Constant for security log prefix introduced.
Signed-off-by: Dominic Schabel <dominic.schabel@bosch-si.com>
This commit is contained in:
@@ -8,8 +8,10 @@
|
|||||||
*/
|
*/
|
||||||
package org.eclipse.hawkbit.security;
|
package org.eclipse.hawkbit.security;
|
||||||
|
|
||||||
|
import static java.util.concurrent.TimeUnit.SECONDS;
|
||||||
|
import static org.eclipse.hawkbit.security.SecurityConstants.SECURITY_LOG_PREFIX;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.concurrent.TimeUnit;
|
|
||||||
import java.util.concurrent.atomic.AtomicInteger;
|
import java.util.concurrent.atomic.AtomicInteger;
|
||||||
import java.util.regex.Pattern;
|
import java.util.regex.Pattern;
|
||||||
|
|
||||||
@@ -31,25 +33,21 @@ import com.google.common.cache.CacheBuilder;
|
|||||||
/**
|
/**
|
||||||
* Filter for protection against denial of service attacks. It reduces the
|
* Filter for protection against denial of service attacks. It reduces the
|
||||||
* maximum number of request per seconds which can be separately configured for
|
* maximum number of request per seconds which can be separately configured for
|
||||||
* read (GET) and write (PUT/POST/DELETE) requests. requests
|
* read (GET) and write (PUT/POST/DELETE) requests.
|
||||||
*
|
|
||||||
*
|
|
||||||
*
|
|
||||||
*
|
|
||||||
*/
|
*/
|
||||||
public class DosFilter extends OncePerRequestFilter {
|
public class DosFilter extends OncePerRequestFilter {
|
||||||
|
|
||||||
private static final Logger LOG = LoggerFactory.getLogger(DosFilter.class);
|
private static final Logger LOG = LoggerFactory.getLogger(DosFilter.class);
|
||||||
private static final Logger LOG_DOS = LoggerFactory.getLogger("server-security.dos");
|
private static final Logger LOG_DOS = LoggerFactory.getLogger(SECURITY_LOG_PREFIX + ".dos");
|
||||||
private static final Logger LOG_BLACKLIST = LoggerFactory.getLogger("server-security.blacklist");
|
private static final Logger LOG_BLACKLIST = LoggerFactory.getLogger(SECURITY_LOG_PREFIX + ".blacklist");
|
||||||
|
|
||||||
private final Pattern ipAdressBlacklist;
|
private final Pattern ipAdressBlacklist;
|
||||||
|
|
||||||
private final Cache<String, AtomicInteger> readCountCache = CacheBuilder.newBuilder()
|
private final Cache<String, AtomicInteger> readCountCache = CacheBuilder.newBuilder().expireAfterAccess(1, SECONDS)
|
||||||
.expireAfterAccess(1, TimeUnit.SECONDS).build();
|
.build();
|
||||||
|
|
||||||
private final Cache<String, AtomicInteger> writeCountCache = CacheBuilder.newBuilder()
|
private final Cache<String, AtomicInteger> writeCountCache = CacheBuilder.newBuilder().expireAfterAccess(1, SECONDS)
|
||||||
.expireAfterAccess(1, TimeUnit.SECONDS).build();
|
.build();
|
||||||
|
|
||||||
private final Integer maxRead;
|
private final Integer maxRead;
|
||||||
private final Integer maxWrite;
|
private final Integer maxWrite;
|
||||||
@@ -78,7 +76,7 @@ public class DosFilter extends OncePerRequestFilter {
|
|||||||
*/
|
*/
|
||||||
public DosFilter(final Integer maxRead, final Integer maxWrite, final String ipDosWhiteListPattern,
|
public DosFilter(final Integer maxRead, final Integer maxWrite, final String ipDosWhiteListPattern,
|
||||||
final String ipBlackListPattern, final String forwardHeader) {
|
final String ipBlackListPattern, final String forwardHeader) {
|
||||||
super();
|
|
||||||
this.maxRead = maxRead;
|
this.maxRead = maxRead;
|
||||||
this.maxWrite = maxWrite;
|
this.maxWrite = maxWrite;
|
||||||
this.forwardHeader = forwardHeader;
|
this.forwardHeader = forwardHeader;
|
||||||
@@ -96,14 +94,6 @@ public class DosFilter extends OncePerRequestFilter {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
* (non-Javadoc)
|
|
||||||
*
|
|
||||||
* @see
|
|
||||||
* org.springframework.web.filter.OncePerRequestFilter#doFilterInternal(
|
|
||||||
* javax.servlet.http. HttpServletRequest,
|
|
||||||
* javax.servlet.http.HttpServletResponse, javax.servlet.FilterChain)
|
|
||||||
*/
|
|
||||||
@Override
|
@Override
|
||||||
protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response,
|
protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response,
|
||||||
final FilterChain filterChain) throws ServletException, IOException {
|
final FilterChain filterChain) throws ServletException, IOException {
|
||||||
@@ -152,11 +142,9 @@ public class DosFilter extends OncePerRequestFilter {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private static boolean handleMissingIpAddress(final HttpServletResponse response) {
|
private static boolean handleMissingIpAddress(final HttpServletResponse response) {
|
||||||
boolean processChain;
|
|
||||||
LOG.error("Failed to get peer IP adress");
|
LOG.error("Failed to get peer IP adress");
|
||||||
response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
|
response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
|
||||||
processChain = false;
|
return false;
|
||||||
return processChain;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean handleWriteRequest(final HttpServletResponse response, final String ip) {
|
private boolean handleWriteRequest(final HttpServletResponse response, final String ip) {
|
||||||
|
|||||||
@@ -0,0 +1,24 @@
|
|||||||
|
/**
|
||||||
|
* Copyright (c) 2016 Bosch Software Innovations GmbH and others.
|
||||||
|
*
|
||||||
|
* All rights reserved. This program and the accompanying materials
|
||||||
|
* are made available under the terms of the Eclipse Public License v1.0
|
||||||
|
* which accompanies this distribution, and is available at
|
||||||
|
* http://www.eclipse.org/legal/epl-v10.html
|
||||||
|
*/
|
||||||
|
package org.eclipse.hawkbit.security;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Constants related to security.
|
||||||
|
*/
|
||||||
|
public final class SecurityConstants {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Logger prefix used for security logging.
|
||||||
|
*/
|
||||||
|
public static final String SECURITY_LOG_PREFIX = "server-security";
|
||||||
|
|
||||||
|
private SecurityConstants() {
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user