server/ACL/ACL.java

//---PACKAGE DECLARATION---
//package uk.org.iscream.cms.server.util;

//---IMPORTS---
import uk.org.iscream.cms.server.util.*;
import java.util.ArrayList;
import java.net.InetAddress;

/**
 * Access Control List for use primarily
 * with the ACLServerSocket. It could, however
 * have other uses as it has a fairly generic
 * behaviour. Rules are added using the add
 * method, and then checks can be made using
 * the relevant check method.
 *
 * @author  $Author$
 * @version $Id$
 */
public class ACL {

//---FINAL ATTRIBUTES---

    /**
     * The current CVS revision of this class
     */
    public static final String REVISION = "$Revision$";
    
    /**
     * static to be used when adding an ALLOW rule to the ACL.
     */
    public static final boolean ALLOW = true;
    
    /**
     * static to be used when adding a DENY rule to the ACL.
     */
    public static final boolean DENY = false;

//---STATIC METHODS---

//---CONSTRUCTORS---

    /**
     * Construct a new Access Control List. The default
     * mode is to ALLOW anything that isn't explicitly
     * blocked by a rule.
     */
    public ACL() {
        // default to ACL.ALLOW
        this(ACL.ALLOW);
    }
    
    /**
     * Construct a new Access Control List with a given
     * default mode. This mode specifies what should
     * happen if a check does not match any rules.
     *
     * @param defaultMode the default mode for non-matched checks
     */
    public ACL(boolean defaultMode) {
        _defaultMode = defaultMode;
    }

//---PUBLIC METHODS---

    /**
     * Add a new rule to the ACL immediately after the
     * previous rule. The rule can either be an ACL.ALLOW
     * rule, or an ACL.DENY rule. The expression can
     * contain a wildcard (a * only). Rules can only be
     * added to the end of the list.
     *
     * param allow whether this is an ALLOW or DENY rule
     * param expression what this rule matches using wildcards
     */
    public void add(boolean allow, String expression) {
        _acl.add(new ACLRule(allow, expression));
    }
    
    /**
     * Check to see if a string is permitted by the
     * ACL. Useful for testing, and non-Socket uses
     * of this class.
     *
     * @param address the string to check
     * @return whether the address was permitted by the ACL
     */
    public boolean check(String address) {
        for(int i=0; i < _acl.size(); i++) {
            ACLRule rule = (ACLRule) _acl.get(i);
            if(StringUtils.wildcardCheck(address, rule._expression)) {
                return rule._allow;
            }
        }
        return _defaultMode;
    }
    
    /**
     * Check to see if an InetAddress is permitted
     * by the ACL. Perfect for Socket uses of this
     * class. It should be made clear that this will
     * check both the hostname AND IP address against
     * each rule in turn. The hostname will always be
     * checked BEFORE the IP address.
     *
     * @param address the InetAddress to check
     * @return whether the InetAddress was permitted by the ACL
     */
    public boolean check(InetAddress address) {
        for(int i=0; i < _acl.size(); i++) {
            ACLRule rule = (ACLRule) _acl.get(i);
            if(StringUtils.wildcardCheck(address.getHostName(), rule._expression)) {
                return rule._allow;
            }
            if(StringUtils.wildcardCheck(address.getHostAddress(), rule._expression)) {
                return rule._allow;
            }
        }
        return _defaultMode;
    }
    
    /**
     * Gets the ACL as a String for debugging.
     *
     * @return A String representation of this ACL.
     */
    public String getStringACL() {
        String acl = "";
        for(int i=0; i < _acl.size(); i++) {
            ACLRule rule = (ACLRule) _acl.get(i);
            if(rule._allow) {
                acl += "ALLOW:" + rule._expression + " ";
            }
            else {
                acl += "DENY:" + rule._expression + " ";
            }
        }
        if(_defaultMode) {
            acl += "DEFAULT:ALLOW";
        }
        else {
            acl += "DEFAULT:DENY";
        }
        return acl;
    }
    
