标签:
我们经常需要用到ip白名单,ip黑名单。netty本身就帮我实现了一套验证机制,提供了IpFilterRuleHandler类public class IpFilterRuleHandler extends IpFilteringHandlerImpl
public abstract class IpFilteringHandlerImpl implements ChannelUpstreamHandler, IpFilteringHandler
该类和我们经常使用的解码器(decoder)以及逻辑处理handler一样都继承于ChannelUpstreamHandler,所以可以很方便的把它加入到我们的ChannelPipeline中。例如:
ChannelPipeline p = Channels.pipeline(); //ip过滤 IpFilterRuleHandler ipFilterRuleHandler = new IpFilterRuleHandler(); ipFilterRuleHandler.addAll(new IpFilterRuleList("+i:192.168.*"+ ", -i:*")); p.addLast("ipFilter", ipFilterRuleHandler);
netty的ip过滤一共提供3中过滤:[i,n,c]
i对应的是ip地址,相应的 +i 表示allow(允许),-i 表示deny(否认)
n对应的是地址名称,相应的 +n 表示allow(允许),-n 表示deny(否认)
c对应的是CIDR (Classless Inter-Domain Routing)无分类域间路由选择,相应的 +c 表示allow(允许),-c表示deny(否认)
官方中实例:
package org.jboss.netty.handler.ipfilter; import java.net.InetAddress; import java.net.InetSocketAddress; public class IpFilterRuleTest { public static boolean accept(IpFilterRuleHandler h, InetSocketAddress addr) throws Exception { return h.accept(null, null, addr); } public static void main(String[] args) throws Exception { IpFilterRuleHandler h = new IpFilterRuleHandler(); h.addAll(new IpFilterRuleList("+n:localhost, -n:*")); InetSocketAddress addr = new InetSocketAddress( InetAddress.getLocalHost(), 8080); System.out.println(accept(h, addr)); addr = new InetSocketAddress(InetAddress.getByName("127.0.0.2"), 8080); System.out.println(accept(h, addr)); addr = new InetSocketAddress(InetAddress.getByName(InetAddress .getLocalHost().getHostName()), 8080); System.out.println(accept(h, addr)); h.clear(); h.addAll(new IpFilterRuleList("+n:*" + InetAddress.getLocalHost().getHostName().substring(1) + ", -n:*")); addr = new InetSocketAddress(InetAddress.getLocalHost(), 8080); System.out.println(accept(h, addr)); addr = new InetSocketAddress(InetAddress.getByName("127.0.0.2"), 8080); System.out.println(accept(h, addr)); addr = new InetSocketAddress(InetAddress.getByName(InetAddress .getLocalHost().getHostName()), 8080); System.out.println(accept(h, addr)); h.clear(); h.addAll(new IpFilterRuleList("+c:" + InetAddress.getLocalHost().getHostAddress() + "/32, -n:*")); addr = new InetSocketAddress(InetAddress.getLocalHost(), 8080); System.out.println(accept(h, addr)); addr = new InetSocketAddress(InetAddress.getByName("127.0.0.2"), 8080); System.out.println(accept(h, addr)); addr = new InetSocketAddress(InetAddress.getByName(InetAddress .getLocalHost().getHostName()), 8080); System.out.println(accept(h, addr)); h.clear(); h.addAll(new IpFilterRuleList("")); addr = new InetSocketAddress(InetAddress.getLocalHost(), 8080); System.out.println(accept(h, addr)); addr = new InetSocketAddress(InetAddress.getByName("127.0.0.2"), 8080); System.out.println(accept(h, addr)); addr = new InetSocketAddress(InetAddress.getByName(InetAddress .getLocalHost().getHostName()), 8080); System.out.println(accept(h, addr)); h.clear(); addr = new InetSocketAddress(InetAddress.getLocalHost(), 8080); System.out.println(accept(h, addr)); addr = new InetSocketAddress(InetAddress.getByName("127.0.0.2"), 8080); System.out.println(accept(h, addr)); addr = new InetSocketAddress(InetAddress.getByName(InetAddress .getLocalHost().getHostName()), 8080); System.out.println(accept(h, addr)); } }
标签:
原文地址:http://my.oschina.net/OutOfMemory/blog/364446