Dashboard > QuickFIX/J > ... > Previous Wish List Features > MINA Filters
QuickFIX/J Log In | Sign Up   View a printable version of the current page.
MINA Filters
Browse Space    
Added by Brad Harvey, last edited by Steve Bate on Oct 08, 2006  (view change) show comment
Labels: 
(None)

Inserting MINA IoFilters

As of version 1.1.0 quickfixj allows custom IoFilters. MINA's javadoc for IoFilter gives some examples of how this could be useful:

A filter which intercepts IoHandler events like Servlet filters. Filters can be used for these purposes:

  • Event logging,
  • Performance measurement,
  • Authorization,
  • Overload control,
  • Message transformation (e.g. encryption and decryption, ...),
  • and many more.

This page shows how to add filters by adding a simple filter to the order executor example.

Blacklist Filter

MINA comes with a Blacklist filter which closes incoming connections from blacklisted addresses.

Lets add this filter to the order executor and make it block connections from localhost. To do this, change:

acceptor = new SocketAcceptor (application, messageStoreFactory, settings, logFactory, messageFactory);
acceptor.start();

to this (plus the appropriate imports):

acceptor = new SocketAcceptor (application, messageStoreFactory, settings, logFactory, messageFactory);
/* create the filter and add an address to the blacklist */
final BlacklistFilter blacklistFilter = new BlacklistFilter();
blacklistFilter.block(InetAddress.getByName("localhost"));
/* add it to the acceptor */
((SessionConnector) acceptor).setIoFilterChainBuilder(new IoFilterChainBuilder() {

    public void buildFilterChain(IoFilterChain chain) {
        chain.addBefore(FIXProtocolCodecFactory.FILTER_NAME, "BlacklistFilter", blacklistFilter);
    }});
acceptor.start();

Now when you start the executor and banzai apps you'll see this:

Executor Log
<20060913-10:54:22, FIX.4.2:EXEC->BANZAI, event> (Session FIX.4.2:EXEC->BANZAI schedule is daily, 00:00:00 UTC - 00:00:00 UTC)
<20060913-10:54:22, FIX.4.2:EXEC->BANZAI, event> (Valid order types: [F, 2])
<20060913-10:54:22, FIX.4.2:EXEC->BANZAI, event> (Created session: FIX.4.2:EXEC->BANZAI)
13/09/2006 20:54:22 quickfix.mina.acceptor.AbstractSocketAcceptor startAcceptingConnections
INFO: Listening for connections at 0.0.0.0/0.0.0.0:9876
press <enter> to quit
13/09/2006 20:54:26 quickfix.mina.acceptor.AcceptorIoHandler sessionCreated
INFO: MINA session created: /127.0.0.1:4538
13/09/2006 20:54:26 org.apache.mina.util.SessionLog info
INFO: [/127.0.0.1:4538] Remote address in the blacklist; closing.
13/09/2006 20:54:26 org.apache.mina.util.SessionLog info
INFO: [/127.0.0.1:4538] Remote address in the blacklist; closing.
Banzai Log
<20060913-10:54:26, FIX.4.2:BANZAI->EXEC, event> (Session FIX.4.2:BANZAI->EXEC schedule is daily, 00:00:00 UTC - 00:00:00 UTC)
<20060913-10:54:26, FIX.4.2:BANZAI->EXEC, event> (Created session: FIX.4.2:BANZAI->EXEC)
<20060913-10:54:26, FIX.4.2:BANZAI->EXEC, outgoing> (8=FIX.4.29=6535=A34=449=BANZAI52=20060913-10:54:26.75056=EXEC98=0108=3010=223)
<20060913-10:54:26, FIX.4.2:BANZAI->EXEC, event> (Initiated logon request)
<20060913-10:54:26, FIX.4.2:BANZAI->EXEC, event> (Disconnecting)
13/09/2006 20:54:26 quickfix.mina.initiator.InitiatorIoHandler sessionCreated
INFO: MINA session created: /127.0.0.1:4538

It is as simple as that!