    /**
     * Overrides the {@link java.lang.Object#toString() Object.toString()}
     * method to provide clean logging (every class should have this).
     *
     * This uses the uk.org.iscream.cms.server.util.FormatName class
     * to format the toString()
     *
     * @return the name of this class and its CVS revision
     */
    public String toString() {
        return FormatName.getName(
            _name,
            getClass().getName(),
            REVISION);
    }

//---PRIVATE METHODS---

//---ACCESSOR/MUTATOR METHODS---

//---ATTRIBUTES---

    /**
     * This is the friendly identifier of the
     * component this class is running in.
     * eg, a Filter may be called "filter1",
     * If this class does not have an owning
     * component,  a name from the configuration
     * can be placed here.  This name could also
     * be changed to null for utility classes.
     */
    private String _name = null;
    
    /**
     * The ACL is stored in this ArrayList.
     */
    private ArrayList _acl = new ArrayList();
    
    /**
     * The default mode of this ACL.
     */
    private boolean _defaultMode;

//---STATIC ATTRIBUTES---

//---INNER CLASSES---

    /**
     * Wrapper class for an ACL rule.
     */
    private class ACLRule {
        
        /**
         * Construct an ACL rule.
         *
         * @param allow whether this is an ALLOW or DENY rule
         * @param expression what this rule matches
         */
        private ACLRule(boolean allow, String expression) {
            _allow = allow;
            _expression = expression;
        }
        
        /**
         * Whether this is an ALLOW or DENY rule.
         */
        private boolean _allow;
        
        /**
         * What this rule matches.
         */
        private String _expression;
        
