server/ACL/ACL.java

//---PACKAGE DECLARATION---
//package uk.org.iscream.cms.server.util;

//---IMPORTS---
import uk.org.iscream.cms.server.util.*;
import java.util.ArrayList;
import java.net.InetAddress;
import java.io.Serializable;

/**
 * Access Control List for use primarily
 * with the ACLServerSocket. It could, however
 * have other uses as it has a fairly generic
 * behaviour. Rules are added using the add
 * method, and then checks can be made using
 * the relevant check method.
 *
 * @author  $Author: tdb $
 * @version $Id: ACL.java,v 1.5 2001/12/23 01:05:35 tdb Exp $
 */
public class ACL implements Serializable {

//---FINAL ATTRIBUTES---

    /**
     * The current CVS revision of this class
     */
    public static final String REVISION = "$Revision: 1.5 $";
    
    /**
     * static to be used when adding an ALLOW rule to the ACL.
     */
    public static final boolean ALLOW = true;
    
    /**
     * static to be used when adding a DENY rule to the ACL.
     */
    public static final boolean DENY = false;

//---STATIC METHODS---

//---CONSTRUCTORS---

    /**
     * Construct a new Access Control List. The default
     * mode is to ALLOW anything that isn't explicitly
     * blocked by a rule.
     */
    public ACL() {
        // default to ACL.ALLOW
        this(ACL.ALLOW);
    }
    
    /**
     * Construct a new Access Control List with a given
     * default mode. This mode specifies what should
     * happen if a check does not match any rules.
     *
     * @param defaultMode the default mode for non-matched checks
     */
    public ACL(boolean defaultMode) {
        _defaultMode = defaultMode;
    }

//---PUBLIC METHODS---

    /**
     * Add a new rule to the ACL immediately after the
     * previous rule. The rule can either be an ACL.ALLOW
     * rule, or an ACL.DENY rule. The expression can
     * contain a wildcard (a * only). Rules can only be
     * added to the end of the list.
     *
     * param allow whether this is an ALLOW or DENY rule
     * param expression what this rule matches using wildcards
     */
    public void add(boolean allow, String expression) {
        _acl.add(new ACLRule(allow, expression));
    }
    
    /**
     * Check to see if a string is permitted by the
     * ACL. Useful for testing, and non-Socket uses
     * of this class.
     *
     * @param address the string to check
     * @return whether the address was permitted by the ACL
     */
    public boolean check(String address) {
        for(int i=0; i < _acl.size(); i++) {
            ACLRule rule = (ACLRule) _acl.get(i);
            if(StringUtils.wildcardCheck(address, rule._expression)) {
                return rule._allow;
            }
        }
        return _defaultMode;
    }
    
    /**
     * Check to see if an InetAddress is permitted
     * by the ACL. Perfect for Socket uses of this
     * class. It should be made clear that this will
     * check both the hostname AND IP address against
     * each rule in turn. The hostname will always be
     * checked BEFORE the IP address.
     *
     * @param address the InetAddress to check
     * @return whether the InetAddress was permitted by the ACL
     */
    public boolean check(InetAddress address) {
        for(int i=0; i < _acl.size(); i++) {
            ACLRule rule = (ACLRule) _acl.get(i);
            if(StringUtils.wildcardCheck(address.getHostName(), rule._expression)) {
                return rule._allow;
            }
            if(StringUtils.wildcardCheck(address.getHostAddress(), rule._expression)) {
                return rule._allow;
            }
        }
        return _defaultMode;
    }
    
    /**
     * Gives a String representation of this ACL.
     *
     * @return A String representation of this ACL.
     */
    public String toString() {
        StringBuffer acl = new StringBuffer();
        acl.append("{");
        for(int i=0; i < _acl.size(); i++) {
            acl.append((ACLRule) _acl.get(i));
            acl.append(",");
        }
        if(_defaultMode) {
            acl.append("DEFAULT=ALLOW");
        }
        else {
            acl.append("DEFAULT=DENY");
        }
        acl.append("}");
        return acl.toString();
    }

//---PRIVATE METHODS---

//---ACCESSOR/MUTATOR METHODS---

//---ATTRIBUTES---

    /**
     * This is the friendly identifier of the
     * component this class is running in.
     * eg, a Filter may be called "filter1",
     * If this class does not have an owning
     * component,  a name from the configuration
     * can be placed here.  This name could also
     * be changed to null for utility classes.
     */
    private String _name = null;
    
