Update MOA-SPSS-Konfig Schema (Blacklists)

MOASecurityManager für Blacklists

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1236 d688527b-c9ab-4aba-bd8d-4036d912da1d

1 files changed, 111 insertions, 0 deletions

diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOASecurityManagerExtended.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOASecurityManagerExtended.java
new file mode 100644
index 000000000..ab9c01daa
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOASecurityManagerExtended.java
@@ -0,0 +1,111 @@
+package at.gv.egovernment.moa.spss;

+

+import java.net.InetAddress;

+import java.net.UnknownHostException;

+import java.util.Iterator;

+import java.util.List;

+

+import at.gv.egovernment.moa.logging.Logger;

+

+

+public class MOASecurityManagerExtended extends SecurityManager {

+

+	private List blacklist;

+	private boolean allowExternalUris;

+

+	public MOASecurityManagerExtended(boolean allowExternalUris, List blacklist) {

+		this.blacklist = blacklist;

+		this.allowExternalUris = allowExternalUris;

+	}

+

+	

+	/**

+	 * Overwrite checkConnect methods with blacklist check 

+	 */

+	

+	public void checkConnect(String host, int port, Object context) {

+		Logger.debug("checkConnect: " + host + ":" + port);

+		if (!checkURI(host, port))

+			throw new SecurityException("URI not allowed (blacklisted or external URIs generally not allowed");

+		else {

+			Logger.debug("Perform checkConnect of given SecurityManager");

+			super.checkConnect(host, port, context);

+		}

+	}

+	

+	public void checkConnect(String host, int port) {

+		Logger.debug("checkConnect: " + host + ":" + port);

+		if (!checkURI(host, port))

+			throw new SecurityException("URI not allowed (blacklisted or external URIs generally not allowed");

+		else {

+			Logger.debug("Perform checkConnect of given SecurityManager");

+			super.checkConnect(host, port);

+		}	

+	}

+

+	private boolean checkURI(String host, int port) {

+		if (allowExternalUris) {

+			Iterator it = blacklist.iterator();

+			while (it.hasNext()) {

+				String[] array = (String[])it.next();

+				String bhost = array[0];

+				String bport = array[1];

+				if (bport == null) {

+					// check only host

+					if (bhost.equalsIgnoreCase(host)) {

+						Logger.debug("Security check: " + host + " blacklisted");

+						return false;

+					}

+				}

+				else {

+					// check host and port

+					int iport = new Integer(bport).intValue();

+					if (bhost.equalsIgnoreCase(host) && (iport == port)) {

+						Logger.debug("Security check: " + host + ":" + port + " blacklisted");

+						return false;

+					}

+						

+				}

+			}

+			

+			Logger.debug("Security check: " + host + ":" + port + " allowed");

+			return true;

+		}

+		else {			

+			String localhost = getLocalhostName();

+			if (host.equalsIgnoreCase(localhost) || host.equalsIgnoreCase("localhost") || host.equalsIgnoreCase("127.0.0.1") ) {

+				Logger.debug("Security check: localhost name allowed");

+				return true;

+			}

+						

+			Logger.debug("Security check: " + host + ":" + port + " not allowed (external URIs not allowed)");

+			return false;

+		}

+	}

+	private String getLocalhostName() {

+		try {

+			// save current SecurityManager

+			SecurityManager sm = System.getSecurityManager();

+			// set System SecurityManager null (needed as java.net.InetAddress.getLocalHost call SecurityManager.checkConnect --> leads to endless loop)

+			System.setSecurityManager(null);

+

+			InetAddress localhostaddress = InetAddress.getLocalHost();

+			String localhost = localhostaddress.getHostName();

+			

+			// set previously saved SecurityManager

+			System.setSecurityManager(sm);

+			

+			return localhost;

+		

+		}

+		catch (UnknownHostException e) {

+			Logger.debug("UnknownHostExeption: Returns \"localhost\" as name for localhost");

+			return "localhost";

+		}

+	}

+

+	

+	/**

+	 * Don't overwrite other methods 

+	 */

+}