mina框架:白名单实现

转载 于 2014-09-09 10:37:10 发布 · 1.8k 阅读 · 1
文章标签:

#白名单

Apache Mina自带了一个黑名单过滤器BlacklistFilter,可过滤黑名单列表中的网络连接。用来防止非法的客户端访问。
但在某些应用场景里需要设定白名单,只接收某些指定IP的客户端发来的数据。这就需要实现白名单功能。
我们可以自己实现白名单过滤器,方法很简单只需仿照BlacklistFilter做些修改即可。


package org.mina.util;

import java.util.concurrent.CopyOnWriteArrayList;

import org.apache.mina.core.filterchain.IoFilterAdapter;

import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.util.List;
import java.util.concurrent.CopyOnWriteArrayList;

import org.apache.mina.core.filterchain.IoFilter;
import org.apache.mina.core.filterchain.IoFilterAdapter;
import org.apache.mina.core.session.IdleStatus;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.core.write.WriteRequest;
import org.apache.mina.filter.firewall.Subnet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class WhiteFilter extends IoFilterAdapter {
	private final List<Subnet> whitelist=new CopyOnWriteArrayList<Subnet>();
	private  final static Logger LOGGER=LoggerFactory.getLogger(WhiteFilter.class);
	  public void setWhitelist(InetAddress[] addresses) {  
	        if (addresses == null) {  
	            throw new NullPointerException("addresses");  
	        }  
	        whitelist.clear();  
	        for (InetAddress addr : addresses) {  
	            allow(addr);  
	        }  
	    }  
	  
	    public void setSubnetWhitelist(Subnet[] subnets) {  
	        if (subnets == null) {  
	            throw new NullPointerException("Subnets must not be null");  
	        }  
	        whitelist.clear();  
	        for (Subnet subnet : subnets) {  
	            allow(subnet);  
	        }  
	    }  
	  
	    public void setWhitelist(Iterable<InetAddress> addresses) {  
	        if (addresses == null) {  
	            throw new NullPointerException("addresses");  
	        }  
	  
	        whitelist.clear();  
	  
	        for (InetAddress address : addresses) {  
	            allow(address);  
	        }  
	    }  
	  
	    public void setSubnetWhitelist(Iterable<Subnet> subnets) {  
	        if (subnets == null) {  
	            throw new NullPointerException("Subnets must not be null");  
	        }  
	        whitelist.clear();  
	        for (Subnet subnet : subnets) {  
	            allow(subnet);  
	        }  
	    }  
	  
	    public void allow(InetAddress address) {  
	        if (address == null) {  
	            throw new NullPointerException("Adress to block can not be null");  
	        }  
	  
	        allow(new Subnet(address, 32));  
	    }  
	  
	    public void allow(Subnet subnet) {  
	        if (subnet == null) {  
	            throw new NullPointerException("Subnet can not be null");  
	        }  
	  
	        whitelist.add(subnet);  
	    }  
	  
	    public void disallow(InetAddress address) {  
	        if (address == null) {  
	            throw new NullPointerException("Adress to unblock can not be null");  
	        }  
	  
	        disallow(new Subnet(address, 32));  
	    }  
	  
	    public void disallow(Subnet subnet) {  
	        if (subnet == null) {  
	            throw new NullPointerException("Subnet can not be null");  
	        }  
	        whitelist.remove(subnet);  
	    }  
	  
	    @Override  
	    public void sessionCreated(NextFilter nextFilter, IoSession session) {  
	        if (isAllowed(session)) {  
	            nextFilter.sessionCreated(session);  
	        } else {  
	            blockSession(session);  
	        }  
	    }  
	  
	    @Override  
	    public void sessionOpened(NextFilter nextFilter, IoSession session) throws Exception {  
	        if (isAllowed(session)) {  
	            nextFilter.sessionOpened(session);  
	        } else {  
	            blockSession(session);  
	        }  
	    }  
	  
	    @Override  
	    public void sessionClosed(NextFilter nextFilter, IoSession session) throws Exception {  
	        if (isAllowed(session)) {  
	            nextFilter.sessionClosed(session);  
	        } else {  
	            blockSession(session);  
	        }  
	    }  
	  
	    @Override  
	    public void sessionIdle(NextFilter nextFilter, IoSession session, IdleStatus status) throws Exception {  
	        if (isAllowed(session)) {  
	            nextFilter.sessionIdle(session, status);  
	        } else {  
	            blockSession(session);  
	        }  
	    }  
	  
	    @Override  
	    public void messageReceived(NextFilter nextFilter, IoSession session, Object message) {  
	        if (isAllowed(session)) {  
	            nextFilter.messageReceived(session, message);  
	        } else {  
	            blockSession(session);  
	        }  
	    }  
	  
	    @Override  
	    public void messageSent(NextFilter nextFilter, IoSession session, WriteRequest writeRequest) throws Exception {  
	        if (isAllowed(session)) {  
	            nextFilter.messageSent(session, writeRequest);  
	        } else {  
	            blockSession(session);  
	        }  
	    }  
	  
	    private void blockSession(IoSession session) {  
	        LOGGER.warn("Remote address is not allowed; closing.");  
	        session.close(true);  
	    }  
	  
	    private boolean isAllowed(IoSession session) {  
	        SocketAddress remoteAddress = session.getRemoteAddress();  
	        if (remoteAddress instanceof InetSocketAddress) {  
	            InetAddress address = ((InetSocketAddress) remoteAddress).getAddress();  
	  
	            // check all subnets   
	            for (Subnet subnet : whitelist) {  
	                if (subnet.inSubnet(address)) {  
	                    return true;  
	                }  
	            }  
	        }  
	        return false;  
	    }  
	

}

   调用时要加入whitelist过滤器


   IoAcceptor acceptor = new NioSocketAcceptor();  
     
   WhitelistFilter whitelistFilter=new WhitelistFilter();  
   InetAddress[] address= new InetAddress[1];  
   address[0]=InetAddress.getByName("192.168.136.123");  
   whitelistFilter.setWhitelist(address);  
   acceptor.getFilterChain().addFirst("white",whitelistFilter);  
     
   acceptor.getFilterChain().addLast("logger", new LoggingFilter());     
               
   acceptor.getFilterChain().addLast("codec", new ProtocolCodecFilter(new TextLineCodecFactory(Charset.forName("GBK"))));       
   acceptor.setHandler(new ServerHandler());       
               
   acceptor.getSessionConfig().setReadBufferSize(2048);       
   acceptor.getSessionConfig().setIdleTime(IdleStatus.BOTH_IDLE, 10);       
                  
   acceptor.bind(new InetSocketAddress(PORT));       
   这样服务端只会从指定的IP接收数据,如果客户端使用其他的IP地址则服务端拒绝连接。


原文地址:
http://www.linuxidc.com/Linux/2012-08/68992.htm
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值