    /**
     * The ACL is stored in this ArrayList.
     */
    private ArrayList _acl = new ArrayList();
    
    /**
     * The default mode of this ACL.
     */
    private boolean _defaultMode;

//---STATIC ATTRIBUTES---

//---INNER CLASSES---

    /**
     * Wrapper class for an ACL rule.
     */
    private class ACLRule implements Serializable {
        
        /**
         * Construct an ACL rule.
         *
         * @param allow whether this is an ALLOW or DENY rule
         * @param expression what this rule matches
         */
        private ACLRule(boolean allow, String expression) {
            _allow = allow;
            _expression = expression;
        }
        
        /**
         * Returns a String representation of this rule.
         *
         * @return A String representation of this rule.
         */
        public String toString() {
            if(_allow) {
                return _expression + "=ALLOW";
            }
            else {
                return _expression + "=DENY";
            }
        }
        
        /**
         * Whether this is an ALLOW or DENY rule.
         */
        private boolean _allow;
        
        /**
         * What this rule matches.
         */
        private String _expression;
        
    }

}
Revision:	1.6
Committed:	Mon Dec 24 04:17:29 2001 UTC (22 years, 10 months ago) by tdb
Branch:	MAIN
Changes since 1.5:	+18 -10 lines
Log Message:	Creating a toString() for ACLRule, and modified the ACL toString() to make use of this. It's a bit neater I think.
#	User	Rev	Content
1	tdb	1.1	//---PACKAGE DECLARATION---
2			//package uk.org.iscream.cms.server.util;
3
4			//---IMPORTS---
5			import uk.org.iscream.cms.server.util.*;
6	tdb	1.3	import java.util.ArrayList;
7	tdb	1.1	import java.net.InetAddress;
8	tdb	1.4	import java.io.Serializable;
9	tdb	1.1
10			/**
11	tdb	1.2	* Access Control List for use primarily
12			* with the ACLServerSocket. It could, however
13			* have other uses as it has a fairly generic
14			* behaviour. Rules are added using the add
15			* method, and then checks can be made using
16			* the relevant check method.
17	tdb	1.1	*
18	tdb	1.6	* @author $Author: tdb $
19			* @version $Id: ACL.java,v 1.5 2001/12/23 01:05:35 tdb Exp $
20	tdb	1.1	*/
21	tdb	1.4	public class ACL implements Serializable {
22	tdb	1.1
23			//---FINAL ATTRIBUTES---
24
25			/**
26			* The current CVS revision of this class
27			*/
28	tdb	1.6	public static final String REVISION = "$Revision: 1.5 $";
29	tdb	1.2
30			/**
31			* static to be used when adding an ALLOW rule to the ACL.
32			*/
33	tdb	1.1	public static final boolean ALLOW = true;
34	tdb	1.2
35			/**
36			* static to be used when adding a DENY rule to the ACL.
37			*/
38	tdb	1.1	public static final boolean DENY = false;
39
40			//---STATIC METHODS---
41
42			//---CONSTRUCTORS---
43
44	tdb	1.2	/**
45			* Construct a new Access Control List. The default
46			* mode is to ALLOW anything that isn't explicitly
47			* blocked by a rule.
48			*/
49	tdb	1.1	public ACL() {
50			// default to ACL.ALLOW
51			this(ACL.ALLOW);
52			}
53
54	tdb	1.2	/**
55			* Construct a new Access Control List with a given
56			* default mode. This mode specifies what should
57			* happen if a check does not match any rules.
58			*
59			* @param defaultMode the default mode for non-matched checks
60			*/
61	tdb	1.1	public ACL(boolean defaultMode) {
62			_defaultMode = defaultMode;
63			}
64
65			//---PUBLIC METHODS---
66
67	tdb	1.2	/**
68			* Add a new rule to the ACL immediately after the
69			* previous rule. The rule can either be an ACL.ALLOW
70			* rule, or an ACL.DENY rule. The expression can
71			* contain a wildcard (a * only). Rules can only be
72			* added to the end of the list.
73			*
74			* param allow whether this is an ALLOW or DENY rule
75			* param expression what this rule matches using wildcards
76			*/
77	tdb	1.1	public void add(boolean allow, String expression) {
