summaryrefslogtreecommitdiff
path: root/bkucommon/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'bkucommon/src/main')
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/AccessControllerFactory.java68
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/ChainResult.java1
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxRuleChecker.java14
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java112
4 files changed, 179 insertions, 16 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/AccessControllerFactory.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/AccessControllerFactory.java
index 9b3e563d..3b75a5f2 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/AccessControllerFactory.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/AccessControllerFactory.java
@@ -1,10 +1,38 @@
package at.gv.egiz.bku.accesscontroller;
+import java.io.InputStream;
import java.util.Hashtable;
+import java.util.List;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.bku.accesscontrol.config.AccessControl;
+import at.gv.egiz.bku.accesscontrol.config.Chain;
+import at.gv.egiz.bku.accesscontrol.config.Command;
+import at.gv.egiz.bku.accesscontrol.config.ObjectFactory;
+import at.gv.egiz.bku.accesscontrol.config.Rule;
+import at.gv.egiz.bku.slcommands.impl.InfoboxReadCommandImpl;
+import at.gv.egiz.bku.slexceptions.SLRuntimeException;
public class AccessControllerFactory {
- private static AccessControllerFactory instance;
+ private static AccessControllerFactory instance = new AccessControllerFactory();
+ private static Log log = LogFactory.getLog(AccessControllerFactory.class);
+ private static JAXBContext jaxbContext;
+
+ static {
+ try {
+ jaxbContext = JAXBContext.newInstance(ObjectFactory.class.getPackage()
+ .getName());
+ } catch (JAXBException e) {
+ log.fatal("Cannot init jaxbContext", e);
+ }
+ }
private Hashtable<String, ChainChecker> chainTable = new Hashtable<String, ChainChecker>();
@@ -35,5 +63,43 @@ public class AccessControllerFactory {
public void registerChainChecker(ChainChecker cc) {
chainTable.put(cc.getId(), cc);
}
+
+ public RuleChecker createRuleChecker(Rule rule) {
+ RuleChecker rc;
+ Command cmd = rule.getCommand();
+ if (cmd != null) {
+ if ((cmd.getParam() != null) && (cmd.getParam().size()>0)) {
+ if (cmd.getName().startsWith("Infobox")) {
+ rc = new InfoboxRuleChecker(rule.getId());
+ } else {
+ throw new SLRuntimeException("Cannot handle parameters for command "+cmd.getName());
+ }
+ } else {
+ rc = new RuleChecker(rule.getId());
+ }
+ } else {
+ rc = new RuleChecker(rule.getId());
+ }
+ // FIXME TODO cont. here
+
+
+ return rc;
+ }
+
+
+ public void init(InputStream is) throws JAXBException {
+ Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
+ AccessControl ac = (AccessControl) unmarshaller.unmarshal(is);
+ List<Chain> chainList = ac.getChains().getChain();
+ log.debug("Found "+chainList.size()+" chains in config");
+ for (Chain chain : chainList) {
+ List<Rule> ruleList = chain.getRules().getRule();
+ log.debug("Found "+ruleList.size()+" rules in chain "+chain.getId());
+ for (Rule rule : ruleList) {
+ //rule.g
+ }
+ }
+
+ }
}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/ChainResult.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/ChainResult.java
index a534f4e5..a8fb789e 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/ChainResult.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/ChainResult.java
@@ -12,6 +12,7 @@ public class ChainResult {
public ChainResult(Action action, UserAction userAction, boolean matchFound) {
this.action = action;
this.userAction = userAction;
+ this.matchFound = matchFound;
}
public Action getAction() {
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxRuleChecker.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxRuleChecker.java
new file mode 100644
index 00000000..2981d24e
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxRuleChecker.java
@@ -0,0 +1,14 @@
+package at.gv.egiz.bku.accesscontroller;
+
+/**
+ * Adds infobox parameter checks
+ * @author wbauer
+ *
+ */
+public class InfoboxRuleChecker extends RuleChecker {
+
+ public InfoboxRuleChecker(String id) {
+ super(id);
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java
index bf46034d..c59f5b70 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java
