ViewVC Help

View File | Revision Log | Show Annotations | Revision Graph | Root Listing

root/i-scream/experimental/server/ACL/ACL.java

Comparing experimental/server/ACL/ACL.java (file contents):
Revision 1.1 by tdb, Wed Dec 19 23:43:27 2001 UTC vs.
Revision 1.6 by tdb, Mon Dec 24 04:17:29 2001 UTC

#	Line 3 | Line 3
3
4		//---IMPORTS---
5		import uk.org.iscream.cms.server.util.*;
6	<	import java.util.LinkedList;
7	<	import java.util.Iterator;
6	>	import java.util.ArrayList;
7		import java.net.InetAddress;
8	+	import java.io.Serializable;
9
10		/**
11	<	* Access Control List
11	>	* Access Control List for use primarily
12	>	* with the ACLServerSocket. It could, however
13	>	* have other uses as it has a fairly generic
14	>	* behaviour. Rules are added using the add
15	>	* method, and then checks can be made using
16	>	* the relevant check method.
17		*
18		* @author  $Author$
19		* @version $Id$
20		*/
21	<	public class ACL {
21	>	public class ACL implements Serializable {
22
23		//---FINAL ATTRIBUTES---
24
#	Line 21 | Line 26 | public class ACL {
26		* The current CVS revision of this class
27		*/
28		public static final String REVISION = "$Revision$";
29	<
29	>
30	>	/**
31	>	* static to be used when adding an ALLOW rule to the ACL.
32	>	*/
33		public static final boolean ALLOW = true;
34	+
35	+	/**
36	+	* static to be used when adding a DENY rule to the ACL.
37	+	*/
38		public static final boolean DENY = false;
39
40		//---STATIC METHODS---
41
42		//---CONSTRUCTORS---
43
44	+	/**
45	+	* Construct a new Access Control List. The default
46	+	* mode is to ALLOW anything that isn't explicitly
47	+	* blocked by a rule.
48	+	*/
49		public ACL() {
50		// default to ACL.ALLOW
51		this(ACL.ALLOW);
52		}
53
54	+	/**
55	+	* Construct a new Access Control List with a given
56	+	* default mode. This mode specifies what should
57	+	* happen if a check does not match any rules.
58	+	*
59	+	* @param defaultMode the default mode for non-matched checks
60	+	*/
61		public ACL(boolean defaultMode) {
62		_defaultMode = defaultMode;
63		}
64
65		//---PUBLIC METHODS---
66
67	+	/**
68	+	* Add a new rule to the ACL immediately after the
69	+	* previous rule. The rule can either be an ACL.ALLOW
70	+	* rule, or an ACL.DENY rule. The expression can
71	+	* contain a wildcard (a * only). Rules can only be
72	+	* added to the end of the list.
73	+	*
74	+	* param allow whether this is an ALLOW or DENY rule
75	+	* param expression what this rule matches using wildcards
76	+	*/
77		public void add(boolean allow, String expression) {
78	<	_acl.add(new ACLItem(allow, expression));
78	>	_acl.add(new ACLRule(allow, expression));
79		}
80
81	+	/**
82	+	* Check to see if a string is permitted by the
83	+	* ACL. Useful for testing, and non-Socket uses
84	+	* of this class.
85	+	*
86	+	* @param address the string to check
87	+	* @return whether the address was permitted by the ACL
88	+	*/
89		public boolean check(String address) {
90	<	Iterator i = _acl.iterator();
91	<	while(i.hasNext()) {
92	<	ACLItem item = (ACLItem) i.next();
93	<	if(StringUtils.wildcardCheck(address, item._expression)) {
52	<	return item._allow;
90	>	for(int i=0; i < _acl.size(); i++) {
91	>	ACLRule rule = (ACLRule) _acl.get(i);
92	>	if(StringUtils.wildcardCheck(address, rule._expression)) {
93	>	return rule._allow;
94		}
95		}
55	–	// what to do here?
56	–	// -- basically a default of deny/allow is needed
96		return _defaultMode;
97		}
98
99	+	/**
100	+	* Check to see if an InetAddress is permitted
101	+	* by the ACL. Perfect for Socket uses of this
102	+	* class. It should be made clear that this will
103	+	* check both the hostname AND IP address against
104	+	* each rule in turn. The hostname will always be
105	+	* checked BEFORE the IP address.
106	+	*
