In some use cases, there will be many hosts from which the user can impersonate.
This requires specifying many ips in the XML configuration.
It is cumbersome to specify and maintain long list of ips in proxyuser.hosts
The problem can be solved if we enable proxyuser.hosts to accept ip ranges in CIDR format.
In addition, the current ip authorization involve a liner scan of the ips and an attempt to do InetAddress.getByName() for each ip/host.
It may be beneficial to group this functionality of ip authorization by looking up "ip addresses/host names/ip-ranges" into a separate class. This could be reused in other usecases which require similar functionality