1 |
tdb |
1.1 |
//---PACKAGE DECLARATION--- |
2 |
|
|
//package uk.org.iscream.cms.server.util; |
3 |
|
|
|
4 |
|
|
//---IMPORTS--- |
5 |
|
|
import uk.org.iscream.cms.server.util.*; |
6 |
tdb |
1.3 |
import java.util.ArrayList; |
7 |
tdb |
1.1 |
import java.net.InetAddress; |
8 |
|
|
|
9 |
|
|
/** |
10 |
tdb |
1.2 |
* Access Control List for use primarily |
11 |
|
|
* with the ACLServerSocket. It could, however |
12 |
|
|
* have other uses as it has a fairly generic |
13 |
|
|
* behaviour. Rules are added using the add |
14 |
|
|
* method, and then checks can be made using |
15 |
|
|
* the relevant check method. |
16 |
tdb |
1.1 |
* |
17 |
|
|
* @author $Author$ |
18 |
|
|
* @version $Id$ |
19 |
|
|
*/ |
20 |
|
|
public class ACL { |
21 |
|
|
|
22 |
|
|
//---FINAL ATTRIBUTES--- |
23 |
|
|
|
24 |
|
|
/** |
25 |
|
|
* The current CVS revision of this class |
26 |
|
|
*/ |
27 |
|
|
public static final String REVISION = "$Revision$"; |
28 |
tdb |
1.2 |
|
29 |
|
|
/** |
30 |
|
|
* static to be used when adding an ALLOW rule to the ACL. |
31 |
|
|
*/ |
32 |
tdb |
1.1 |
public static final boolean ALLOW = true; |
33 |
tdb |
1.2 |
|
34 |
|
|
/** |
35 |
|
|
* static to be used when adding a DENY rule to the ACL. |
36 |
|
|
*/ |
37 |
tdb |
1.1 |
public static final boolean DENY = false; |
38 |
|
|
|
39 |
|
|
//---STATIC METHODS--- |
40 |
|
|
|
41 |
|
|
//---CONSTRUCTORS--- |
42 |
|
|
|
43 |
tdb |
1.2 |
/** |
44 |
|
|
* Construct a new Access Control List. The default |
45 |
|
|
* mode is to ALLOW anything that isn't explicitly |
46 |
|
|
* blocked by a rule. |
47 |
|
|
*/ |
48 |
tdb |
1.1 |
public ACL() { |
49 |
|
|
// default to ACL.ALLOW |
50 |
|
|
this(ACL.ALLOW); |
51 |
|
|
} |
52 |
|
|
|
53 |
tdb |
1.2 |
/** |
54 |
|
|
* Construct a new Access Control List with a given |
55 |
|
|
* default mode. This mode specifies what should |
56 |
|
|
* happen if a check does not match any rules. |
57 |
|
|
* |
58 |
|
|
* @param defaultMode the default mode for non-matched checks |
59 |
|
|
*/ |
60 |
tdb |
1.1 |
public ACL(boolean defaultMode) { |
61 |
|
|
_defaultMode = defaultMode; |
62 |
|
|
} |
63 |
|
|
|
64 |
|
|
//---PUBLIC METHODS--- |
65 |
|
|
|
66 |
tdb |
1.2 |
/** |
67 |
|
|
* Add a new rule to the ACL immediately after the |
68 |
|
|
* previous rule. The rule can either be an ACL.ALLOW |
69 |
|
|
* rule, or an ACL.DENY rule. The expression can |
70 |
|
|
* contain a wildcard (a * only). Rules can only be |
71 |
|
|
* added to the end of the list. |
72 |
|
|
* |
73 |
|
|
* param allow whether this is an ALLOW or DENY rule |
74 |
|
|
* param expression what this rule matches using wildcards |
75 |
|
|
*/ |
76 |
tdb |
1.1 |
public void add(boolean allow, String expression) { |
77 |
tdb |
1.2 |
_acl.add(new ACLRule(allow, expression)); |
78 |
tdb |
1.1 |
} |
79 |
|
|
|
80 |
tdb |
1.2 |
/** |
81 |
|
|
* Check to see if a string is permitted by the |
82 |
|
|
* ACL. Useful for testing, and non-Socket uses |
83 |
|
|
* of this class. |
84 |
|
|
* |
85 |
|
|
* @param address the string to check |
86 |
|
|
* @return whether the address was permitted by the ACL |
87 |
|
|
*/ |
88 |
tdb |
1.1 |
public boolean check(String address) { |
89 |
tdb |
1.3 |
for(int i=0; i < _acl.size(); i++) { |
90 |
|
|
ACLRule rule = (ACLRule) _acl.get(i); |
91 |
|
|
if(StringUtils.wildcardCheck(address, rule._expression)) { |
92 |
|
|
return rule._allow; |
93 |
tdb |
1.1 |
} |
94 |
|
|
} |
95 |
|
|
return _defaultMode; |
96 |
|
|
} |
97 |
|
|
|
98 |
tdb |
1.2 |
/** |
99 |
|
|
* Check to see if an InetAddress is permitted |
100 |
|
|
* by the ACL. Perfect for Socket uses of this |
101 |
|
|
* class. It should be made clear that this will |
102 |
|
|
* check both the hostname AND IP address against |
103 |
|
|
* each rule in turn. The hostname will always be |
104 |
|
|
* checked BEFORE the IP address. |
105 |
|
|
* |
106 |
|
|
