| 32 |
|
//---CONSTRUCTORS--- |
| 33 |
|
|
| 34 |
|
public SourceChecker__Plugin() { |
| 35 |
< |
// get our ACL from the configuration |
| 36 |
< |
try { |
| 37 |
< |
String stringACL = ConfigurationProxy.getInstance().getProperty("Filter." + FilterMain.NAME, "Filter.SourceCheckerPluginACL"); |
| 38 |
< |
_acl = new ACL(stringACL); |
| 39 |
< |
} |
| 40 |
< |
catch(PropertyNotFoundException e) { |
| 41 |
< |
_logger.write(toString(), Logger.WARNING, "No ACL found for SourceChecker__Plugin: " + e); |
| 42 |
< |
} |
| 35 |
> |
// setup an empty ACL defaulting to ALLOW |
| 36 |
> |
_acl = new ACL(ACL.ALLOW); |
| 37 |
|
} |
| 38 |
|
|
| 39 |
|
//---PUBLIC METHODS--- |
| 40 |
|
|
| 41 |
|
// apply the filter and return true if successful. |
| 42 |
|
public boolean runFilter(XMLPacket packet){ |
| 43 |
+ |
String newStringACL; |
| 44 |
+ |
// get hold of the ACL in the configuration |
| 45 |
+ |
try { |
| 46 |
+ |
newStringACL = ConfigurationProxy.getInstance().getProperty("Filter." + FilterMain.NAME, "Filter.SourceCheckerPluginACL"); |
| 47 |
+ |
} |
| 48 |
+ |
catch(PropertyNotFoundException e) { |
| 49 |
+ |
// if we can't find it, we'll just use a null ACL |
| 50 |
+ |
newStringACL = ""; |
| 51 |
+ |
_logger.write(toString(), Logger.WARNING, "No ACL found for SourceChecker__Plugin, using empty ACL instead : " + e); |
| 52 |
+ |
} |
| 53 |
+ |
// check to see if the ACL has changed |
| 54 |
+ |
if(!newStringACL.equals(_stringACL)) { |
| 55 |
+ |
_logger.write(toString(), Logger.SYSMSG, "Reloading Access Control List"); |
| 56 |
+ |
// clear the ACL |
| 57 |
+ |
_acl.clear(); |
| 58 |
+ |
// set the default to something sane |
| 59 |
+ |
_acl.setDefaultMode(ACL.ALLOW); |
| 60 |
+ |
// add the new ACL (this may change the default) |
| 61 |
+ |
_acl.add(newStringACL); |
| 62 |
+ |
_stringACL = newStringACL; |
| 63 |
+ |
} |
| 64 |
|
|
| 65 |
|
// only want to check data or heartbeat packets |
| 66 |
|
// any others will probably get filtered out further up the filter chain |
| 67 |
< |
if(_acl != null && |
| 68 |
< |
(packet.getParam("packet.attributes.type").equals("data") || |
| 54 |
< |
packet.getParam("packet.attributes.type").equals("heartbeat"))) { |
| 67 |
> |
if(packet.getParam("packet.attributes.type").equals("data") || |
| 68 |
> |
packet.getParam("packet.attributes.type").equals("heartbeat")) { |
| 69 |
|
// check the machine name against the ACL |
| 70 |
|
// we could check the IP too... but it's a lot of work for _every_ packet... maybe... |
| 71 |
|
return _acl.check(packet.getParam("packet.attributes.machine_name")); |
| 72 |
|
} |
| 73 |
|
|
| 74 |
|
// a good catchall, I guess |
| 75 |
< |
// either it's not a data or heartbeat packet, in which case it should go through |
| 62 |
< |
// or we don't have an ACL set |
| 75 |
> |
// it's not a data or heartbeat packet, in which case it should go through |
| 76 |
|
return true; |
| 77 |
|
} |
| 78 |
|
|
| 126 |
|
* This holds the ACL for the plugin. |
| 127 |
|
*/ |
| 128 |
|
private ACL _acl; |
| 129 |
+ |
|
| 130 |
+ |
/** |
| 131 |
+ |
* The current String representation of our ACL. |
| 132 |
+ |
*/ |
| 133 |
+ |
private String _stringACL = ""; |
| 134 |
|
|
| 135 |
|
//---STATIC ATTRIBUTES--- |
| 136 |
|
|