    }

}
Revision:	1.3
Committed:	Fri Dec 21 16:49:18 2001 UTC (22 years, 11 months ago) by tdb
Branch:	MAIN
Changes since 1.2:	+25 -25 lines
Log Message:	Changed the LinkedList/Iterator to an ArrayList.get(n) solution. According to Paul's research this should run at least 4 times as fast as the LinkedList in the iterating stage. (and twice as quick as an ArrayList/Iterator solution!). Using a plain array could make this go twice as fast again, but it's a lot more work :-)
#	Content
1	//---PACKAGE DECLARATION---
2	//package uk.org.iscream.cms.server.util;
3
4	//---IMPORTS---
5	import uk.org.iscream.cms.server.util.*;
6	import java.util.ArrayList;
7	import java.net.InetAddress;
8
9	/**
10	* Access Control List for use primarily
11	* with the ACLServerSocket. It could, however
12	* have other uses as it has a fairly generic
13	* behaviour. Rules are added using the add
14	* method, and then checks can be made using
15	* the relevant check method.
16	*
17	* @author $Author$
18	* @version $Id$
19	*/
20	public class ACL {
21
22	//---FINAL ATTRIBUTES---
23
24	/**
25	* The current CVS revision of this class
26	*/
27	public static final String REVISION = "$Revision$";
28
29	/**
30	* static to be used when adding an ALLOW rule to the ACL.
31	*/
32	public static final boolean ALLOW = true;
33
34	/**
35	* static to be used when adding a DENY rule to the ACL.
36	*/
37	public static final boolean DENY = false;
38
39	//---STATIC METHODS---
40
41	//---CONSTRUCTORS---
42
43	/**
44	* Construct a new Access Control List. The default
45	* mode is to ALLOW anything that isn't explicitly
46	* blocked by a rule.
47	*/
48	public ACL() {
49	// default to ACL.ALLOW
50	this(ACL.ALLOW);
51	}
52
53	/**
54	* Construct a new Access Control List with a given
55	* default mode. This mode specifies what should
56	* happen if a check does not match any rules.
57	*
58	* @param defaultMode the default mode for non-matched checks
59	*/
60	public ACL(boolean defaultMode) {
61	_defaultMode = defaultMode;
62	}
63
64	//---PUBLIC METHODS---
65
66	/**
67	* Add a new rule to the ACL immediately after the
68	* previous rule. The rule can either be an ACL.ALLOW
69	* rule, or an ACL.DENY rule. The expression can
70	* contain a wildcard (a * only). Rules can only be
71	* added to the end of the list.
72	*
73	* param allow whether this is an ALLOW or DENY rule
74	* param expression what this rule matches using wildcards
75	*/
76	public void add(boolean allow, String expression) {
77	_acl.add(new ACLRule(allow, expression));
78	}
79
80	/**
81	* Check to see if a string is permitted by the
82	* ACL. Useful for testing, and non-Socket uses
83	* of this class.
84	*
85	* @param address the string to check
86	* @return whether the address was permitted by the ACL
87	*/
88	public boolean check(String address) {
89	for(int i=0; i < _acl.size(); i++) {
90	ACLRule rule = (ACLRule) _acl.get(i);
91	if(StringUtils.wildcardCheck(address, rule._expression)) {
92	return rule._allow;
93	}
94	}
95	return _defaultMode;
96	}
97
98	/**
99	* Check to see if an InetAddress is permitted
100	* by the ACL. Perfect for Socket uses of this
101	* class. It should be made clear that this will
102	* check both the hostname AND IP address against
103	* each rule in turn. The hostname will always be
104	* checked BEFORE the IP address.
105	*
106	* @param address the InetAddress to check
107	* @return whether the InetAddress was permitted by the ACL
108	*/
109	public boolean check(InetAddress address) {
110	for(int i=0; i < _acl.size(); i++) {
111	ACLRule rule = (ACLRule) _acl.get(i);
112	if(StringUtils.wildcardCheck(address.getHostName(), rule._expression)) {
113	return rule._allow;
114	}
115	if(StringUtils.wildcardCheck(address.getHostAddress(), rule._expression)) {
116	return rule._allow;
117	}
118	}
119	return _defaultMode;
120	}
121
122	/**
123	* Gets the ACL as a String for debugging.
124	*
125	* @return A String representation of this ACL.
126	*/
127	public String getStringACL() {
128	String acl = "";
129	for(int i=0; i < _acl.size(); i++) {
130	ACLRule rule = (ACLRule) _acl.get(i);
131	if(rule._allow) {
132	acl += "ALLOW:" + rule._expression + " ";
133	}
134	else {
135	acl += "DENY:" + rule._expression + " ";
136	}
137	}
138	if(_defaultMode) {
139	acl += "DEFAULT:ALLOW";
140	}
141	else {
142	acl += "DEFAULT:DENY";
143	}
144	return acl;
145	}
146
147	/**
148	* Overrides the {@link java.lang.Object#toString() Object.toString()}
149	* method to provide clean logging (every class should have this).
150	*
151	* This uses the uk.org.iscream.cms.server.util.FormatName class
152	* to format the toString()
153	*
154	* @return the name of this class and its CVS revision
155	*/
156	public String toString() {
157	return FormatName.getName(
158	_name,
159	getClass().getName(),
160	REVISION);
161	}
162
163	//---PRIVATE METHODS---
164
165	//---ACCESSOR/MUTATOR METHODS---
166
167	//---ATTRIBUTES---
168
169	/**
170	* This is the friendly identifier of the
171	* component this class is running in.
172	* eg, a Filter may be called "filter1",
173	* If this class does not have an owning
174	* component, a name from the configuration
175	* can be placed here. This name could also
176	* be changed to null for utility classes.
177	*/
178	private String _name = null;
179
180	/**
181	* The ACL is stored in this ArrayList.
182	*/
183	private ArrayList _acl = new ArrayList();
184
185	/**
186	* The default mode of this ACL.
187	*/
188	private boolean _defaultMode;
189
190	//---STATIC ATTRIBUTES---
191
192	//---INNER CLASSES---
193
194	/**
195	* Wrapper class for an ACL rule.
196	*/
197	private class ACLRule {
198
199	/**
200	* Construct an ACL rule.
201	*
202	* @param allow whether this is an ALLOW or DENY rule
203	* @param expression what this rule matches
204	*/
205	private ACLRule(boolean allow, String expression) {
206	_allow = allow;
207	_expression = expression;
208	}
209
210	/**
211	* Whether this is an ALLOW or DENY rule.
212	*/
213	private boolean _allow;
214
215	/**
216	* What this rule matches.
217	*/
218	private String _expression;
219
220	}
221
222	}