Class RestrictUrisProcessor
- java.lang.Object
-
- org.mapfish.print.processor.AbstractProcessor<ClientHttpFactoryProcessorParam,java.lang.Void>
-
- org.mapfish.print.processor.http.AbstractClientHttpRequestFactoryProcessor
-
- org.mapfish.print.processor.http.RestrictUrisProcessor
-
- All Implemented Interfaces:
ConfigurationObject
,HttpProcessor<ClientHttpFactoryProcessorParam>
,Processor<ClientHttpFactoryProcessorParam,java.lang.Void>
public final class RestrictUrisProcessor extends AbstractClientHttpRequestFactoryProcessor
This processor check urls against a set of url matchers to see if the request should be allowed or rejected.Usage of processor is as follows:
- !restrictUris matchers: - !localMatch {} - !ipMatch ip: www.camptocamp.org - !dnsMatch host: mapfish-geoportal.demo-camptocamp.com port: 80 - !dnsMatch host: labs.metacarta.com port: 80 - !dnsMatch host: terraservice.net port: 80 - !dnsMatch host: tile.openstreetmap.org port: 80 - !dnsMatch host: www.geocat.ch port: 80
By default a matcher allows the URL, but it can be setup to reject the URL (by setting reject to true). The first matcher that matches will be the one picking the final outcome. If no matcher matches, the URI is rejected. So, for example, you can allow every URLs apart from the internal URLs like that:
- !restrictUris matchers: - !ipMatch ip: 192.178.0.0 mask: 255.255.0.0 reject: true - !acceptAll
If the Print service is in your DMZ and needs to allow access to any WMS server, it is strongly recommended to have a configuration like the previous one in order to avoid having the Print service being used as a proxy to access your internal servers.
Note: if this class is part of a CompositeClientHttpRequestFactoryProcessor (!configureHttpRequests) then it should be the last one so that the checks are done after all changes to the URIs [[examples=http_processors]]
- See Also:
AcceptAllMatcher
,AddressHostMatcher
,DnsHostMatcher
,LocalHostMatcher
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.mapfish.print.processor.AbstractProcessor
AbstractProcessor.Context
-
Nested classes/interfaces inherited from interface org.mapfish.print.processor.Processor
Processor.ExecutionContext
-
-
Field Summary
-
Fields inherited from class org.mapfish.print.processor.http.AbstractClientHttpRequestFactoryProcessor
matchers
-
Fields inherited from interface org.mapfish.print.processor.Processor
MDC_APPLICATION_ID_KEY, MDC_JOB_ID_KEY
-
-
Constructor Summary
Constructors Constructor Description RestrictUrisProcessor()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description MfClientHttpRequestFactory
createFactoryWrapper(ClientHttpFactoryProcessorParam clientHttpFactoryProcessorParam, MfClientHttpRequestFactory requestFactory)
Create theMfClientHttpRequestFactory
to use.-
Methods inherited from class org.mapfish.print.processor.http.AbstractClientHttpRequestFactoryProcessor
createInputParameter, execute, extraValidation, setMatchers
-
Methods inherited from class org.mapfish.print.processor.AbstractProcessor
getInputMapperBiMap, getInputPrefix, getOutputMapperBiMap, getOutputPrefix, getOutputType, setInputMapper, setInputPrefix, setOutputMapper, setOutputPrefix, setPrefix, toString, toString, validate
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
-
Methods inherited from interface org.mapfish.print.config.ConfigurationObject
validate
-
Methods inherited from interface org.mapfish.print.processor.Processor
getInputMapperBiMap, getInputPrefix, getOutputMapperBiMap, getOutputPrefix, getOutputType, toString
-
-
-
-
Method Detail
-
createFactoryWrapper
public MfClientHttpRequestFactory createFactoryWrapper(ClientHttpFactoryProcessorParam clientHttpFactoryProcessorParam, MfClientHttpRequestFactory requestFactory)
Description copied from interface:HttpProcessor
Create theMfClientHttpRequestFactory
to use.- Parameters:
clientHttpFactoryProcessorParam
- extra parameters required to create the updated request factoryrequestFactory
- the basic request factory. It should be unmodified and just wrapped with a proxy class.
-
-