Give a description to protect the serverAPI like the Tomcat Valve do.
By default, the servletAPI is open, and any host can connect to a BonitaServer, then use the BONITA JAVA API to do any operation.
This filter is able to protect the servletAPI, to describe which host can access the BONITA JAVA API
Principle
The filter verify that the RemoteAddr match the pattern. This is the same usage as the org.apache.catalina.valves.RequestFilterValve except that a filter can be setup for a specific URL, not all the tomcat
Installation
2.1 copy the RemoteAddrServletValve-1.0.jar to /webapps/bonita/WEB-INF/lib
2.2 register in the web.xml
To register the filter in Tomcat, edit the file /webapps/bonita/WEB-INF/web.xml
RemoteAddr org.bonitasoft.filter.allowed.FilterRemoteAddr deny 111\.222\.333\.444 allow 127\.0\.0\.1 RemoteAddr /serverAPI/* where : allow A regular expression (using java.util.regex) that the remote client's IP address is compared to. If this attribute is specified, the remote address MUST match for this request to be accepted. If this attribute is not specified, all requests will be accepted UNLESS the remote address matches a deny pattern.deny A regular expression (using java.util.regex) that the remote client’s IP address is compared to. If this attribute is specified, the remote address MUST NOT match for this request to be accepted. If this attribute is not specified, request acceptance is governed solely by the allow attribute.
Use it
Restart the server
Repository URL : https://github.com/Bonitasoft-Community/filter_remoteAddr