ViewVC Help

View File | Revision Log | Show Annotations | Revision Graph | Root Listing

root/i-scream/experimental/server/ACL/ACL.java

Comparing experimental/server/ACL/ACL.java (file contents):
Revision 1.3 by tdb, Fri Dec 21 16:49:18 2001 UTC vs.
Revision 1.8 by tdb, Mon Dec 31 02:57:00 2001 UTC

#	Line 4 | Line 4
4		//---IMPORTS---
5		import uk.org.iscream.cms.server.util.*;
6		import java.util.ArrayList;
7	+	import java.util.StringTokenizer;
8		import java.net.InetAddress;
9	+	import java.io.Serializable;
10
11		/**
12		* Access Control List for use primarily
#	Line 17 | Line 19 | import java.net.InetAddress;
19		* @author  $Author$
20		* @version $Id$
21		*/
22	<	public class ACL {
22	>	public class ACL implements Serializable {
23
24		//---FINAL ATTRIBUTES---
25
#	Line 74 | Line 76 | public class ACL {
76		* param expression what this rule matches using wildcards
77		*/
78		public void add(boolean allow, String expression) {
79	<	_acl.add(new ACLRule(allow, expression));
79	>	// default to expecting it to be an IP
80	>	// we will try to disprove this :)
81	>	boolean ip = true;
82	>	short[] ipaddr = {-1, -1, -1, -1};
83	>	int i = 0;
84	>	String s = "";
85	>	// tokenize the expression on fullstops, so we can break
86	>	// up the quads of an IP (if it's an IP!)
87	>	StringTokenizer st = new StringTokenizer(expression, ".");
88	>	while(st.hasMoreTokens() && i++ < 4) {
89	>	s = st.nextToken();
90	>	// if it's a wildcard, we'll skip to the next one
91	>	// as no more checks are required
92	>	if(s.equals("*")) {
93	>	continue;
94	>	}
95	>	// attempt to parse it into a short
96	>	try {
97	>	short n = Short.parseShort(s);
98	>	// if it's an int but outside of the
99	>	// valid range, it can't be an IP
100	>	if(n < 0 || n > 255) {
101	>	ip = false;
102	>	// give up checking further
103	>	break;
104	>	}
105	>	ipaddr[i-1] = n;
106	>	}
107	>	// if it didn't parse as an int it can't be an IP
108	>	catch (NumberFormatException e) {
109	>	ip = false;
110	>	// give up checking further
111	>	break;
112	>	}
113	>	}
114	>	// we've done 4 parts, so if there's any
115	>	// more this can't be an IP
116	>	if(st.hasMoreTokens()) {
117	>	ip = false;
118	>	}
119	>	// if we've done less than 4, see if the last one
120	>	// was a wildcard - if it isn't then it's not an IP
121	>	//   -- this allows 129.12.*
122	>	if(i < 4 && !s.equals("*")) {
123	>	ip = false;
124	>	}
125	>	// if we had one or less entries it can't be an IP
126	>	//   -- this disallows * matching as an IP due
127	>	//      to the rule above
128	>	if(i <= 1) {
129	>	ip = false;
130	>	}
131	>	// finally print out what we've found.
132	>	System.out.println("IP("+ip+"): "+expression);
133	>	if(ip) {
134	>	for(int j=0; j < ipaddr.length; j++) {
135	>	System.out.print(ipaddr[j] + " ");
136	>	}
137	>	System.out.println();
138	>	}
139	>	_acl.add(new ACLRule(allow, expression, ipaddr, ip));
140		}
141
142		/**
#	Line 107 | Line 169 | public class ACL {
169		* @return whether the InetAddress was permitted by the ACL
170		*/
171		public boolean check(InetAddress address) {
172	+	String hostname = address.getHostName();
173	+	String ip = address.getHostAddress();
174	+	short[] ipaddr = ipStringToShort(ip);
175		for(int i=0; i < _acl.size(); i++) {
176		ACLRule rule = (ACLRule) _acl.get(i);
177	<	if(StringUtils.wildcardCheck(address.getHostName(), rule._expression)) {
178	<	return rule._allow;
177	>	if(rule._iprule) {
178	>	System.out.println("checking ip rule "+rule._expression);
179	>	//if(StringUtils.wildcardCheck(ip, rule._expression)) {
180	>	if(compareShorts(ipaddr, rule._ipaddr)) {
181	>	return rule._allow;
182	>	}
183		}
184	<	if(StringUtils.wildcardCheck(address.getHostAddress(), rule._expression)) {
185	<	return rule._allow;
184	>	else {
185	>	System.out.println("checking name rule: "+rule._expression);
186	>	if(StringUtils.wildcardCheck(hostname, rule._expression)) {
187	>	return rule._allow;
188	>	}
189		}
190	+
191		}
192		return _defaultMode;