78	tdb	1.2	_acl.add(new ACLRule(allow, expression));
79	tdb	1.1	}
80
81	tdb	1.2	/**
82			* Check to see if a string is permitted by the
83			* ACL. Useful for testing, and non-Socket uses
84			* of this class.
85			*
86			* @param address the string to check
87			* @return whether the address was permitted by the ACL
88			*/
89	tdb	1.1	public boolean check(String address) {
90	tdb	1.3	for(int i=0; i < _acl.size(); i++) {
91			ACLRule rule = (ACLRule) _acl.get(i);
92			if(StringUtils.wildcardCheck(address, rule._expression)) {
93			return rule._allow;
94	tdb	1.1	}
95			}
96			return _defaultMode;
97			}
98
99	tdb	1.2	/**
100			* Check to see if an InetAddress is permitted
101			* by the ACL. Perfect for Socket uses of this
102			* class. It should be made clear that this will
103			* check both the hostname AND IP address against
104			* each rule in turn. The hostname will always be
105			* checked BEFORE the IP address.
106			*
107			* @param address the InetAddress to check
108			* @return whether the InetAddress was permitted by the ACL
109			*/
110	tdb	1.1	public boolean check(InetAddress address) {
111	tdb	1.3	for(int i=0; i < _acl.size(); i++) {
112			ACLRule rule = (ACLRule) _acl.get(i);
113			if(StringUtils.wildcardCheck(address.getHostName(), rule._expression)) {
114			return rule._allow;
115	tdb	1.1	}
116	tdb	1.3	if(StringUtils.wildcardCheck(address.getHostAddress(), rule._expression)) {
117			return rule._allow;
118	tdb	1.1	}
119			}
120			return _defaultMode;
121			}
122
123	tdb	1.2	/**
124	tdb	1.5	* Gives a String representation of this ACL.
125	tdb	1.2	*
126			* @return A String representation of this ACL.
127			*/
128	tdb	1.5	public String toString() {
129			StringBuffer acl = new StringBuffer();
130			acl.append("{");
131	tdb	1.3	for(int i=0; i < _acl.size(); i++) {
132	tdb	1.6	acl.append((ACLRule) _acl.get(i));
133	tdb	1.5	acl.append(",");
134	tdb	1.1	}
135	tdb	1.3	if(_defaultMode) {
136	tdb	1.5	acl.append("DEFAULT=ALLOW");
137	tdb	1.3	}
138			else {
139	tdb	1.5	acl.append("DEFAULT=DENY");
140	tdb	1.3	}
141	tdb	1.5	acl.append("}");
142			return acl.toString();
143	tdb	1.1	}
144
145			//---PRIVATE METHODS---
146
147			//---ACCESSOR/MUTATOR METHODS---
148
149			//---ATTRIBUTES---
150
151			/**
152			* This is the friendly identifier of the
153			* component this class is running in.
154			* eg, a Filter may be called "filter1",
155			* If this class does not have an owning
156			* component, a name from the configuration
157			* can be placed here. This name could also
158			* be changed to null for utility classes.
159			*/
160			private String _name = null;
161	tdb	1.2
162			/**
163	tdb	1.3	* The ACL is stored in this ArrayList.
164	tdb	1.2	*/
165	tdb	1.3	private ArrayList _acl = new ArrayList();
166	tdb	1.2
167			/**
168			* The default mode of this ACL.
169			*/
170	tdb	1.1	private boolean _defaultMode;
171
172			//---STATIC ATTRIBUTES---
173
174			//---INNER CLASSES---
175
176	tdb	1.2	/**
177			* Wrapper class for an ACL rule.
178			*/
179	tdb	1.4	private class ACLRule implements Serializable {
180	tdb	1.1
181	tdb	1.2	/**
182			* Construct an ACL rule.
183			*
184			* @param allow whether this is an ALLOW or DENY rule
185			* @param expression what this rule matches
186			*/
187			private ACLRule(boolean allow, String expression) {
188	tdb	1.1	_allow = allow;
189			_expression = expression;
190	tdb	1.6	}
191
192			/**
193			* Returns a String representation of this rule.
194			*
195			* @return A String representation of this rule.
196			*/
197			public String toString() {
198			if(_allow) {
199			return _expression + "=ALLOW";
200			}
201			else {
202			return _expression + "=DENY";
203			}
204	tdb	1.1	}
205
206	tdb	1.2	/**
207			* Whether this is an ALLOW or DENY rule.
208			*/
209	tdb	1.1	private boolean _allow;
210	tdb	1.2
211			/**
212			* What this rule matches.
213			*/
214	tdb	1.1	private String _expression;
215
216			}
217
218			}