1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.mina.filter.firewall;
21
22 import java.net.InetAddress;
23 import java.net.InetSocketAddress;
24 import java.net.SocketAddress;
25 import java.util.List;
26 import java.util.concurrent.CopyOnWriteArrayList;
27
28 import org.apache.mina.common.IdleStatus;
29 import org.apache.mina.common.IoFilter;
30 import org.apache.mina.common.IoFilterAdapter;
31 import org.apache.mina.common.IoSession;
32 import org.apache.mina.common.WriteRequest;
33 import org.slf4j.Logger;
34 import org.slf4j.LoggerFactory;
35
36
37
38
39
40
41
42
43 public class BlacklistFilter extends IoFilterAdapter {
44 private final List<InetAddress> blacklist = new CopyOnWriteArrayList<InetAddress>();
45
46 private final Logger logger = LoggerFactory.getLogger(getClass());
47
48
49
50
51
52
53
54 public void setBlacklist(InetAddress[] addresses) {
55 if (addresses == null) {
56 throw new NullPointerException("addresses");
57 }
58 blacklist.clear();
59 for (int i = 0; i < addresses.length; i++) {
60 InetAddress addr = addresses[i];
61 block(addr, "addresses[" + i + ']');
62 }
63 }
64
65
66
67
68
69
70
71
72
73
74
75 public void setBlacklist(Iterable<InetAddress> addresses) {
76 if (addresses == null) {
77 throw new NullPointerException("addresses");
78 }
79
80 blacklist.clear();
81
82 for( InetAddress address : addresses ){
83 block( address, address.getHostName() );
84 }
85 }
86
87
88
89
90 public void block(InetAddress address, String error_string) {
91 if (address == null) {
92 throw new NullPointerException(error_string);
93 }
94 blacklist.add(address);
95 }
96
97
98
99
100 public void block(InetAddress address) {
101 block(address, "address");
102 }
103
104
105
106
107 public void unblock(InetAddress address) {
108 if (address == null) {
109 throw new NullPointerException("address");
110 }
111 blacklist.remove(address);
112 }
113
114 @Override
115 public void sessionCreated(NextFilter nextFilter, IoSession session) {
116 if (!isBlocked(session)) {
117
118 nextFilter.sessionCreated(session);
119 } else {
120 blockSession(session);
121 }
122 }
123
124 @Override
125 public void sessionOpened(NextFilter nextFilter, IoSession session)
126 throws Exception {
127 if (!isBlocked(session)) {
128
129 nextFilter.sessionOpened(session);
130 } else {
131 blockSession(session);
132 }
133 }
134
135 @Override
136 public void sessionClosed(NextFilter nextFilter, IoSession session)
137 throws Exception {
138 if (!isBlocked(session)) {
139
140 nextFilter.sessionClosed(session);
141 } else {
142 blockSession(session);
143 }
144 }
145
146 @Override
147 public void sessionIdle(NextFilter nextFilter, IoSession session,
148 IdleStatus status) throws Exception {
149 if (!isBlocked(session)) {
150
151 nextFilter.sessionIdle(session, status);
152 } else {
153 blockSession(session);
154 }
155 }
156
157 @Override
158 public void messageReceived(NextFilter nextFilter, IoSession session,
159 Object message) {
160 if (!isBlocked(session)) {
161
162 nextFilter.messageReceived(session, message);
163 } else {
164 blockSession(session);
165 }
166 }
167
168 @Override
169 public void messageSent(NextFilter nextFilter, IoSession session,
170 WriteRequest writeRequest) throws Exception {
171 if (!isBlocked(session)) {
172
173 nextFilter.messageSent(session, writeRequest);
174 } else {
175 blockSession(session);
176 }
177 }
178
179 private void blockSession(IoSession session) {
180 logger.warn("Remote address in the blacklist; closing.");
181 session.close();
182 }
183
184 private boolean isBlocked(IoSession session) {
185 SocketAddress remoteAddress = session.getRemoteAddress();
186 if (remoteAddress instanceof InetSocketAddress) {
187 if (blacklist.contains(((InetSocketAddress) remoteAddress)
188 .getAddress())) {
189 return true;
190 }
191 }
192
193 return false;
194 }
195 }