--- projects/cms/source/server/uk/org/iscream/cms/server/filter/plugins/SourceChecker__Plugin.java 2002/03/20 16:32:37 1.1 +++ projects/cms/source/server/uk/org/iscream/cms/server/filter/plugins/SourceChecker__Plugin.java 2002/03/21 17:26:00 1.2 @@ -14,7 +14,7 @@ import uk.org.iscream.cms.server.componentmanager.*; * send packets through the system. * * @author $Author: tdb $ - * @version $Id: SourceChecker__Plugin.java,v 1.1 2002/03/20 16:32:37 tdb Exp $ + * @version $Id: SourceChecker__Plugin.java,v 1.2 2002/03/21 17:26:00 tdb Exp $ */ public class SourceChecker__Plugin implements PluginFilter { @@ -23,7 +23,7 @@ public class SourceChecker__Plugin implements PluginFi /** * The current CVS revision of this class */ - public final String REVISION = "$Revision: 1.1 $"; + public final String REVISION = "$Revision: 1.2 $"; public final String DESC = "Checks the machine_name attribute in the packet attributes. This must machine must be permitted by the ACL to allow the packet through."; @@ -32,34 +32,47 @@ public class SourceChecker__Plugin implements PluginFi //---CONSTRUCTORS--- public SourceChecker__Plugin() { - // get our ACL from the configuration - try { - String stringACL = ConfigurationProxy.getInstance().getProperty("Filter." + FilterMain.NAME, "Filter.SourceCheckerPluginACL"); - _acl = new ACL(stringACL); - } - catch(PropertyNotFoundException e) { - _logger.write(toString(), Logger.WARNING, "No ACL found for SourceChecker__Plugin: " + e); - } + // setup an empty ACL defaulting to ALLOW + _acl = new ACL(ACL.ALLOW); } //---PUBLIC METHODS--- // apply the filter and return true if successful. public boolean runFilter(XMLPacket packet){ + String newStringACL; + // get hold of the ACL in the configuration + try { + newStringACL = ConfigurationProxy.getInstance().getProperty("Filter." + FilterMain.NAME, "Filter.SourceCheckerPluginACL"); + } + catch(PropertyNotFoundException e) { + // if we can't find it, we'll just use a null ACL + newStringACL = ""; + _logger.write(toString(), Logger.WARNING, "No ACL found for SourceChecker__Plugin, using empty ACL instead : " + e); + } + // check to see if the ACL has changed + if(!newStringACL.equals(_stringACL)) { + _logger.write(toString(), Logger.SYSMSG, "Reloading Access Control List"); + // clear the ACL + _acl.clear(); + // set the default to something sane + _acl.setDefaultMode(ACL.ALLOW); + // add the new ACL (this may change the default) + _acl.add(newStringACL); + _stringACL = newStringACL; + } // only want to check data or heartbeat packets // any others will probably get filtered out further up the filter chain - if(_acl != null && - (packet.getParam("packet.attributes.type").equals("data") || - packet.getParam("packet.attributes.type").equals("heartbeat"))) { + if(packet.getParam("packet.attributes.type").equals("data") || + packet.getParam("packet.attributes.type").equals("heartbeat")) { // check the machine name against the ACL // we could check the IP too... but it's a lot of work for _every_ packet... maybe... return _acl.check(packet.getParam("packet.attributes.machine_name")); } // a good catchall, I guess - // either it's not a data or heartbeat packet, in which case it should go through - // or we don't have an ACL set + // it's not a data or heartbeat packet, in which case it should go through return true; } @@ -113,6 +126,11 @@ public class SourceChecker__Plugin implements PluginFi * This holds the ACL for the plugin. */ private ACL _acl; + + /** + * The current String representation of our ACL. + */ + private String _stringACL = ""; //---STATIC ATTRIBUTES---