1 |
/* |
2 |
* i-scream central monitoring system |
3 |
* http://www.i-scream.org |
4 |
* Copyright (C) 2000-2002 i-scream |
5 |
* |
6 |
* This program is free software; you can redistribute it and/or |
7 |
* modify it under the terms of the GNU General Public License |
8 |
* as published by the Free Software Foundation; either version 2 |
9 |
* of the License, or (at your option) any later version. |
10 |
* |
11 |
* This program is distributed in the hope that it will be useful, |
12 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 |
* GNU General Public License for more details. |
15 |
* |
16 |
* You should have received a copy of the GNU General Public License |
17 |
* along with this program; if not, write to the Free Software |
18 |
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
19 |
*/ |
20 |
|
21 |
//---PACKAGE DECLARATION--- |
22 |
package uk.org.iscream.cms.server.filter.plugins; |
23 |
|
24 |
//---IMPORTS--- |
25 |
import uk.org.iscream.cms.server.filter.PluginFilter; |
26 |
import uk.org.iscream.cms.server.filter.*; |
27 |
import uk.org.iscream.cms.server.core.*; |
28 |
import uk.org.iscream.cms.util.*; |
29 |
import uk.org.iscream.cms.server.componentmanager.*; |
30 |
|
31 |
/** |
32 |
* This plugin is designed to check the source of incoming |
33 |
* packets, and ensure the source machine is permitted to |
34 |
* send packets through the system. |
35 |
* |
36 |
* @author $Author: tdb $ |
37 |
* @version $Id: SourceChecker__Plugin.java,v 1.6 2003/02/24 20:18:49 tdb Exp $ |
38 |
*/ |
39 |
public class SourceChecker__Plugin implements PluginFilter { |
40 |
|
41 |
//---FINAL ATTRIBUTES--- |
42 |
|
43 |
/** |
44 |
* The current CVS revision of this class |
45 |
*/ |
46 |
public final String REVISION = "$Revision: 1.6 $"; |
47 |
|
48 |
public final String DESC = "Checks the machine_name attribute in the packet attributes. This must machine must be permitted by the ACL to allow the packet through."; |
49 |
|
50 |
//---STATIC METHODS--- |
51 |
|
52 |
//---CONSTRUCTORS--- |
53 |
|
54 |
public SourceChecker__Plugin() { |
55 |
// setup an empty ACL defaulting to ALLOW |
56 |
_acl = new ACL(ACL.ALLOW); |
57 |
} |
58 |
|
59 |
//---PUBLIC METHODS--- |
60 |
|
61 |
// apply the filter and return true if successful. |
62 |
public boolean runFilter(XMLPacket packet){ |
63 |
String newStringACL; |
64 |
// get hold of the ACL in the configuration |
65 |
try { |
66 |
newStringACL = ConfigurationProxy.getInstance().getProperty("Filter." + FilterMain.NAME, "Filter.SourceCheckerPluginACL"); |
67 |
} |
68 |
catch(PropertyNotFoundException e) { |
69 |
// if we can't find it, we'll just use a null ACL |
70 |
newStringACL = ""; |
71 |
_logger.write(toString(), Logger.WARNING, "No ACL found for SourceChecker__Plugin, using empty ACL instead : " + e); |
72 |
} |
73 |
// check to see if the ACL has changed |
74 |
if(!newStringACL.equals(_stringACL)) { |
75 |
_logger.write(toString(), Logger.SYSMSG, "Reloading Access Control List"); |
76 |
// clear the ACL |
77 |
_acl.clear(); |
78 |
// set the default to something sane |
79 |
_acl.setDefaultMode(ACL.ALLOW); |
80 |
// add the new ACL (this may change the default) |
81 |
_acl.add(newStringACL); |
82 |
_stringACL = newStringACL; |
83 |
} |
84 |
|
85 |
// only want to check data packets |
86 |
// any others will probably get filtered out further up the filter chain |
87 |
if(packet.getParam("packet.attributes.type").equals("data")) { |
88 |
// check the machine name against the ACL |
89 |
// we could check the IP too... but it's a lot of work for _every_ packet... maybe... |
90 |
return _acl.check(packet.getParam("packet.attributes.machine_name")); |
91 |
} |
92 |
|
93 |
// a good catchall, I guess |
94 |
// it's not a data packet, in which case it should go through |
95 |
return true; |
96 |
} |
97 |
|
98 |
/** |
99 |
* Overrides the {@link java.lang.Object#toString() Object.toString()} |
100 |
* method to provide clean logging (every class should have this). |
101 |
* |
102 |
* This uses the uk.org.iscream.cms.util.NameFormat class |
103 |
* to format the toString() |
104 |
* |
105 |
* @return the name of this class and its CVS revision |
106 |
*/ |
107 |
public String toString() { |
108 |
return FormatName.getName( |
109 |
_name, |
110 |
getClass().getName(), |
111 |
REVISION); |
112 |
} |
113 |
|
114 |
/** |
115 |
* return the String representation of what the filter does |
116 |
*/ |
117 |
public String getDescription(){ |
118 |
return DESC; |
119 |
} |
120 |
|
121 |
//---PRIVATE METHODS--- |
122 |
|
123 |
//---ACCESSOR/MUTATOR METHODS--- |
124 |
|
125 |
//---ATTRIBUTES--- |
126 |
|
127 |
/** |
128 |
* This is the friendly identifier of the |
129 |
* component this class is running in. |
130 |
* eg, a Filter may be called "filter1", |
131 |
* If this class does not have an owning |
132 |
* component, a name from the configuration |
133 |
* can be placed here. This name could also |
134 |
* be changed to null for utility classes. |
135 |
*/ |
136 |
private String _name = FilterMain.NAME; |
137 |
|
138 |
/** |
139 |
* This holds a reference to the |
140 |
* system logger that is being used. |
141 |
*/ |
142 |
private Logger _logger = ReferenceManager.getInstance().getLogger(); |
143 |
|
144 |
/** |
145 |
* This holds the ACL for the plugin. |
146 |
*/ |
147 |
private ACL _acl; |
148 |
|
149 |
/** |
150 |
* The current String representation of our ACL. |
151 |
*/ |
152 |
private String _stringACL = ""; |
153 |
|
154 |
//---STATIC ATTRIBUTES--- |
155 |
|
156 |
} |