Main Page | Packages | Class Hierarchy | Alphabetical List | Class List | File List | Class Members | Related Pages
src / org / objectweb / cjdbc / controller / core / security

ControllerSecurityManager.java

00001 /**
00002  * C-JDBC: Clustered JDBC.
00003  * Copyright (C) 2002-2004 French National Institute For Research In Computer
00004  * Science And Control (INRIA).
00005  * Contact: c-jdbc@objectweb.org
00006  * 
00007  * This library is free software; you can redistribute it and/or modify it
00008  * under the terms of the GNU Lesser General Public License as published by the
00009  * Free Software Foundation; either version 2.1 of the License, or any later
00010  * version.
00011  * 
00012  * This library is distributed in the hope that it will be useful, but WITHOUT
00013  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
00014  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
00015  * for more details.
00016  * 
00017  * You should have received a copy of the GNU Lesser General Public License
00018  * along with this library; if not, write to the Free Software Foundation,
00019  * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
00020  *
00021  * Initial developer(s): Nicolas Modrzyk 
00022  * Contributor(s): _______________________
00023  */
00024 
00025 package org.objectweb.cjdbc.controller.core.security;
00026 
00027 import java.net.Socket;
00028 import java.util.ArrayList;
00029 
00030 import org.apache.regexp.RE;
00031 import org.objectweb.cjdbc.common.net.SSLConfiguration;
00032 import org.objectweb.cjdbc.common.xml.ControllerXmlTags;
00033 import org.objectweb.cjdbc.common.xml.XmlComponent;
00034 
00035 /**
00036  * Call this to check if security is enforced ....
00037  * 
00038  * @author <a href="mailto:Nicolas.Modrzyk@inrialpes.fr">Nicolas Modrzyk </a>
00039  * @version 1.0
00040  */
00041 public class ControllerSecurityManager implements XmlComponent
00042 {
00043   private boolean          allowAdditionalDriver = true;
00044   private boolean          allowConsoleShutdown  = true;
00045   private boolean          allowLocalConsoleOnly = true;
00046   private boolean          allowClientShutdown   = true;
00047   private boolean          allowLocalClientOnly  = true;
00048   private boolean          defaultConnect        = true;
00049   private ArrayList        accept;
00050   private ArrayList        saccept;
00051   private ArrayList        block;
00052   private ArrayList        sblock;
00053   private SSLConfiguration sslConfig;
00054 
00055   /**
00056    * Create a new security manager
00057    */
00058   public ControllerSecurityManager()
00059   {
00060     block = new ArrayList();
00061     accept = new ArrayList();
00062     saccept = new ArrayList();
00063     sblock = new ArrayList();
00064   }
00065 
00066   /**
00067    * Check connection policy for a client socket
00068    * 
00069    * @param clientSocket that is trying to connect
00070    * @return true if connection is allowed, false otherwise
00071    */
00072   public boolean allowConnection(Socket clientSocket)
00073   {
00074     if (checkList(accept, clientSocket))
00075       return true;
00076     if (checkList(block, clientSocket))
00077       return false;
00078     return defaultConnect;
00079   }
00080 
00081   /**
00082    * Add an ip range to the secure list
00083    * 
00084    * @param range to accept like 192.167.1.*
00085    * @param baccept true if accept false if block
00086    */
00087   public void addToSecureList(RE range, boolean baccept)
00088   {
00089     if (baccept)
00090       accept.add(range);
00091     else
00092       block.add(range);
00093   }
00094 
00095   /**
00096    * Add an ip range to the secure list. Same as above, but we want to store the
00097    * original string pattern as well.
00098    * 
00099    * @param range to accept
00100    * @param baccept true if accept false if block
00101    * @throws Exception if the pattern is not valid
00102    */
00103   public void addToSecureList(String range, boolean baccept) throws Exception
00104   {
00105     RE re = new RE(range);
00106     addToSecureList(re, baccept);
00107     if (baccept)
00108       saccept.add(range);
00109     else
00110       sblock.add(range);
00111   }
00112 
00113   /**
00114    * Add this host name or ipaddress to the secure list
00115    * 
00116    * @param host name or ipaddress
00117    * @param baccept true if accept false if block
00118    */
00119   public void addHostToSecureList(String host, boolean baccept)
00120   {
00121     if (baccept)
00122       accept.add(host);
00123     else
00124       block.add(host);
00125   }
00126 
00127   private static boolean checkList(ArrayList list, Socket clientSocket)
00128   {
00129     String hostAddress = clientSocket.getInetAddress().getHostAddress();
00130     String hostName = clientSocket.getInetAddress().getHostName();
00131     String ipaddress = clientSocket.getInetAddress().toString();
00132     Object o;
00133     RE re;
00134     String s;
00135     for (int i = 0; i < list.size(); i++)
00136     {
00137       o = list.get(i);
00138       if (o instanceof RE)
00139       {
00140         re = (RE) o;
00141         if (re.match(ipaddress))
00142           return true;
00143       }
00144       if (o instanceof String)
00145       {
00146         s = (String) o;
00147         if (s.equalsIgnoreCase(hostAddress) || s.equalsIgnoreCase(hostName))
00148           return true;
00149       }
00150     }
00151     return false;
00152   }
00153 
00154   /**
00155    * @return Returns the allowAdditionalDriver.
