add it. |
|
|
|
Done. I don't really understand the Guice stuff though so I've done nothing more on that than make the unit tests pass. |
|
What else is needed to get this into trunk? There are no changes I'm intending on making unless there's something that's not been addressed. |
|
This looks good to me 👍 |
|
Whats the status on this? Currently looking for this kind of functionality?! |
|
@col-panic give this PR a shot and let us know what you think! |
|
Hello @col-panic @bdemers - We are looking towards to have this IP filter option in our application design. But seeing this PR left open concerns me. Is there any reason or alternative. |
|
@mookkiah feel free to resolve the conflict, we will merge it! |
|
I switched my implementation to be behind an nginx that acts as reverse proxy. This allows me to separate this concerns from the filter configuration which is now done in nginx. Due to this I did not further spend time on it. sry. |
|
@fpapon Created new PR #219 after resolving merge conflict. |
|
@mookkiah thanks! I close this one. |
Add IpFilter for restricting access to resources from those coming from without (or outside) specific IP ranges.
Add IpAddressMatcher taken from Spring Security used for range tests