* @param address the InetAddress to check |
107 |
|
|
* @return whether the InetAddress was permitted by the ACL |
108 |
|
|
*/ |
109 |
tdb |
1.1 |
public boolean check(InetAddress address) { |
110 |
tdb |
1.3 |
for(int i=0; i < _acl.size(); i++) { |
111 |
|
|
ACLRule rule = (ACLRule) _acl.get(i); |
112 |
|
|
if(StringUtils.wildcardCheck(address.getHostName(), rule._expression)) { |
113 |
|
|
return rule._allow; |
114 |
tdb |
1.1 |
} |
115 |
tdb |
1.3 |
if(StringUtils.wildcardCheck(address.getHostAddress(), rule._expression)) { |
116 |
|
|
return rule._allow; |
117 |
tdb |
1.1 |
} |
118 |
|
|
} |
119 |
|
|
return _defaultMode; |
120 |
|
|
} |
121 |
|
|
|
122 |
tdb |
1.2 |
/** |
123 |
|
|
* Gets the ACL as a String for debugging. |
124 |
|
|
* |
125 |
|
|
* @return A String representation of this ACL. |
126 |
|
|
*/ |
127 |
|
|
public String getStringACL() { |
128 |
tdb |
1.1 |
String acl = ""; |
129 |
tdb |
1.3 |
for(int i=0; i < _acl.size(); i++) { |
130 |
|
|
ACLRule rule = (ACLRule) _acl.get(i); |
131 |
|
|
if(rule._allow) { |
132 |
|
|
acl += "ALLOW:" + rule._expression + " "; |
133 |
tdb |
1.1 |
} |
134 |
|
|
else { |
135 |
tdb |
1.3 |
acl += "DENY:" + rule._expression + " "; |
136 |
tdb |
1.1 |
} |
137 |
|
|
} |
138 |
tdb |
1.3 |
if(_defaultMode) { |
139 |
|
|
acl += "DEFAULT:ALLOW"; |
140 |
|
|
} |
141 |
|
|
else { |
142 |
|
|
acl += "DEFAULT:DENY"; |
143 |
|
|
} |
144 |
|
|
return acl; |
145 |
tdb |
1.1 |
} |
146 |
|
|
|
147 |
|
|
/** |
148 |
|
|
* Overrides the {@link java.lang.Object#toString() Object.toString()} |
149 |
|
|
* method to provide clean logging (every class should have this). |
150 |
|
|
* |
151 |
|
|
* This uses the uk.org.iscream.cms.server.util.FormatName class |
152 |
|
|
* to format the toString() |
153 |
|
|
* |
154 |
|
|
* @return the name of this class and its CVS revision |
155 |
|
|
*/ |
156 |
|
|
public String toString() { |
157 |
|
|
return FormatName.getName( |
158 |
|
|
_name, |
159 |
|
|
getClass().getName(), |
160 |
|
|
REVISION); |
161 |
|
|
} |
162 |
|
|
|
163 |
|
|
//---PRIVATE METHODS--- |
164 |
|
|
|
165 |
|
|
//---ACCESSOR/MUTATOR METHODS--- |
166 |
|
|
|
167 |
|
|
//---ATTRIBUTES--- |
168 |
|
|
|
169 |
|
|
/** |
170 |
|
|
* This is the friendly identifier of the |
171 |
|
|
* component this class is running in. |
172 |
|
|
* eg, a Filter may be called "filter1", |
173 |
|
|
* If this class does not have an owning |
174 |
|
|
* component, a name from the configuration |
175 |
|
|
* can be placed here. This name could also |
176 |
|
|
* be changed to null for utility classes. |
177 |
|
|
*/ |
178 |
|
|
private String _name = null; |
179 |
tdb |
1.2 |
|
180 |
|
|
/** |
181 |
tdb |
1.3 |
* The ACL is stored in this ArrayList. |
182 |
tdb |
1.2 |
*/ |
183 |
tdb |
1.3 |
private ArrayList _acl = new ArrayList(); |
184 |
tdb |
1.2 |
|
185 |
|
|
/** |
186 |
|
|
* The default mode of this ACL. |
187 |
|
|
*/ |
188 |
tdb |
1.1 |
private boolean _defaultMode; |
189 |
|
|
|
190 |
|
|
//---STATIC ATTRIBUTES--- |
191 |
|
|
|
192 |
|
|
//---INNER CLASSES--- |
193 |
|
|
|
194 |
tdb |
1.2 |
/** |
195 |
|
|
* Wrapper class for an ACL rule. |
196 |
|
|
*/ |
197 |
|
|
private class ACLRule { |
198 |
tdb |
1.1 |
|
199 |
tdb |
1.2 |
/** |
200 |
|
|
* Construct an ACL rule. |
201 |
|
|
* |
202 |
|
|
* @param allow whether this is an ALLOW or DENY rule |
203 |
|
|
* @param expression what this rule matches |
204 |
|
|
*/ |
205 |
|
|
private ACLRule(boolean allow, String expression) { |
206 |
tdb |
1.1 |
_allow = allow; |
207 |
|
|
_expression = expression; |
208 |
|
|
} |
209 |
|
|
|
210 |
tdb |
1.2 |
/** |
211 |
|
|
* Whether this is an ALLOW or DENY rule. |
212 |
|
|
*/ |
213 |
tdb |
1.1 |
private boolean _allow; |
214 |
tdb |
1.2 |
|
215 |
|
|
/** |
216 |
|
|
* What this rule matches. |
217 |
|
|
*/ |
218 |
tdb |
1.1 |
private String _expression; |
219 |
|
|
|
220 |
|
|
} |
221 |
|
|
|
222 |
|
|
} |