diff options
Diffstat (limited to 'spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOASecurityManagerSimple.java')
| -rw-r--r-- | spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOASecurityManagerSimple.java | 165 |
1 files changed, 165 insertions, 0 deletions
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOASecurityManagerSimple.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOASecurityManagerSimple.java new file mode 100644 index 000000000..361a75e4c --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOASecurityManagerSimple.java @@ -0,0 +1,165 @@ +package at.gv.egovernment.moa.spss;
+
+import java.io.FileDescriptor;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.security.Permission;
+import java.util.Iterator;
+import java.util.List;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MOASecurityManagerSimple extends SecurityManager {
+
+ private List blacklist;
+ private boolean allowExternalUris;
+
+
+ public MOASecurityManagerSimple(boolean allowExternalUris, List blacklist) {
+ this.blacklist = blacklist;
+ this.allowExternalUris = allowExternalUris;
+ }
+
+ /**
+ * Overwrite checkConnect methods with blacklist check
+ */
+
+ public void checkConnect(String host, int port, Object context) {
+ //Logger.debug("checkConnect: " + host + ":" + port);
+ if (!checkURI(host, port))
+ throw new SecurityException("URI not allowed (blacklisted or external URIs generally not allowed");
+ }
+
+ public void checkConnect(String host, int port) {
+ //Logger.debug("checkConnect: " + host + ":" + port);
+ if (!checkURI(host, port))
+ throw new SecurityException("URI not allowed (blacklisted or external URIs generally not allowed");
+ }
+
+ private boolean checkURI(String host, int port) {
+ if (allowExternalUris) {
+ Iterator it = blacklist.iterator();
+ while (it.hasNext()) {
+ String[] array = (String[])it.next();
+ String bhost = array[0];
+ String bport = array[1];
+ if (bport == null) {
+ // check only host
+ if (bhost.equalsIgnoreCase(host)) {
+ //Logger.debug("Security check: " + host + " blacklisted");
+ return false;
+ }
+ }
+ else {
+ // check host and port
+ int iport = new Integer(bport).intValue();
+ if (bhost.equalsIgnoreCase(host) && (iport == port)) {
+ //Logger.debug("Security check: " + host + ":" + port + " blacklisted");
+ return false;
+ }
+
+ }
+ }
+
+ //Logger.debug("Security check: " + host + ":" + port + " allowed");
+ return true;
+ }
+ else {
+ String localhost = getLocalhostName();
+ if (host.equalsIgnoreCase(localhost) || host.equalsIgnoreCase("localhost") || host.equalsIgnoreCase("127.0.0.1") ) {
+ //Logger.debug("Security check: localhost name allowed");
+ return true;
+ }
+
+ //Logger.debug("Security check: " + host + ":" + port + " not allowed (external URIs not allowed)");
+ return false;
+ }
+ }
+
+ private String getLocalhostName() {
+ try {
+ // save current SecurityManager
+ SecurityManager sm = System.getSecurityManager();
+ // set System SecurityManager null (needed as java.net.InetAddress.getLocalHost call SecurityManager.checkConnect --> leads to endless loop)
+ System.setSecurityManager(null);
+
+ InetAddress localhostaddress = InetAddress.getLocalHost();
+ String localhost = localhostaddress.getHostName();
+
+ // set previously saved SecurityManager
+ System.setSecurityManager(sm);
+
+ return localhost;
+
+ }
+ catch (UnknownHostException e) {
+ //Logger.debug("UnknownHostExeption: Returns \"localhost\" as name for localhost");
+ return "localhost";
+ }
+ }
+
+
+ /**
+ * Overwrite all other methods by doing nothing (as no SecurityManager is set initially)
+ */
+
+ public void checkAccept(String host, int port) {
+ }
+ public void checkAccess(Thread t) {
+ }
+ public void checkAccess(ThreadGroup g) {
+ }
+ public void checkAwtEventQueueAccess() {
+ }
+ public void checkCreateClassLoader() {
+ }
+ public void checkDelete(String file) {
+ }
+ public void checkExec(String cmd) {
+ }
+ public void checkExit(int status) {
+ }
+ public void checkLink(String lib) {
+ }
+ public void checkListen(int port) {
+ }
+ public void checkMemberAccess(Class arg0, int arg1) {
+ }
+ public void checkMulticast(InetAddress maddr, byte ttl) {
+ }
+ public void checkMulticast(InetAddress maddr) {
+ }
+ public void checkPackageAccess(String pkg) {
+ }
+ public void checkPackageDefinition(String pkg) {
+ }
+ public void checkPermission(Permission perm, Object context) {
+ }
+ public void checkPermission(Permission perm) {
+ }
+ public void checkPrintJobAccess() {
+ }
+ public void checkPropertiesAccess() {
+ }
+ public void checkPropertyAccess(String key) {
+ }
+ public void checkRead(FileDescriptor fd) {
+ }
+ public void checkRead(String file, Object context) {
+ }
+ public void checkRead(String file) {
+ }
+ public void checkSecurityAccess(String target) {
+ }
+ public void checkSetFactory() {
+ }
+ public void checkSystemClipboardAccess() {
+ }
+ public void checkWrite(FileDescriptor fd) {
+ }
+ public void checkWrite(String file) {
+ }
+
+
+
+}
|