User:Alfredas/JosekiSecurity

From mediawiki.org
Jump to navigation Jump to search

In order to restrict access to the Joseki update service and make it accessible only from localhost:

  • add this to the top of web.xml under joseki/WEB-INF
  <!-- Access Filter -->
  <filter>
      <filter-name>AccessFilter</filter-name>
      <filter-class>nl.tudelft.tbm.servletaccessfilter.ServletAccessFilter</filter-class>
  </filter>

  <filter-mapping>
    <filter-name>AccessFilter</filter-name>
    <url-pattern>/update/service/*</url-pattern>
  </filter-mapping>
  • download jar and put it in the servlet engine's classpath
  • restart server

Source[edit]

package nl.tudelft.tbm.servletaccessfilter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

public class ServletAccessFilter implements Filter {

  @Override
  public void destroy() {
  }

  @Override
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    if (request.getRemoteAddr().equals("0:0:0:0:0:0:0:1") || request.getRemoteAddr().equals("127.0.0.1")) {
      chain.doFilter(request, response);
    } else {
      HttpServletResponse httpr = (HttpServletResponse) response;
      httpr.sendError(HttpServletResponse.SC_FORBIDDEN);
    }

  }

  @Override
  public void init(FilterConfig config) throws ServletException {
  }

}