1 |
//---PACKAGE DECLARATION--- |
2 |
//package uk.org.iscream.cms.server.util; |
3 |
|
4 |
//---IMPORTS--- |
5 |
import uk.org.iscream.cms.server.util.*; |
6 |
import java.util.ArrayList; |
7 |
import java.net.InetAddress; |
8 |
import java.io.Serializable; |
9 |
|
10 |
/** |
11 |
* Access Control List for use primarily |
12 |
* with the ACLServerSocket. It could, however |
13 |
* have other uses as it has a fairly generic |
14 |
* behaviour. Rules are added using the add |
15 |
* method, and then checks can be made using |
16 |
* the relevant check method. |
17 |
* |
18 |
* @author $Author$ |
19 |
* @version $Id$ |
20 |
*/ |
21 |
public class ACL implements Serializable { |
22 |
|
23 |
//---FINAL ATTRIBUTES--- |
24 |
|
25 |
/** |
26 |
* The current CVS revision of this class |
27 |
*/ |
28 |
public static final String REVISION = "$Revision$"; |
29 |
|
30 |
/** |
31 |
* static to be used when adding an ALLOW rule to the ACL. |
32 |
*/ |
33 |
public static final boolean ALLOW = true; |
34 |
|
35 |
/** |
36 |
* static to be used when adding a DENY rule to the ACL. |
37 |
*/ |
38 |
public static final boolean DENY = false; |
39 |
|
40 |
//---STATIC METHODS--- |
41 |
|
42 |
//---CONSTRUCTORS--- |
43 |
|
44 |
/** |
45 |
* Construct a new Access Control List. The default |
46 |
* mode is to ALLOW anything that isn't explicitly |
47 |
* blocked by a rule. |
48 |
*/ |
49 |
public ACL() { |
50 |
// default to ACL.ALLOW |
51 |
this(ACL.ALLOW); |
52 |
} |
53 |
|
54 |
/** |
55 |
* Construct a new Access Control List with a given |
56 |
* default mode. This mode specifies what should |
57 |
* happen if a check does not match any rules. |
58 |
* |
59 |
* @param defaultMode the default mode for non-matched checks |
60 |
*/ |
61 |
public ACL(boolean defaultMode) { |
62 |
_defaultMode = defaultMode; |
63 |
} |
64 |
|
65 |
//---PUBLIC METHODS--- |
66 |
|
67 |
/** |
68 |
* Add a new rule to the ACL immediately after the |
69 |
* previous rule. The rule can either be an ACL.ALLOW |
70 |
* rule, or an ACL.DENY rule. The expression can |
71 |
* contain a wildcard (a * only). Rules can only be |
72 |
* added to the end of the list. |
73 |
* |
74 |
* param allow whether this is an ALLOW or DENY rule |
75 |
* param expression what this rule matches using wildcards |
76 |
*/ |
77 |
public void add(boolean allow, String expression) { |
78 |
_acl.add(new ACLRule(allow, expression)); |
79 |
} |
80 |
|
81 |
/** |
82 |
* Check to see if a string is permitted by the |
83 |
* ACL. Useful for testing, and non-Socket uses |
84 |
* of this class. |
85 |
* |
86 |
* @param address the string to check |
87 |
* @return whether the address was permitted by the ACL |
88 |
*/ |
89 |
public boolean check(String address) { |
90 |
for(int i=0; i < _acl.size(); i++) { |
91 |
ACLRule rule = (ACLRule) _acl.get(i); |
92 |
if(StringUtils.wildcardCheck(address, rule._expression)) { |
93 |
return rule._allow; |
94 |
} |
95 |
} |
96 |
return _defaultMode; |
97 |
} |
98 |
|
99 |
/** |
100 |
* Check to see if an InetAddress is permitted |
101 |
* by the ACL. Perfect for Socket uses of this |
102 |
* class. It should be made clear that this will |
103 |
* check both the hostname AND IP address against |
104 |
* each rule in turn. The hostname will always be |
105 |
* checked BEFORE the IP address. |
106 |
* |
107 |
* @param address the InetAddress to check |
108 |
* @return whether the InetAddress was permitted by the ACL |
109 |
*/ |
110 |
public boolean check(InetAddress address) { |
111 |
for(int i=0; i < _acl.size(); i++) { |
112 |
ACLRule rule = (ACLRule) _acl.get(i); |
113 |
if(StringUtils.wildcardCheck(address.getHostName(), rule._expression)) { |
114 |
return rule._allow; |
115 |
} |
116 |
if(StringUtils.wildcardCheck(address.getHostAddress(), rule._expression)) { |
117 |
return rule._allow; |
118 |
} |
119 |
} |
120 |
return _defaultMode; |
121 |
} |
122 |
|
123 |
/** |
124 |
* Gives a String representation of this ACL. |
125 |
* |
126 |
* @return A String representation of this ACL. |
127 |
*/ |
128 |
public String toString() { |
129 |
StringBuffer acl = new StringBuffer(); |
130 |
acl.append("{"); |
131 |
for(int i=0; i < _acl.size(); i++) { |
132 |
ACLRule rule = (ACLRule) _acl.get(i); |
133 |
if(rule._allow) { |
134 |
acl.append(rule._expression + "=ALLOW"); |
135 |
} |
136 |
else { |
137 |
acl.append(rule._expression + "=DENY"); |
138 |
} |
139 |
acl.append(","); |
140 |
} |
141 |
if(_defaultMode) { |
142 |
acl.append("DEFAULT=ALLOW"); |
143 |
} |
144 |
else { |
145 |
acl.append("DEFAULT=DENY"); |
146 |
} |
147 |
acl.append("}"); |
148 |
return acl.toString(); |
149 |
} |
150 |
|
151 |
//---PRIVATE METHODS--- |
152 |
|
153 |
//---ACCESSOR/MUTATOR METHODS--- |
154 |
|
155 |
//---ATTRIBUTES--- |
156 |
|
157 |
/** |
158 |
* This is the friendly identifier of the |
159 |
* component this class is running in. |
160 |
* eg, a Filter may be called "filter1", |
161 |
* If this class does not have an owning |
162 |
* component, a name from the configuration |
163 |
* can be placed here. This name could also |
164 |
* be changed to null for utility classes. |
165 |
*/ |
166 |
private String _name = null; |
167 |
|
168 |
/** |
169 |
* The ACL is stored in this ArrayList. |
170 |
*/ |
171 |
private ArrayList _acl = new ArrayList(); |
172 |
|
173 |
/** |
174 |
* The default mode of this ACL. |
175 |
*/ |
176 |
private boolean _defaultMode; |
177 |
|
178 |
//---STATIC ATTRIBUTES--- |
179 |
|
180 |
//---INNER CLASSES--- |
181 |
|
182 |
/** |
183 |
* Wrapper class for an ACL rule. |
184 |
*/ |
185 |
private class ACLRule implements Serializable { |
186 |
|
187 |
/** |
188 |
* Construct an ACL rule. |
189 |
* |
190 |
* @param allow whether this is an ALLOW or DENY rule |
191 |
* @param expression what this rule matches |
192 |
*/ |
193 |
private ACLRule(boolean allow, String expression) { |
194 |
_allow = allow; |
195 |
_expression = expression; |
196 |
} |
197 |
|
198 |
/** |
199 |
* Whether this is an ALLOW or DENY rule. |
200 |
*/ |
201 |
private boolean _allow; |
202 |
|
203 |
/** |
204 |
* What this rule matches. |
205 |
*/ |
206 |
private String _expression; |
207 |
|
208 |
} |
209 |
|
210 |
} |