@@ -1,23 +1,36 @@
package at.gv.egiz.bku.accesscontroller;
+import java.net.InetAddress;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.net.UnknownHostException;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import at.gv.egiz.bku.slcommands.SLCommand;
import at.gv.egiz.bku.slexceptions.SLRuntimeException;
public class RuleChecker implements AccessChecker {
-
+
private static Log log = LogFactory.getLog(RuleChecker.class);
-
- public static enum PEER_TYPE {HOST, IP, URL};
+
+ public static enum PEER_TYPE {
+ HOST, IP, URL
+ };
protected String id;
protected AuthenticationClass authenticationClass;
protected String commandName;
+ protected Pattern commandNamePattern;
protected String peerId;
+ protected Pattern peerIdPattern;
protected PEER_TYPE peerType;
protected Action action;
protected UserAction userAction;
+ protected String chainId;
public RuleChecker(String id) {
if (id == null) {
@@ -27,43 +40,112 @@ public class RuleChecker implements AccessChecker {
}
public void setAuthenticationClass(String ac) {
- AuthenticationClass tmp = AuthenticationClass.fromString(ac);
+ AuthenticationClass tmp = AuthenticationClass.fromString(ac);
if (tmp == null) {
- throw new SLRuntimeException("Unknown authentication class "+ac);
+ throw new SLRuntimeException("Unknown authentication class " + ac);
}
authenticationClass = tmp;
}
-
+
public void setAction(String ac) {
Action tmp = Action.fromString(ac);
if (tmp == null) {
- throw new SLRuntimeException("Unknown action "+ac);
+ throw new SLRuntimeException("Unknown action " + ac);
}
action = tmp;
}
-
+
public void setUserAction(String uac) {
- UserAction tmp = UserAction.fromString(uac);
+ UserAction tmp = UserAction.fromString(uac);
if (tmp == null) {
- throw new SLRuntimeException("Unknown user action "+uac);
+ throw new SLRuntimeException("Unknown user action " + uac);
}
userAction = tmp;
}
-
+
+ public void setChainId(String chainId) {
+ this.chainId = chainId;
+ }
+
public void setPeerId(String peerId, PEER_TYPE type) {
this.peerType = type;
this.peerId = peerId;
+ peerIdPattern = Pattern.compile(peerId);
}
-
+
+ public void setCommandName(String commandName) {
+ this.commandName = commandName;
+ commandNamePattern = Pattern.compile(commandName);
+ }
+
public String getId() {
return id;
}
+ protected boolean matchAuthenticationClass(AuthenticationClass cls) {
+ if (this.authenticationClass == null) {
+ return true;
+ }
+ return this.authenticationClass.compareTo(cls) <= 0;
+ }
+
+ protected boolean matchCommandName(SLCommand cmd) {
+ if (commandName == null) {
+ return true;
+ }
+ Matcher matcher = commandNamePattern.matcher(cmd.getName());
+ return matcher.matches();
+ }
+
+ protected boolean matchPeerId(String peerUrl) {
+ if (peerId == null) {
+ return true;
+ }
+ if (peerType == PEER_TYPE.URL) {
+ Matcher matcher = peerIdPattern.matcher(peerUrl);
+ return matcher.matches();
+ } else {
+ try {
+ URL url = new URL(peerUrl);
+ if (peerType == PEER_TYPE.HOST) {
+ try {
+ String host = url.getHost();
+ String hostName = InetAddress.getByName(host).getCanonicalHostName();
+ Matcher matcher = peerIdPattern.matcher(hostName);
+ return matcher.matches();
+ } catch (UnknownHostException e) {
+ log.error("Cannot resolve hostname", e);
+ return false;
+ }
+ } else {
+ try {
+ String hostAddr = InetAddress.getByName(url.getHost())
+ .getHostAddress();
+ Matcher matcher = peerIdPattern.matcher(hostAddr);
+ return matcher.matches();
+ } catch (UnknownHostException e) {
+ log.error("Cannot resolve host address", e);
+ return false;
+ }
+ }
+ } catch (MalformedURLException e) {
+ log.error("Cannot parse url", e);
+ return false;
+ }
+ }
+ }
+
@Override
public RuleResult check(AccessCheckerContext checkCtx) {
- log.debug("Processing rule: "+id);
- // TODO Auto-generated method stub
- return null;
+ log.debug("Processing rule: " + id);
+ if (matchAuthenticationClass(checkCtx.getAuthenticationClass())
+ && matchCommandName(checkCtx.getCommand())
+ && matchPeerId(checkCtx.getPeerUrl())) {
+ log.debug("Match found for rule: " + id);
+ return new RuleResult(action, userAction, true, chainId);
+ }
+ log.debug("No match found for rule: " + id);
+ return new RuleResult(action, userAction, false, chainId);
}
}