Package org.faceless.publisher.type
Interface EgressFilter
- All Known Implementing Classes:
EgressFilterSequence
,RegexEgressFilter
public interface EgressFilter
An interface which can be used to limit access to a resource at a particular URL.
This can be set on the ReportFactory via
ReportFactory.setEgressFilter(org.faceless.publisher.type.EgressFilter)
-
Field Summary
Modifier and TypeFieldDescriptionstatic final EgressFilter
An EgressFilter that allows all URLs, unchanged.static final boolean
static final EgressFilter
The default EgressFilter used by BFO Publisher.static final EgressFilter
An EgressFilter that allows only potentially trustworthy URLs -data
,about
and some other schemes used internally by BFO Publisher that are required for normal function.static final EgressFilter
An EgressFilter that disallows access to anyfile
URL, but is otherwise likeDEFAULT
static final EgressFilter
An EgressFilter that disallows access to any local network URL, such ashttp://127.0.0.1
,http://192.168.0.1
,http://server.local
,http://server
,http://[::1]
,http://[fd02::1]
orhttp://169.254.0.1
. -
Method Summary
-
Field Details
-
DEBUG
static final boolean DEBUG -
ALWAYS
An EgressFilter that allows all URLs, unchanged. This would present a security risk if used - for instance, a web-page could includefile:///etc/passwd
in its output. -
NEVER
An EgressFilter that allows only potentially trustworthy URLs -data
,about
and some other schemes used internally by BFO Publisher that are required for normal function. -
NOFILES
An EgressFilter that disallows access to anyfile
URL, but is otherwise likeDEFAULT
-
NOLOCAL
An EgressFilter that disallows access to any local network URL, such ashttp://127.0.0.1
,http://192.168.0.1
,http://server.local
,http://server
,http://[::1]
,http://[fd02::1]
orhttp://169.254.0.1
. -
DEFAULT
The default EgressFilter used by BFO Publisher. This has the following restrictions:- special URLs such as those with the schemes
about:
ordata:
can always be accessed file
andjar
URLs can only ever be accessed fromfile
andjar
URLs- local-network URLs (eg
192.168.1.1
) can only ever be accessed from local-network URLs - otherwise all access is allowed
- special URLs such as those with the schemes
-
-
Method Details
-
rewrite
This method will be supplied with the URL about to be loaded, and the base URL of the Document loading it. It can return the URL as it is to load it, a rewritten URL to load a new resource instead, ornull
to disallow the load.- Parameters:
uri
- the destination URLsrc
- the URL of the document, or null if we're testing the base URL of the document- Returns:
- the URL to load, or
null
to disallow access
-