View Javadoc

1   /*
2    * Copyright 2012 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package org.jboss.netty.handler.ipfilter;
17  
18  import java.net.InetSocketAddress;
19  
20  import org.jboss.netty.channel.ChannelEvent;
21  import org.jboss.netty.channel.ChannelFuture;
22  import org.jboss.netty.channel.ChannelFutureListener;
23  import org.jboss.netty.channel.ChannelHandlerContext;
24  import org.jboss.netty.channel.ChannelStateEvent;
25  import org.jboss.netty.channel.ChannelUpstreamHandler;
26  import org.jboss.netty.channel.Channels;
27  
28  // TODO: Auto-generated Javadoc
29  
30  /** General class that handle Ip Filtering. */
31  public abstract class IpFilteringHandlerImpl implements ChannelUpstreamHandler, IpFilteringHandler {
32  
33      private IpFilterListener listener;
34  
35      /**
36       * Called when the channel is connected. It returns True if the corresponding connection
37       * is to be allowed. Else it returns False.
38       *
39       * @param inetSocketAddress the remote {@link InetSocketAddress} from client
40       * @return True if the corresponding connection is allowed, else False.
41       */
42      protected abstract boolean accept(ChannelHandlerContext ctx, ChannelEvent e, InetSocketAddress inetSocketAddress)
43              throws Exception;
44  
45      /**
46       * Called when the channel has the CONNECTED status and the channel was refused by a previous call to accept().
47       * This method enables your implementation to send a message back to the client before closing
48       * or whatever you need. This method returns a ChannelFuture on which the implementation
49       * will wait uninterruptibly before closing the channel.<br>
50       * For instance, If a message is sent back, the corresponding ChannelFuture has to be returned.
51       *
52       * @param inetSocketAddress the remote {@link InetSocketAddress} from client
53       * @return the associated ChannelFuture to be waited for before closing the channel. Null is allowed.
54       */
55      protected ChannelFuture handleRefusedChannel(ChannelHandlerContext ctx, ChannelEvent e,
56                                                   InetSocketAddress inetSocketAddress) throws Exception {
57          if (listener == null) {
58              return null;
59          }
60          return listener.refused(ctx, e, inetSocketAddress);
61      }
62  
63      protected ChannelFuture handleAllowedChannel(ChannelHandlerContext ctx, ChannelEvent e,
64                                                   InetSocketAddress inetSocketAddress) throws Exception {
65          if (listener == null) {
66              return null;
67          }
68          return listener.allowed(ctx, e, inetSocketAddress);
69      }
70  
71      /**
72       * Internal method to test if the current channel is blocked. Should not be overridden.
73       *
74       * @return True if the current channel is blocked, else False
75       */
76      protected boolean isBlocked(ChannelHandlerContext ctx) {
77          return ctx.getAttachment() != null;
78      }
79  
80      /**
81       * Called in handleUpstream, if this channel was previously blocked,
82       * to check if whatever the event, it should be passed to the next entry in the pipeline.<br>
83       * If one wants to not block events, just overridden this method by returning always true.<br><br>
84       * <b>Note that OPENED and BOUND events are still passed to the next entry in the pipeline since
85       * those events come out before the CONNECTED event and so the possibility to filter the connection.</b>
86       *
87       * @return True if the event should continue, False if the event should not continue
88       *         since this channel was blocked by this filter
89       */
90      protected boolean continues(ChannelHandlerContext ctx, ChannelEvent e) throws Exception {
91          if (listener != null) {
92              return listener.continues(ctx, e);
93          } else {
94              return false;
95          }
96      }
97  
98  
99      public void handleUpstream(ChannelHandlerContext ctx, ChannelEvent e) throws Exception {
100         if (e instanceof ChannelStateEvent) {
101             ChannelStateEvent evt = (ChannelStateEvent) e;
102             switch (evt.getState()) {
103                 case OPEN:
104                 case BOUND:
105                     // Special case: OPEND and BOUND events are before CONNECTED,
106                     // but CLOSED and UNBOUND events are after DISCONNECTED: should those events be blocked too?
107                     if (isBlocked(ctx) && !continues(ctx, evt)) {
108                         // don't pass to next level since channel was blocked early
109                         return;
110                     } else {
111                         ctx.sendUpstream(e);
112                         return;
113                     }
114                 case CONNECTED:
115                     if (evt.getValue() != null) {
116                         // CONNECTED
117                         InetSocketAddress inetSocketAddress = (InetSocketAddress) e.getChannel().getRemoteAddress();
118                         if (!accept(ctx, e, inetSocketAddress)) {
119                             ctx.setAttachment(Boolean.TRUE);
120                             ChannelFuture future = handleRefusedChannel(ctx, e, inetSocketAddress);
121                             if (future != null) {
122                                 future.addListener(ChannelFutureListener.CLOSE);
123                             } else {
124                                 Channels.close(e.getChannel());
125                             }
126                             if (isBlocked(ctx) && !continues(ctx, evt)) {
127                                 // don't pass to next level since channel was blocked early
128                                 return;
129                             }
130                         } else {
131                             handleAllowedChannel(ctx, e, inetSocketAddress);
132                         }
133                         // This channel is not blocked
134                         ctx.setAttachment(null);
135                     } else {
136                         // DISCONNECTED
137                         if (isBlocked(ctx) && !continues(ctx, evt)) {
138                             // don't pass to next level since channel was blocked early
139                             return;
140                         }
141                     }
142                     break;
143             }
144         }
145         if (isBlocked(ctx) && !continues(ctx, e)) {
146             // don't pass to next level since channel was blocked early
147             return;
148         }
149         // Whatever it is, if not blocked, goes to the next level
150         ctx.sendUpstream(e);
151     }
152 
153 
154     public void setIpFilterListener(IpFilterListener listener) {
155         this.listener = listener;
156     }
157 
158 
159     public void removeIpFilterListener() {
160         listener = null;
161 
162     }
163 
164 }