001 /*
002 * Copyright (c) 2003, The Regents of the University of California, through
003 * Lawrence Berkeley National Laboratory (subject to receipt of any required
004 * approvals from the U.S. Dept. of Energy). All rights reserved.
005 */
006 package gov.lbl.dsd.sea.nio.auth;
007
008 import java.net.InetAddress;
009
010 /**
011 * Allow/deny rule-based mechanism to configure and query whether or not a given
012 * host is allowed to perform a certain action.
013 * <p>
014 * Via {@link SmartHostAuthorizationRules} supports allow and deny rules based
015 * on exact or patterned DNS host names, exact or patterned IP addresses, as
016 * well as regular expressions on "hostName/IPaddress" pairs.
017 *
018 * @author whoschek@lbl.gov
019 * @author $Author: hoschek3 $
020 * @version $Revision: 1.5 $, $Date: 2004/06/29 00:47:03 $
021 */
022 public class SmartHostAuthorizer implements HostAuthorizer, java.io.Serializable {
023
024 private boolean allowBeforeDeny; // allow-deny or deny-allow order
025 private HostAuthorizationRules allowRules; // the rules used for allow checks
026 private HostAuthorizationRules denyRules; // the rules used for deny checks
027
028 private static final org.apache.commons.logging.Log log = org.apache.commons.logging.LogFactory.getLog(SmartHostAuthorizer.class);
029
030 /**
031 * Creates an authorizer with the given parameters.
032 *
033 * @param allowBeforeDeny apply allow rules before deny rules, or deny rules before allow rules?
034 * @param allowRules the rules used for allow checks
035 * @param denyRules the rules used for deny checks
036 */
037 public SmartHostAuthorizer(boolean allowBeforeDeny, HostAuthorizationRules allowRules, HostAuthorizationRules denyRules) {
038 if (allowRules == null || denyRules == null) throw new IllegalArgumentException("rule must not be null");
039
040 this.allowBeforeDeny = allowBeforeDeny;
041 this.allowRules = allowRules;
042 this.denyRules = denyRules;
043 }
044
045 /**
046 * Creates a denying authorizer (isAllowed(x) returns false).
047 */
048 public SmartHostAuthorizer() {
049 this(true, new SmartHostAuthorizationRules(), new SmartHostAuthorizationRules());
050 }
051
052 /**
053 * Returns the rules used for allow checks.
054 */
055 public HostAuthorizationRules getAllowRules() {
056 return this.allowRules;
057 }
058
059 /**
060 * Returns the rules used for deny checks.
061 */
062 public HostAuthorizationRules getDenyRules() {
063 return this.denyRules;
064 }
065
066 /**
067 * Returns whether or not the given host (aka InetAddress) is allowed to
068 * perform a certain action, depending on the current allow/deny rules.
069 *
070 * @param address
071 * the host attempting to be authorized
072 */
073 public boolean isAllowed(InetAddress address) {
074 if (address == null) throw new IllegalArgumentException("address must not be null");
075
076 if (allowBeforeDeny) {
077 return this.getAllowRules().isMatch(address) &&
078 (! this.getDenyRules().isMatch(address));
079 }
080 else {
081 return (! this.getDenyRules().isMatch(address)) ||
082 this.getAllowRules().isMatch(address);
083 }
084 }
085
086 public String toString() {
087 return this.getClass().getName() + "[" + "allowRules="+getAllowRules() + ", denyRules="+getDenyRules() + "]";
088 }
089
090 }