1 |
+ |
/* |
2 |
+ |
* i-scream central monitoring system |
3 |
+ |
* http://www.i-scream.org.uk |
4 |
+ |
* Copyright (C) 2000-2002 i-scream |
5 |
+ |
* |
6 |
+ |
* This program is free software; you can redistribute it and/or |
7 |
+ |
* modify it under the terms of the GNU General Public License |
8 |
+ |
* as published by the Free Software Foundation; either version 2 |
9 |
+ |
* of the License, or (at your option) any later version. |
10 |
+ |
* |
11 |
+ |
* This program is distributed in the hope that it will be useful, |
12 |
+ |
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 |
+ |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 |
+ |
* GNU General Public License for more details. |
15 |
+ |
* |
16 |
+ |
* You should have received a copy of the GNU General Public License |
17 |
+ |
* along with this program; if not, write to the Free Software |
18 |
+ |
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
19 |
+ |
*/ |
20 |
+ |
|
21 |
|
//---PACKAGE DECLARATION--- |
22 |
|
package uk.org.iscream.cms.server.filter.plugins; |
23 |
|
|
25 |
|
import uk.org.iscream.cms.server.filter.PluginFilter; |
26 |
|
import uk.org.iscream.cms.server.filter.*; |
27 |
|
import uk.org.iscream.cms.server.core.*; |
28 |
< |
import uk.org.iscream.cms.server.util.*; |
28 |
> |
import uk.org.iscream.cms.util.*; |
29 |
|
import uk.org.iscream.cms.server.componentmanager.*; |
30 |
|
|
31 |
|
/** |
52 |
|
//---CONSTRUCTORS--- |
53 |
|
|
54 |
|
public SourceChecker__Plugin() { |
55 |
< |
// get our ACL from the configuration |
56 |
< |
try { |
37 |
< |
String stringACL = ConfigurationProxy.getInstance().getProperty("Filter." + FilterMain.NAME, "Filter.SourceCheckerPluginACL"); |
38 |
< |
_acl = new ACL(stringACL); |
39 |
< |
} |
40 |
< |
catch(PropertyNotFoundException e) { |
41 |
< |
_logger.write(toString(), Logger.WARNING, "No ACL found for SourceChecker__Plugin: " + e); |
42 |
< |
} |
55 |
> |
// setup an empty ACL defaulting to ALLOW |
56 |
> |
_acl = new ACL(ACL.ALLOW); |
57 |
|
} |
58 |
|
|
59 |
|
//---PUBLIC METHODS--- |
60 |
|
|
61 |
|
// apply the filter and return true if successful. |
62 |
|
public boolean runFilter(XMLPacket packet){ |
63 |
+ |
String newStringACL; |
64 |
+ |
// get hold of the ACL in the configuration |
65 |
+ |
try { |
66 |
+ |
newStringACL = ConfigurationProxy.getInstance().getProperty("Filter." + FilterMain.NAME, "Filter.SourceCheckerPluginACL"); |
67 |
+ |
} |
68 |
+ |
catch(PropertyNotFoundException e) { |
69 |
+ |
// if we can't find it, we'll just use a null ACL |
70 |
+ |
newStringACL = ""; |
71 |
+ |
_logger.write(toString(), Logger.WARNING, "No ACL found for SourceChecker__Plugin, using empty ACL instead : " + e); |
72 |
+ |
} |
73 |
+ |
// check to see if the ACL has changed |
74 |
+ |
if(!newStringACL.equals(_stringACL)) { |
75 |
+ |
_logger.write(toString(), Logger.SYSMSG, "Reloading Access Control List"); |
76 |
+ |
// clear the ACL |
77 |
+ |
_acl.clear(); |
78 |
+ |
// set the default to something sane |
79 |
+ |
_acl.setDefaultMode(ACL.ALLOW); |
80 |
+ |
// add the new ACL (this may change the default) |
81 |
+ |
_acl.add(newStringACL); |
82 |
+ |
_stringACL = newStringACL; |
83 |
+ |
} |
84 |
|
|
85 |
< |
// only want to check data or heartbeat packets |
85 |
> |
// only want to check data packets |
86 |
|
// any others will probably get filtered out further up the filter chain |
87 |
< |
if(_acl != null && |
53 |
< |
(packet.getParam("packet.attributes.type").equals("data") || |
54 |
< |
packet.getParam("packet.attributes.type").equals("heartbeat"))) { |
87 |
> |
if(packet.getParam("packet.attributes.type").equals("data")) { |
88 |
|
// check the machine name against the ACL |
89 |
|
// we could check the IP too... but it's a lot of work for _every_ packet... maybe... |
90 |
|
return _acl.check(packet.getParam("packet.attributes.machine_name")); |
91 |
|
} |
92 |
|
|
93 |
|
// a good catchall, I guess |
94 |
< |
// either it's not a data or heartbeat packet, in which case it should go through |
62 |
< |
// or we don't have an ACL set |
94 |
> |
// it's not a data packet, in which case it should go through |
95 |
|
return true; |
96 |
|
} |
97 |
|
|
99 |
|
* Overrides the {@link java.lang.Object#toString() Object.toString()} |
100 |
|
* method to provide clean logging (every class should have this). |
101 |
|
* |
102 |
< |
* This uses the uk.org.iscream.cms.server.util.NameFormat class |
102 |
> |
* This uses the uk.org.iscream.cms.util.NameFormat class |
103 |
|
* to format the toString() |
104 |
|
* |
105 |
|
* @return the name of this class and its CVS revision |
145 |
|
* This holds the ACL for the plugin. |
146 |
|
*/ |
147 |
|
private ACL _acl; |
148 |
+ |
|
149 |
+ |
/** |
150 |
+ |
* The current String representation of our ACL. |
151 |
+ |
*/ |
152 |
+ |
private String _stringACL = ""; |
153 |
|
|
154 |
|
//---STATIC ATTRIBUTES--- |
155 |
|
|