Reputation: 10023
Restrict Servlet access based on request origin with Jetty 6
I have a Jetty 6 server configured programmatically (no XML), which has several Servlets. I would like to restrict the access of one of those Servlet to requests coming from "localhost".
Is there a pre-existing Jetty filter I can use for this?
If no, how can I create my own filter to do this?
Current code:
Server server = new Server(httpPort);
Context ctx = new Context(server, "/");
ctx.addServlet(new ServletHolder(someHttpServlet), "/servlet1/*");
ctx.addServlet(new ServletHolder(someOtherHttpServlet), "/servlet2/*");
ctx.addFilter(new FilterHolder(myFilterHere), "/servlet2/*", Context.ALL);
Upvotes: 0
Views: 554
Answers (1)
Reputation: 6519
If you want to do it the way you've indicated, then you'll probably need to write your own Filter and look at request.getRemoteAddr()
However, it may be easier to run two Server instances within the same JVM and have one of them only listen on localhost. This documentation shows how to do that with XML configuration, it's pretty easy to translate that to direct Java configuration.
That requires running Jetty on two different ports, but that might be OK for you? Or you might be able to hide that by using iptables rules if you're on Linux (or the equivalent on other unix-like operating systems)
Upvotes: 1
Related Questions
- Embedded Jetty no filter named cross-origin
- Jetty - how to only allow requests from a specific domain
- How to add Access-Control-Allow-Origin to jetty server
- Jetty Cross Origin Filter
- Restrict Access to a Servlet by Port
- Access Control Allow Origin in Servlet
- Set Access-Control-Allow-Origin in Jetty
- Using Filters to Restrict JSP Access?
- Apply a servlet filter only in some environments
- How do I filter all incoming requests and not just ones mapped to servlets?