193		}
194
195		/**
196	<	* Gets the ACL as a String for debugging.
196	>	* Gives a String representation of this ACL.
197		*
198		* @return A String representation of this ACL.
199		*/
200	<	public String getStringACL() {
201	<	String acl = "";
200	>	public String toString() {
201	>	StringBuffer acl = new StringBuffer();
202	>	acl.append(FormatName.getName(_name, getClass().getName(), REVISION));
203	>	acl.append("{");
204		for(int i=0; i < _acl.size(); i++) {
205	<	ACLRule rule = (ACLRule) _acl.get(i);
206	<	if(rule._allow) {
132	<	acl += "ALLOW:" + rule._expression + " ";
133	<	}
134	<	else {
135	<	acl += "DENY:" + rule._expression + " ";
136	<	}
205	>	acl.append((ACLRule) _acl.get(i));
206	>	acl.append(",");
207		}
208		if(_defaultMode) {
209	<	acl += "DEFAULT:ALLOW";
209	>	acl.append("DEFAULT=ALLOW");
210		}
211		else {
212	<	acl += "DEFAULT:DENY";
212	>	acl.append("DEFAULT=DENY");
213		}
214	<	return acl;
214	>	acl.append("}");
215	>	return acl.toString();
216		}
146	–
147	–	/**
148	–	* Overrides the {@link java.lang.Object#toString() Object.toString()}
149	–	* method to provide clean logging (every class should have this).
150	–	*
151	–	* This uses the uk.org.iscream.cms.server.util.FormatName class
152	–	* to format the toString()
153	–	*
154	–	* @return the name of this class and its CVS revision
155	–	*/
156	–	public String toString() {
157	–	return FormatName.getName(
158	–	_name,
159	–	getClass().getName(),
160	–	REVISION);
161	–	}
217
218		//---PRIVATE METHODS---
219
220	+	private short[] ipStringToShort(String ip) {
221	+	short[] ipaddr = {-1, -1, -1, -1};
222	+	StringTokenizer st = new StringTokenizer(ip, ".");
223	+	for(int i=0; i < 4 && st.hasMoreTokens(); i++) {
224	+	try {
225	+	ipaddr[i] = Short.parseShort(st.nextToken());
226	+	}
227	+	catch(NumberFormatException e) {
228	+	// do nothing?
229	+	}
230	+	}
231	+	return ipaddr;
232	+	}
233	+
234	+	private boolean compareShorts(short[] first, short[] second) {
235	+	if(first.length != second.length) {
236	+	System.out.println("not equal length");
237	+	return false;
238	+	}
239	+	for(int i=0; i < first.length; i++) {
240	+	// -- might want to consider specify which is the wildcard one?
241	+	System.out.println(i + ":" + first[i] + "," + second[i]);
242	+	if(first[i] == -1 || second[i] == -1) {
243	+	continue;
244	+	}
245	+	if(first[i] != second[i]) {
246	+	System.out.println("not equal");
247	+	return false;
248	+	}
249	+	}
250	+	System.out.println("equal");
251	+	return true;
252	+	}
253	+
254		//---ACCESSOR/MUTATOR METHODS---
255
256		//---ATTRIBUTES---
#	Line 194 | Line 283 | public class ACL {
283		/**
284		* Wrapper class for an ACL rule.
285		*/
286	<	private class ACLRule {
286	>	private class ACLRule implements Serializable {
287
288		/**
289		* Construct an ACL rule.
290		*
291		* @param allow whether this is an ALLOW or DENY rule
292		* @param expression what this rule matches
293	+	* @param iprule whether this is an IP rule
294		*/
295	<	private ACLRule(boolean allow, String expression) {
295	>	private ACLRule(boolean allow, String expression, short[] ipaddr, boolean iprule) {
296		_allow = allow;
297		_expression = expression;
298	+	_ipaddr = ipaddr;
299	+	_iprule = iprule;
300		}
301
302		/**
303	+	* Returns a String representation of this rule.
304	+	*
305	+	* @return A String representation of this rule.
306	+	*/
307	+	public String toString() {
308	+	if(_allow) {
309	+	return _expression + "=ALLOW";
310	+	}
311	+	else {
312	+	return _expression + "=DENY";
313	+	}
314	+	}
315	+
316	+	/**
317		* Whether this is an ALLOW or DENY rule.
318		*/
319		private boolean _allow;
#	Line 216 | Line 322 | public class ACL {
322		* What this rule matches.
323		*/
324		private String _expression;
325	+
326	+	private short[] _ipaddr;
327	+
328	+	/**
329	+	* Whether this is an IP rule.
330	+	*/
331	+	private boolean _iprule;
332
333		}
334

Diff Legend

–	Removed lines
+	Added lines
<	Changed lines
>	Changed lines