00156    */
00157   public boolean getAllowAdditionalDriver()
00158   {
00159     return allowAdditionalDriver;
00160   }
00161 
00162   /**
00163    * @param allowAdditionalDriver The allowAdditionalDriver to set.
00164    */
00165   public void setAllowAdditionalDriver(boolean allowAdditionalDriver)
00166   {
00167     this.allowAdditionalDriver = allowAdditionalDriver;
00168   }
00169 
00170   /**
00171    * @return Returns the allowClientShutdown.
00172    */
00173   public boolean getAllowClientShutdown()
00174   {
00175     return allowClientShutdown;
00176   }
00177 
00178   /**
00179    * @param allowClientShutdown The allowClientShutdown to set.
00180    */
00181   public void setAllowClientShutdown(boolean allowClientShutdown)
00182   {
00183     this.allowClientShutdown = allowClientShutdown;
00184   }
00185 
00186   /**
00187    * @return Returns the allowConsoleShutdown.
00188    */
00189   public boolean getAllowConsoleShutdown()
00190   {
00191     return allowConsoleShutdown;
00192   }
00193 
00194   /**
00195    * @param allowConsoleShutdown The allowConsoleShutdown to set.
00196    */
00197   public void setAllowConsoleShutdown(boolean allowConsoleShutdown)
00198   {
00199     this.allowConsoleShutdown = allowConsoleShutdown;
00200   }
00201 
00202   /**
00203    * @return Returns the allowLocalClientOnly.
00204    */
00205   public boolean getAllowLocalClientOnly()
00206   {
00207     return allowLocalClientOnly;
00208   }
00209 
00210   /**
00211    * @param allowLocalClientOnly The allowLocalClientOnly to set.
00212    */
00213   public void setAllowLocalClientOnly(boolean allowLocalClientOnly)
00214   {
00215     this.allowLocalClientOnly = allowLocalClientOnly;
00216   }
00217 
00218   /**
00219    * @return Returns the allowLocalConsoleOnly.
00220    */
00221   public boolean getAllowLocalConsoleOnly()
00222   {
00223     return allowLocalConsoleOnly;
00224   }
00225 
00226   /**
00227    * @param allowLocalConsoleOnly The allowLocalConsoleOnly to set.
00228    */
00229   public void setAllowLocalConsoleOnly(boolean allowLocalConsoleOnly)
00230   {
00231     this.allowLocalConsoleOnly = allowLocalConsoleOnly;
00232   }
00233 
00234   /**
00235    * @return Returns the defaultConnect.
00236    */
00237   public boolean getDefaultConnect()
00238   {
00239     return defaultConnect;
00240   }
00241 
00242   /**
00243    * @param defaultConnect The defaultConnect to set.
00244    */
00245   public void setDefaultConnect(boolean defaultConnect)
00246   {
00247     this.defaultConnect = defaultConnect;
00248   }
00249 
00250   /**
00251    * @return Returns the saccept.
00252    */
00253   public ArrayList getSaccept()
00254   {
00255     return saccept;
00256   }
00257 
00258   /**
00259    * @return Returns the sblock.
00260    */
00261   public ArrayList getSblock()
00262   {
00263     return sblock;
00264   }
00265 
00266   /**
00267    * @return Returns the accept.
00268    */
00269   public ArrayList getAccept()
00270   {
00271     return accept;
00272   }
00273 
00274   /**
00275    * @return Returns the block.
00276    */
00277   public ArrayList getBlock()
00278   {
00279     return block;
00280   }
00281 
00282   /**
00283    * @param block The block to set.
