| 3 |
|
|
| 4 |
|
//---IMPORTS--- |
| 5 |
|
import uk.org.iscream.cms.server.util.*; |
| 6 |
< |
import java.util.LinkedList; |
| 7 |
< |
import java.util.Iterator; |
| 6 |
> |
import java.util.ArrayList; |
| 7 |
|
import java.net.InetAddress; |
| 8 |
|
|
| 9 |
|
/** |
| 10 |
< |
* Access Control List |
| 10 |
> |
* Access Control List for use primarily |
| 11 |
> |
* with the ACLServerSocket. It could, however |
| 12 |
> |
* have other uses as it has a fairly generic |
| 13 |
> |
* behaviour. Rules are added using the add |
| 14 |
> |
* method, and then checks can be made using |
| 15 |
> |
* the relevant check method. |
| 16 |
|
* |
| 17 |
|
* @author $Author$ |
| 18 |
|
* @version $Id$ |
| 25 |
|
* The current CVS revision of this class |
| 26 |
|
*/ |
| 27 |
|
public static final String REVISION = "$Revision$"; |
| 28 |
< |
|
| 28 |
> |
|
| 29 |
> |
/** |
| 30 |
> |
* static to be used when adding an ALLOW rule to the ACL. |
| 31 |
> |
*/ |
| 32 |
|
public static final boolean ALLOW = true; |
| 33 |
+ |
|
| 34 |
+ |
/** |
| 35 |
+ |
* static to be used when adding a DENY rule to the ACL. |
| 36 |
+ |
*/ |
| 37 |
|
public static final boolean DENY = false; |
| 38 |
|
|
| 39 |
|
//---STATIC METHODS--- |
| 40 |
|
|
| 41 |
|
//---CONSTRUCTORS--- |
| 42 |
|
|
| 43 |
+ |
/** |
| 44 |
+ |
* Construct a new Access Control List. The default |
| 45 |
+ |
* mode is to ALLOW anything that isn't explicitly |
| 46 |
+ |
* blocked by a rule. |
| 47 |
+ |
*/ |
| 48 |
|
public ACL() { |
| 49 |
|
// default to ACL.ALLOW |
| 50 |
|
this(ACL.ALLOW); |
| 51 |
|
} |
| 52 |
|
|
| 53 |
+ |
/** |
| 54 |
+ |
* Construct a new Access Control List with a given |
| 55 |
+ |
* default mode. This mode specifies what should |
| 56 |
+ |
* happen if a check does not match any rules. |
| 57 |
+ |
* |
| 58 |
+ |
* @param defaultMode the default mode for non-matched checks |
| 59 |
+ |
*/ |
| 60 |
|
public ACL(boolean defaultMode) { |
| 61 |
|
_defaultMode = defaultMode; |
| 62 |
|
} |
| 63 |
|
|
| 64 |
|
//---PUBLIC METHODS--- |
| 65 |
|
|
| 66 |
+ |
/** |
| 67 |
+ |
* Add a new rule to the ACL immediately after the |
| 68 |
+ |
* previous rule. The rule can either be an ACL.ALLOW |
| 69 |
+ |
* rule, or an ACL.DENY rule. The expression can |
| 70 |
+ |
* contain a wildcard (a * only). Rules can only be |
| 71 |
+ |
* added to the end of the list. |
| 72 |
+ |
* |
| 73 |
+ |
* param allow whether this is an ALLOW or DENY rule |
| 74 |
+ |
* param expression what this rule matches using wildcards |
| 75 |
+ |
*/ |
| 76 |
|
public void add(boolean allow, String expression) { |
| 77 |
< |
_acl.add(new ACLItem(allow, expression)); |
| 77 |
> |
_acl.add(new ACLRule(allow, expression)); |
| 78 |
|
} |
| 79 |
|
|
| 80 |
+ |
/** |
| 81 |
+ |
* Check to see if a string is permitted by the |
| 82 |
+ |
* ACL. Useful for testing, and non-Socket uses |
| 83 |
+ |
* of this class. |
| 84 |
+ |
* |
| 85 |
+ |
* @param address the string to check |
| 86 |
+ |
* @return whether the address was permitted by the ACL |
| 87 |
+ |
*/ |
| 88 |
|
public boolean check(String address) { |
| 89 |
< |
Iterator i = _acl.iterator(); |
| 90 |
< |
while(i.hasNext()) { |
| 91 |
< |
ACLItem item = (ACLItem) i.next(); |
| 92 |
< |
if(StringUtils.wildcardCheck(address, item._expression)) { |
| 52 |
< |
return item._allow; |
| 89 |
> |
for(int i=0; i < _acl.size(); i++) { |
| 90 |
> |
ACLRule rule = (ACLRule) _acl.get(i); |
| 91 |
> |
if(StringUtils.wildcardCheck(address, rule._expression)) { |
| 92 |
> |
return rule._allow; |
| 93 |
|
} |
| 94 |
|
} |
| 55 |
– |
// what to do here? |
| 56 |
– |
// -- basically a default of deny/allow is needed |
| 95 |
|
return _defaultMode; |
| 96 |
|
} |
| 97 |
|
|
| 98 |
+ |
/** |
| 99 |
+ |
* Check to see if an InetAddress is permitted |
| 100 |
+ |
* by the ACL. Perfect for Socket uses of this |
| 101 |
+ |
* class. It should be made clear that this will |
| 102 |
+ |