107	+	* @param address the InetAddress to check
108	+	* @return whether the InetAddress was permitted by the ACL
109	+	*/
110		public boolean check(InetAddress address) {
111	<	Iterator i = _acl.iterator();
112	<	while(i.hasNext()) {
113	<	ACLItem item = (ACLItem) i.next();
114	<	if(StringUtils.wildcardCheck(address.getHostName(), item._expression)) {
65	<	return item._allow;
111	>	for(int i=0; i < _acl.size(); i++) {
112	>	ACLRule rule = (ACLRule) _acl.get(i);
113	>	if(StringUtils.wildcardCheck(address.getHostName(), rule._expression)) {
114	>	return rule._allow;
115		}
116	<	if(StringUtils.wildcardCheck(address.getHostAddress(), item._expression)) {
117	<	return item._allow;
116	>	if(StringUtils.wildcardCheck(address.getHostAddress(), rule._expression)) {
117	>	return rule._allow;
118		}
119		}
71	–	// what to do here?
72	–	// -- basically a default of deny/allow is needed
120		return _defaultMode;
121		}
122
76	–	public String getACL() {
77	–	String acl = "";
78	–	Iterator i = _acl.iterator();
79	–	while(i.hasNext()) {
80	–	ACLItem item = (ACLItem) i.next();
81	–	if(item._allow) {
82	–	acl += "ALLOW:" + item._expression + " ";
83	–	}
84	–	else {
85	–	acl += "DENY:" + item._expression + " ";
86	–	}
87	–	}
88	–	return acl.substring(0, acl.length()-1);
89	–	}
90	–
123		/**
124	<	* Overrides the {@link java.lang.Object#toString() Object.toString()}
93	<	* method to provide clean logging (every class should have this).
124	>	* Gives a String representation of this ACL.
125		*
126	<	* This uses the uk.org.iscream.cms.server.util.FormatName class
96	<	* to format the toString()
97	<	*
98	<	* @return the name of this class and its CVS revision
126	>	* @return A String representation of this ACL.
127		*/
128		public String toString() {
129	<	return FormatName.getName(
130	<	_name,
131	<	getClass().getName(),
132	<	REVISION);
129	>	StringBuffer acl = new StringBuffer();
130	>	acl.append("{");
131	>	for(int i=0; i < _acl.size(); i++) {
132	>	acl.append((ACLRule) _acl.get(i));
133	>	acl.append(",");
134	>	}
135	>	if(_defaultMode) {
136	>	acl.append("DEFAULT=ALLOW");
137	>	}
138	>	else {
139	>	acl.append("DEFAULT=DENY");
140	>	}
141	>	acl.append("}");
142	>	return acl.toString();
143		}
144
145		//---PRIVATE METHODS---
#	Line 120 | Line 158 | public class ACL {
158		* be changed to null for utility classes.
159		*/
160		private String _name = null;
161	<
162	<	private LinkedList _acl = new LinkedList();
161	>
162	>	/**
163	>	* The ACL is stored in this ArrayList.
164	>	*/
165	>	private ArrayList _acl = new ArrayList();
166	>
167	>	/**
168	>	* The default mode of this ACL.
169	>	*/
170		private boolean _defaultMode;
171
172		//---STATIC ATTRIBUTES---
173
174		//---INNER CLASSES---
175
176	<	private class ACLItem {
176	>	/**
177	>	* Wrapper class for an ACL rule.
178	>	*/
179	>	private class ACLRule implements Serializable {
180
181	<	private ACLItem(boolean allow, String expression) {
181	>	/**
182	>	* Construct an ACL rule.
183	>	*
184	>	* @param allow whether this is an ALLOW or DENY rule
185	>	* @param expression what this rule matches
186	>	*/
187	>	private ACLRule(boolean allow, String expression) {
188		_allow = allow;
189		_expression = expression;
190		}
191
192	+	/**
193	+	* Returns a String representation of this rule.
194	+	*
195	+	* @return A String representation of this rule.
196	+	*/
197	+	public String toString() {
198	+	if(_allow) {
199	+	return _expression + "=ALLOW";
200	+	}
201	+	else {
202	+	return _expression + "=DENY";
203	+	}
204	+	}
205	+
206	+	/**
207	+	* Whether this is an ALLOW or DENY rule.
208	+	*/
209		private boolean _allow;
210	+
211	+	/**
212	+	* What this rule matches.
213	+	*/
214		private String _expression;
215
216		}

Diff Legend

–	Removed lines
+	Added lines
<	Changed lines
>	Changed lines