00284    */
00285   public void setBlock(ArrayList block)
00286   {
00287     this.block = block;
00288   }
00289 
00290   /**
00291    * @see org.objectweb.cjdbc.common.xml.XmlComponent#getXml()
00292    */
00293   public String getXml()
00294   {
00295     StringBuffer sb = new StringBuffer();
00296     sb.append("<" + ControllerXmlTags.ELT_SECURITY + " "
00297         + ControllerXmlTags.ATT_DEFAULT_CONNECT + "=\""
00298         + this.getDefaultConnect() + "\">");
00299 
00300     sb.append("<" + ControllerXmlTags.ELT_JAR + " "
00301         + ControllerXmlTags.ATT_ALLOW + "=\"" + this.getAllowAdditionalDriver()
00302         + "\"/>");
00303 
00304     sb.append("<" + ControllerXmlTags.ELT_SHUTDOWN + ">");
00305     sb.append("<" + ControllerXmlTags.ELT_CLIENT + " "
00306         + ControllerXmlTags.ATT_ALLOW + "=\"" + this.getAllowClientShutdown()
00307         + "\" " + ControllerXmlTags.ATT_ONLY_LOCALHOST + "=\""
00308         + this.getAllowLocalClientOnly() + "\" " + "/>");
00309     sb.append("<" + ControllerXmlTags.ELT_CONSOLE + " "
00310         + ControllerXmlTags.ATT_ALLOW + "=\"" + this.getAllowConsoleShutdown()
00311         + "\" " + ControllerXmlTags.ATT_ONLY_LOCALHOST + "=\""
00312         + this.getAllowLocalConsoleOnly() + "\" " + "/>");
00313     sb.append("</" + ControllerXmlTags.ELT_SHUTDOWN + ">");
00314 
00315     sb.append("<" + ControllerXmlTags.ELT_ACCEPT + ">");
00316     ArrayList list = this.getSaccept();
00317     String tmp;
00318     for (int i = 0; i < list.size(); i++)
00319     {
00320       sb.append("<" + ControllerXmlTags.ELT_IPRANGE + " "
00321           + ControllerXmlTags.ATT_VALUE + "=\"" + list.get(i) + "\"/>");
00322     }
00323     list = this.getAccept();
00324     for (int i = 0; i < list.size(); i++)
00325     {
00326       if (list.get(i) instanceof RE)
00327         continue;
00328       tmp = (String) list.get(i);
00329       if (tmp.indexOf(".") == -1)
00330         sb.append("<" + ControllerXmlTags.ELT_HOSTNAME + " "
00331             + ControllerXmlTags.ATT_VALUE + "=\"" + tmp + "\"/>");
00332       else
00333         sb.append("<" + ControllerXmlTags.ELT_IPADDRESS + " "
00334             + ControllerXmlTags.ATT_VALUE + "=\"" + tmp + "\"/>");
00335     }
00336     sb.append("</" + ControllerXmlTags.ELT_ACCEPT + ">");
00337 
00338     sb.append("<" + ControllerXmlTags.ELT_BLOCK + ">");
00339     list = this.getSblock();
00340     for (int i = 0; i < list.size(); i++)
00341     {
00342       sb.append("<" + ControllerXmlTags.ELT_IPRANGE + " "
00343           + ControllerXmlTags.ATT_VALUE + "=\"" + list.get(i) + "\"/>");
00344     }
00345     list = this.getBlock();
00346     for (int i = 0; i < list.size(); i++)
00347     {
00348       if (list.get(i) instanceof RE)
00349         continue;
00350       tmp = (String) list.get(i);
00351       if (tmp.indexOf(".") == -1)
00352         sb.append("<" + ControllerXmlTags.ELT_HOSTNAME + " "
00353             + ControllerXmlTags.ATT_VALUE + "=\"" + tmp + "\"/>");
00354       else
00355         sb.append("<" + ControllerXmlTags.ELT_IPADDRESS + " "
00356             + ControllerXmlTags.ATT_VALUE + "=\"" + tmp + "\"/>");
00357     }
00358     sb.append("</" + ControllerXmlTags.ELT_BLOCK + ">");
00359 
00360     sb.append("</" + ControllerXmlTags.ELT_SECURITY + ">");
00361     return sb.toString();
00362   }
00363 
00364   /**
00365    * is ssl enabled for this controller
00366    * 
00367    * @return Returns wether ssl is enabled or not
00368    */
00369   public boolean isSSLEnabled()
00370   {
00371     return sslConfig != null;
00372   }
00373 
00374   /**
00375    * Returns the sslConfig value.
00376    * 
00377    * @return Returns the sslConfig.
00378    */
00379   public SSLConfiguration getSslConfig()
00380   {
00381     return sslConfig;
00382   }
00383 
00384   /**
00385    * Sets the sslConfig value.
00386    * 
00387    * @param sslConfig The sslConfig to set.
00388    */
00389   public void setSslConfig(SSLConfiguration sslConfig)
00390   {
00391     this.sslConfig = sslConfig;
00392   }
00393 }
Generated on Mon Apr 11 22:01:30 2005 for C-JDBC by  doxygen 1.3.9.1