* check both the hostname AND IP address against |
| 103 |
+ |
* each rule in turn. The hostname will always be |
| 104 |
+ |
* checked BEFORE the IP address. |
| 105 |
+ |
* |
| 106 |
+ |
* @param address the InetAddress to check |
| 107 |
+ |
* @return whether the InetAddress was permitted by the ACL |
| 108 |
+ |
*/ |
| 109 |
|
public boolean check(InetAddress address) { |
| 110 |
< |
Iterator i = _acl.iterator(); |
| 111 |
< |
while(i.hasNext()) { |
| 112 |
< |
ACLItem item = (ACLItem) i.next(); |
| 113 |
< |
if(StringUtils.wildcardCheck(address.getHostName(), item._expression)) { |
| 65 |
< |
return item._allow; |
| 110 |
> |
for(int i=0; i < _acl.size(); i++) { |
| 111 |
> |
ACLRule rule = (ACLRule) _acl.get(i); |
| 112 |
> |
if(StringUtils.wildcardCheck(address.getHostName(), rule._expression)) { |
| 113 |
> |
return rule._allow; |
| 114 |
|
} |
| 115 |
< |
if(StringUtils.wildcardCheck(address.getHostAddress(), item._expression)) { |
| 116 |
< |
return item._allow; |
| 115 |
> |
if(StringUtils.wildcardCheck(address.getHostAddress(), rule._expression)) { |
| 116 |
> |
return rule._allow; |
| 117 |
|
} |
| 118 |
|
} |
| 71 |
– |
// what to do here? |
| 72 |
– |
// -- basically a default of deny/allow is needed |
| 119 |
|
return _defaultMode; |
| 120 |
|
} |
| 121 |
|
|
| 122 |
< |
public String getACL() { |
| 122 |
> |
/** |
| 123 |
> |
* Gets the ACL as a String for debugging. |
| 124 |
> |
* |
| 125 |
> |
* @return A String representation of this ACL. |
| 126 |
> |
*/ |
| 127 |
> |
public String getStringACL() { |
| 128 |
|
String acl = ""; |
| 129 |
< |
Iterator i = _acl.iterator(); |
| 130 |
< |
while(i.hasNext()) { |
| 131 |
< |
ACLItem item = (ACLItem) i.next(); |
| 132 |
< |
if(item._allow) { |
| 82 |
< |
acl += "ALLOW:" + item._expression + " "; |
| 129 |
> |
for(int i=0; i < _acl.size(); i++) { |
| 130 |
> |
ACLRule rule = (ACLRule) _acl.get(i); |
| 131 |
> |
if(rule._allow) { |
| 132 |
> |
acl += "ALLOW:" + rule._expression + " "; |
| 133 |
|
} |
| 134 |
|
else { |
| 135 |
< |
acl += "DENY:" + item._expression + " "; |
| 135 |
> |
acl += "DENY:" + rule._expression + " "; |
| 136 |
|
} |
| 137 |
|
} |
| 138 |
< |
return acl.substring(0, acl.length()-1); |
| 138 |
> |
if(_defaultMode) { |
| 139 |
> |
acl += "DEFAULT:ALLOW"; |
| 140 |
> |
} |
| 141 |
> |
else { |
| 142 |
> |
acl += "DEFAULT:DENY"; |
| 143 |
> |
} |
| 144 |
> |
return acl; |
| 145 |
|
} |
| 146 |
|
|
| 147 |
|
/** |
| 176 |
|
* be changed to null for utility classes. |
| 177 |
|
*/ |
| 178 |
|
private String _name = null; |
| 179 |
< |
|
| 180 |
< |
private LinkedList _acl = new LinkedList(); |
| 179 |
> |
|
| 180 |
> |
/** |
| 181 |
> |
* The ACL is stored in this ArrayList. |
| 182 |
> |
*/ |
| 183 |
> |
private ArrayList _acl = new ArrayList(); |
| 184 |
> |
|
| 185 |
> |
/** |
| 186 |
> |
* The default mode of this ACL. |
| 187 |
> |
*/ |
| 188 |
|
private boolean _defaultMode; |
| 189 |
|
|
| 190 |
|
//---STATIC ATTRIBUTES--- |
| 191 |
|
|
| 192 |
|
//---INNER CLASSES--- |
| 193 |
|
|
| 194 |
< |
private class ACLItem { |
| 194 |
> |
/** |
| 195 |
> |
* Wrapper class for an ACL rule. |
| 196 |
> |
*/ |
| 197 |
> |
private class ACLRule { |
| 198 |
|
|
| 199 |
< |
private ACLItem(boolean allow, String expression) { |
| 199 |
> |
/** |
| 200 |
> |
* Construct an ACL rule. |
| 201 |
> |
* |
| 202 |
> |
* @param allow whether this is an ALLOW or DENY rule |
| 203 |
> |
* @param expression what this rule matches |
| 204 |
> |
*/ |
| 205 |
> |
private ACLRule(boolean allow, String expression) { |
| 206 |
|
_allow = allow; |
| 207 |
|
_expression = expression; |
| 208 |
|
} |
| 209 |
|
|
| 210 |
+ |
/** |
| 211 |
+ |
* Whether this is an ALLOW or DENY rule. |
| 212 |
+ |
*/ |
| 213 |
|
private boolean _allow; |
| 214 |
+ |
|
| 215 |
+ |
/** |
| 216 |
+ |
* What this rule matches. |
| 217 |
+ |
*/ |
| 218 |
|
private String _expression; |
| 219 |
|
|
| 220 |
|
} |
