001 /* 002 * Copyright (c) 2003, The Regents of the University of California, through 003 * Lawrence Berkeley National Laboratory (subject to receipt of any required 004 * approvals from the U.S. Dept. of Energy). All rights reserved. 005 */ 006 package gov.lbl.dsd.sea.nio.auth; 007 008 import java.net.InetAddress; 009 010 /** 011 * Allow/deny rule-based mechanism to configure and query whether or not a given 012 * host is allowed to perform a certain action. 013 * <p> 014 * Via {@link SmartHostAuthorizationRules} supports allow and deny rules based 015 * on exact or patterned DNS host names, exact or patterned IP addresses, as 016 * well as regular expressions on "hostName/IPaddress" pairs. 017 * 018 * @author whoschek@lbl.gov 019 * @author $Author: hoschek3 $ 020 * @version $Revision: 1.5 $, $Date: 2004/06/29 00:47:03 $ 021 */ 022 public class SmartHostAuthorizer implements HostAuthorizer, java.io.Serializable { 023 024 private boolean allowBeforeDeny; // allow-deny or deny-allow order 025 private HostAuthorizationRules allowRules; // the rules used for allow checks 026 private HostAuthorizationRules denyRules; // the rules used for deny checks 027 028 private static final org.apache.commons.logging.Log log = org.apache.commons.logging.LogFactory.getLog(SmartHostAuthorizer.class); 029 030 /** 031 * Creates an authorizer with the given parameters. 032 * 033 * @param allowBeforeDeny apply allow rules before deny rules, or deny rules before allow rules? 034 * @param allowRules the rules used for allow checks 035 * @param denyRules the rules used for deny checks 036 */ 037 public SmartHostAuthorizer(boolean allowBeforeDeny, HostAuthorizationRules allowRules, HostAuthorizationRules denyRules) { 038 if (allowRules == null || denyRules == null) throw new IllegalArgumentException("rule must not be null"); 039 040 this.allowBeforeDeny = allowBeforeDeny; 041 this.allowRules = allowRules; 042 this.denyRules = denyRules; 043 } 044 045 /** 046 * Creates a denying authorizer (isAllowed(x) returns false). 047 */ 048 public SmartHostAuthorizer() { 049 this(true, new SmartHostAuthorizationRules(), new SmartHostAuthorizationRules()); 050 } 051 052 /** 053 * Returns the rules used for allow checks. 054 */ 055 public HostAuthorizationRules getAllowRules() { 056 return this.allowRules; 057 } 058 059 /** 060 * Returns the rules used for deny checks. 061 */ 062 public HostAuthorizationRules getDenyRules() { 063 return this.denyRules; 064 } 065 066 /** 067 * Returns whether or not the given host (aka InetAddress) is allowed to 068 * perform a certain action, depending on the current allow/deny rules. 069 * 070 * @param address 071 * the host attempting to be authorized 072 */ 073 public boolean isAllowed(InetAddress address) { 074 if (address == null) throw new IllegalArgumentException("address must not be null"); 075 076 if (allowBeforeDeny) { 077 return this.getAllowRules().isMatch(address) && 078 (! this.getDenyRules().isMatch(address)); 079 } 080 else { 081 return (! this.getDenyRules().isMatch(address)) || 082 this.getAllowRules().isMatch(address); 083 } 084 } 085 086 public String toString() { 087 return this.getClass().getName() + "[" + "allowRules="+getAllowRules() + ", denyRules="+getDenyRules() + "]"; 088 } 089 090 }