Whitelist Filter

Attached is a sample Whitelist filter - WhitelistFilter.java. It allows an acceptor to accept specific sessions from specific IPs only.

The code changes required to use it are similar to the Blacklist filter, except that:

  • The filter is configured from SessionSettings.
  • You have to add the filter after FIXProtocolCodecFactory.FILTER_NAME as it relies on this to parse received messages.
acceptor = new SocketAcceptor (application, messageStoreFactory, settings, logFactory, messageFactory);
final WhitelistFilter whitelistFilter = new WhitelistFilter(settings);
((SessionConnector) acceptor).setIoFilterChainBuilder(new IoFilterChainBuilder() {
    public void buildFilterChain(IoFilterChain chain) {
        chain.addAfter(FIXProtocolCodecFactory.FILTER_NAME, "WhitelistFilter", whitelistFilter);
    }});
acceptor.start();

Specify valid IP addresses with the WhitelistHost setting, at either the default or session levels as required.

[default]
...
WhitelistHost=www.quickfixj.org

[session]
SenderCompID=EXEC
TargetCompID=BANZAI

[session]
SenderCompID=EXEC
TargetCompID=SONOFBANZAI
WhitelistHost1=127.0.0.1
WhitelistHost2=192.168.0.1, 192.168.0.2

[session]
SenderCompID=EXEC
TargetCompID=FREEFORALL
WhitelistHost=

On startup the valid hosts will be logged:

INFO: Authorised IPs for FIX.4.2:EXEC->FREEFORALL: [Any]
INFO: Authorised IPs for FIX.4.2:EXEC->BANZAI: [www.quickfixj.org/213.246.61.101]
INFO: Authorised IPs for FIX.4.2:EXEC->SONOFBANZAI: [/192.168.0.1, /127.0.0.1, www.quickfixj.org/213.246.61.101, /192.168.0.2]

New connections will be validated against the authorised IPs once the first message is received and closed if they are not valid:

WARNING: [/127.0.0.1:2633] Closing FIX.4.2:EXEC->BANZAI connection from unauthorised address.

Comments  (Hide)

Brad, do we need to create a factory for the builder? Is there any reason we can't just specify an IoFilterChainBuilder directly? I'm thinking the user would provide an IoFilterChain with just their filter modifications rather than inheriting from a default builder. The codec filter would be inserted automatically into the filter chain before calling the user's builder. The codec would have a well-defined name so it shouldn't limit the flexibility in how a filter chain can be configured. What do you think? I'd prefer to not have the factory unless it's necessary.

Posted by Anonymous at Aug 01, 2006 08:38 | Permalink

The primary benefit of the factory here is that it can read the quickfix settings file. If you specify an IoFilterChainBuilder directly in the settings file how do you configure it? This problem goes away if you only allow programmatic setting of the builder on SessionConnector. Not sure how useful specifying in settings actually is - I can imagine the settings file turning into frankensettings if you could do this for everything.

Note that the user is free to use any IoFilterChainBuilderFactory and IoFilterChainBuilder implementations - the Log example just extends the default factory for convenience. The caveat is that you have to insert the quickfix filter codec manually.

I do like the idea of inserting the codec filter and then calling the user's builder which can put things before or after the codec filter as it pleases - I forgot the filters don't have to be added in order. This removes the problem of having to add the codec filter yourself, but you now need to provider a Builder that knows how to add before or after the filter codec as appropriate.

Cheers,
Brad Harvey

Posted by Brad Harvey at Aug 07, 2006 05:24 | Permalink
Site powered by a free Open Source Project / Non-profit License (more) of Confluence - the Enterprise wiki.
Learn more or evaluate Confluence for your organisation.
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.1.5a Build:#411 Mar 16, 2006) - Bug/feature request - Contact Administrators

SourceForge.net Logo