filter/plugins/SourceChecker__Plugin.java

//---PACKAGE DECLARATION---
package uk.org.iscream.cms.server.filter.plugins;

//---IMPORTS---
import uk.org.iscream.cms.server.filter.PluginFilter;
import uk.org.iscream.cms.server.filter.*;
import uk.org.iscream.cms.server.core.*;
import uk.org.iscream.cms.server.util.*;
import uk.org.iscream.cms.server.componentmanager.*;

/**
 * This plugin is designed to check the source of incoming
 * packets, and ensure the source machine is permitted to
 * send packets through the system.
 *
 * @author  $Author$
 * @version $Id$
 */
public class SourceChecker__Plugin implements PluginFilter {

//---FINAL ATTRIBUTES---

    /**
     * The current CVS revision of this class
     */
    public final String REVISION = "$Revision: 1.1 $";
    
    public final String DESC = "Checks the machine_name attribute in the packet attributes. This must machine must be permitted by the ACL to allow the packet through.";
    
//---STATIC METHODS---

//---CONSTRUCTORS---

    public SourceChecker__Plugin() {
        // get our ACL from the configuration
        try {
            String stringACL = ConfigurationProxy.getInstance().getProperty("Filter." + FilterMain.NAME, "Filter.SourceCheckerPluginACL");
            _acl = new ACL(stringACL);
        }
        catch(PropertyNotFoundException e) {
            _logger.write(toString(), Logger.WARNING, "No ACL found for SourceChecker__Plugin: " + e);
        }
    }

//---PUBLIC METHODS---

    // apply the filter and return true if successful.
    public boolean runFilter(XMLPacket packet){
        
        // only want to check data or heartbeat packets
        // any others will probably get filtered out further up the filter chain
        if(_acl != null &&
          (packet.getParam("packet.attributes.type").equals("data") ||
           packet.getParam("packet.attributes.type").equals("heartbeat"))) {
            // check the machine name against the ACL
            // we could check the IP too... but it's a lot of work for _every_ packet... maybe...
            return _acl.check(packet.getParam("packet.attributes.machine_name"));
        }
        
        // a good catchall, I guess
        // either it's not a data or heartbeat packet, in which case it should go through
        // or we don't have an ACL set
        return true;
    }

    /**
     * Overrides the {@link java.lang.Object#toString() Object.toString()}
     * method to provide clean logging (every class should have this).
     *
     * This uses the uk.org.iscream.cms.server.util.NameFormat class
     * to format the toString()
     *
     * @return the name of this class and its CVS revision
     */
    public String toString() {
        return FormatName.getName(
            _name,
            getClass().getName(),
            REVISION);
    }

    /**
     * return the String representation of what the filter does
     */
    public String getDescription(){
        return DESC;
    }

//---PRIVATE METHODS---

//---ACCESSOR/MUTATOR METHODS---

//---ATTRIBUTES---

    /**
     * This is the friendly identifier of the
     * component this class is running in.
     * eg, a Filter may be called "filter1",
     * If this class does not have an owning
     * component,  a name from the configuration
     * can be placed here.  This name could also
     * be changed to null for utility classes.
     */
    private String _name = FilterMain.NAME;

    /**
     * This holds a reference to the
     * system logger that is being used.
     */
    private Logger _logger = ReferenceManager.getInstance().getLogger();

    /**
     * This holds the ACL for the plugin.
     */
    private ACL _acl;

//---STATIC ATTRIBUTES---

}
Revision:	1.1
Committed:	Wed Mar 20 16:32:37 2002 UTC (22 years, 2 months ago) by tdb
Branch:	MAIN
Log Message:	New filter plugin to remove packets that don't match a given ACL. This allows filtering to be done based on ACL's at any point during a filter chain (rather than just the ends). This also semi-solves the problem of not being able to do an ACL on the CORBA input to a Filter (well, not easily afaik).
#	Content
1	//---PACKAGE DECLARATION---
2	package uk.org.iscream.cms.server.filter.plugins;
3
4	//---IMPORTS---
5	import uk.org.iscream.cms.server.filter.PluginFilter;
6	import uk.org.iscream.cms.server.filter.*;
7	import uk.org.iscream.cms.server.core.*;
8	import uk.org.iscream.cms.server.util.*;
9	import uk.org.iscream.cms.server.componentmanager.*;
10
11	/**
12	* This plugin is designed to check the source of incoming
13	* packets, and ensure the source machine is permitted to
14	* send packets through the system.
15	*
16	* @author $Author$
17	* @version $Id$
18	*/
19	public class SourceChecker__Plugin implements PluginFilter {
20
21	//---FINAL ATTRIBUTES---
22
23	/**
24	* The current CVS revision of this class
25	*/
26	public final String REVISION = "$Revision: 1.1 $";
27
28	public final String DESC = "Checks the machine_name attribute in the packet attributes. This must machine must be permitted by the ACL to allow the packet through.";
29
30	//---STATIC METHODS---
31
32	//---CONSTRUCTORS---
33
34	public SourceChecker__Plugin() {
35	// get our ACL from the configuration
36	try {
37	String stringACL = ConfigurationProxy.getInstance().getProperty("Filter." + FilterMain.NAME, "Filter.SourceCheckerPluginACL");
38	_acl = new ACL(stringACL);
39	}
40	catch(PropertyNotFoundException e) {
41	_logger.write(toString(), Logger.WARNING, "No ACL found for SourceChecker__Plugin: " + e);
42	}
43	}
44
45	//---PUBLIC METHODS---
46
47	// apply the filter and return true if successful.
48	public boolean runFilter(XMLPacket packet){
49
50	// only want to check data or heartbeat packets
51	// any others will probably get filtered out further up the filter chain
52	if(_acl != null &&
53	(packet.getParam("packet.attributes.type").equals("data") \|\|
54	packet.getParam("packet.attributes.type").equals("heartbeat"))) {
55	// check the machine name against the ACL
56	// we could check the IP too... but it's a lot of work for _every_ packet... maybe...
57	return _acl.check(packet.getParam("packet.attributes.machine_name"));
58	}
59
60	// a good catchall, I guess
61	// either it's not a data or heartbeat packet, in which case it should go through
62	// or we don't have an ACL set
63	return true;
64	}
65
66	/**
67	* Overrides the {@link java.lang.Object#toString() Object.toString()}
68	* method to provide clean logging (every class should have this).
69	*
70	* This uses the uk.org.iscream.cms.server.util.NameFormat class
71	* to format the toString()
72	*
73	* @return the name of this class and its CVS revision
74	*/
75	public String toString() {
76	return FormatName.getName(
77	_name,
78	getClass().getName(),
79	REVISION);
80	}
81
82	/**
83	* return the String representation of what the filter does
84	*/
85	public String getDescription(){
86	return DESC;
87	}
88
89	//---PRIVATE METHODS---
90
91	//---ACCESSOR/MUTATOR METHODS---
92
93	//---ATTRIBUTES---
94
95	/**
96	* This is the friendly identifier of the
97	* component this class is running in.
98	* eg, a Filter may be called "filter1",
99	* If this class does not have an owning
100	* component, a name from the configuration
101	* can be placed here. This name could also
102	* be changed to null for utility classes.
103	*/
104	private String _name = FilterMain.NAME;
105
106	/**
107	* This holds a reference to the
108	* system logger that is being used.
109	*/
110	private Logger _logger = ReferenceManager.getInstance().getLogger();
111
112	/**
113	* This holds the ACL for the plugin.
114	*/
115	private ACL _acl;
116
117	//---STATIC ATTRIBUTES---
118
119	}