Class RestrictUrisProcessor
- All Implemented Interfaces:
ConfigurationObject,HttpProcessor<ClientHttpFactoryProcessorParam>,Processor<ClientHttpFactoryProcessorParam,Void>
Usage of processor is as follows:
- !restrictUris
matchers:
- !localMatch {}
- !ipMatch
ip: www.camptocamp.org
- !dnsMatch
host: mapfish-geoportal.demo-camptocamp.com
port: 80
- !dnsMatch
host: labs.metacarta.com
port: 80
- !dnsMatch
host: terraservice.net
port: 80
- !dnsMatch
host: tile.openstreetmap.org
port: 80
- !dnsMatch
host: www.geocat.ch
port: 80
By default a matcher allows the URL, but it can be setup to reject the URL (by setting reject to true). The first matcher that matches will be the one picking the final outcome. If no matcher matches, the URI is rejected. So, for example, you can allow every URLs apart from the internal URLs like that:
- !restrictUris
matchers:
- !ipMatch
ip: 192.178.0.0
mask: 255.255.0.0
reject: true
- !acceptAll
If the Print service is in your DMZ and needs to allow access to any WMS server, it is strongly recommended to have a configuration like the previous one in order to avoid having the Print service being used as a proxy to access your internal servers.
Note: if this class is part of a CompositeClientHttpRequestFactoryProcessor (!configureHttpRequests) then it should be the last one so that the checks are done after all changes to the URIs [[examples=http_processors]]
-
Nested Class Summary
Nested classes/interfaces inherited from class org.mapfish.print.processor.AbstractProcessor
AbstractProcessor.ContextNested classes/interfaces inherited from interface org.mapfish.print.processor.Processor
Processor.ExecutionContext -
Field Summary
Fields inherited from class org.mapfish.print.processor.http.AbstractClientHttpRequestFactoryProcessor
matchersFields inherited from interface org.mapfish.print.processor.Processor
MDC_APPLICATION_ID_KEY, MDC_JOB_ID_KEY -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptioncreateFactoryWrapper(ClientHttpFactoryProcessorParam clientHttpFactoryProcessorParam, MfClientHttpRequestFactory requestFactory) Create theMfClientHttpRequestFactoryto use.Methods inherited from class org.mapfish.print.processor.http.AbstractClientHttpRequestFactoryProcessor
createInputParameter, execute, extraValidation, setMatchersMethods inherited from class org.mapfish.print.processor.AbstractProcessor
getInputMapperBiMap, getInputPrefix, getOutputMapperBiMap, getOutputPrefix, getOutputType, setInputMapper, setInputPrefix, setOutputMapper, setOutputPrefix, setPrefix, toString, toString, validateMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface org.mapfish.print.config.ConfigurationObject
validateMethods inherited from interface org.mapfish.print.processor.Processor
getInputMapperBiMap, getInputPrefix, getOutputMapperBiMap, getOutputPrefix, getOutputType, toString
-
Constructor Details
-
RestrictUrisProcessor
public RestrictUrisProcessor()
-
-
Method Details
-
createFactoryWrapper
public MfClientHttpRequestFactory createFactoryWrapper(ClientHttpFactoryProcessorParam clientHttpFactoryProcessorParam, MfClientHttpRequestFactory requestFactory) Description copied from interface:HttpProcessorCreate theMfClientHttpRequestFactoryto use.- Parameters:
clientHttpFactoryProcessorParam- extra parameters required to create the updated request factoryrequestFactory- the basic request factory. It should be unmodified and just wrapped with a proxy class.
-