All,
A bunch of clients at $work are suddenly asking if they can restrict
their users to certain IP "addresses" when logging-in. Should be easy
with a Filter or similar, right?
Tomcat has both RemoteCIRDFilter and RemoteIPFilter: why re-invent the
wheel?
Looking at RemoteCIDRFilter (which is much more flexible than
RemoteIPFilter), I can see these methods:
public void setDeny(String deny);
public String getDeny();
public void setAllow(String allow);
public String getAllow();
At first, I thought "maybe I can simply subclass and override
getAllow()" but the class's code references its own member directly:
private boolean isAllowed(final String property) {
[...]
for (final NetMask nm : allow) {
if (nm.matches(addr)) {
return true;
}
}
[...]
}
The isAllowed() method itself is private and therefore not overridable.
For the sake of argument, I could change that code to:
for (final NetMask nm : getAllowNetMasks()) {
if (nm.matches(addr)) {
return true;
}
}
... and introduce a new method which returns that member, then override
it in my subclass.
Since this control needs to be implemented as a per-user setting, the
existing "allow" and "deny" members would be ignored.
Other than a trivial waste of memory (and the dependence upon
Tomcat-specific code), can anyone think of a reason not to simply make
these changes and subclass the Filter in my own application?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
