Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

uk.org.iscream.cms.util
Class ACL

java.lang.Object
  extended byuk.org.iscream.cms.util.ACL
All Implemented Interfaces:
Serializable
public class ACL
extends Object
implements Serializable

Access Control List for use primarily with the ACLServerSocket. It could, however have other uses as it has a fairly generic behaviour. Rules are added using the add method, and then checks can be made using the relevant check method.

Version:
$Id: ACL.java,v 1.7 2003/02/05 14:27:58 tdb Exp $
Author:
$Author: tdb $
See Also:
Serialized Form

Nested Class Summary
private  class ACL.ACLRule
          Wrapper class for an ACL rule.
 
Field Summary
private  ArrayList _acl
          The ACL is stored in this ArrayList.
private  boolean _defaultMode
          The default mode of this ACL.
private  String _name
          This is the friendly identifier of the component this class is running in.
static boolean ALLOW
          static to be used when adding an ALLOW rule to the ACL.
static boolean DEFMODE
          default setting for the default mode for a new ACL.
static boolean DENY
          static to be used when adding a DENY rule to the ACL.
static String REVISION
          The current CVS revision of this class
 
Constructor Summary
ACL()
          Construct a new Access Control List.
ACL(boolean defaultMode)
          Construct a new Access Control List with a given default mode.
ACL(String acl)
          Construct a new Access Control List with a given String representation of the ACL rules.
 
Method Summary
 void add(boolean allow, String expression)
          Add a new rule to the ACL immediately after the previous rule.
 void add(String acl)
          Add some new rules to the Access Control List in the form of a String.
 boolean check(InetAddress address)
          Check to see if an InetAddress is permitted by the ACL.
 boolean check(String address)
          Check to see if a string is permitted by the ACL.
 void clear()
          Clears the ACL and resets the default mode.
private  boolean compareShorts(short[] first, short[] second)
          Compares two short arrays.
private  short[] ipStringToShort(String ip)
          Converts an IP address in String format into a short array of length 4.
 void setDefaultMode(boolean defaultMode)
          Changes the default mode of the ACL.
 String toString()
          Gives a String representation of this ACL.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

REVISION

public static final String REVISION
The current CVS revision of this class

See Also:
Constant Field Values

ALLOW

public static final boolean ALLOW
static to be used when adding an ALLOW rule to the ACL.

See Also:
Constant Field Values

DENY

public static final boolean DENY
static to be used when adding a DENY rule to the ACL.

See Also:
Constant Field Values

DEFMODE

public static final boolean DEFMODE
default setting for the default mode for a new ACL.

See Also:
Constant Field Values

_name

private String _name
This is the friendly identifier of the component this class is running in. eg, a Filter may be called "filter1", If this class does not have an owning component, a name from the configuration can be placed here. This name could also be changed to null for utility classes.

_acl

private ArrayList _acl
The ACL is stored in this ArrayList.

_defaultMode

private boolean _defaultMode
The default mode of this ACL.

Constructor Detail

ACL

public ACL()
Construct a new Access Control List. The default mode is to ALLOW anything that isn't explicitly blocked by a rule.

ACL

public ACL(boolean defaultMode)
Construct a new Access Control List with a given default mode. This mode specifies what should happen if a check does not match any rules.

Parameters:
defaultMode - the default mode for non-matched checks

ACL

public ACL(String acl)
Construct a new Access Control List with a given String representation of the ACL rules. The String should be of the format: expression:rule;expression:rule;expression:rule... Where expression is a wildcard to match against, and rule is either 'ALLOW' or 'DENY'. There is a special expression of 'DEFAULT' which represents the default rule (what should happen if no expression is matched when performing a check). The default mode is set to ALLOW if one is not specified in the String.

Parameters:
acl - a String representation of the ACL.
Method Detail

add

public void add(boolean allow,
                String expression)
Add a new rule to the ACL immediately after the previous rule. The rule can either be an ACL.ALLOW rule, or an ACL.DENY rule. The expression can contain a wildcard (a * only). Rules can only be added to the end of the list. param allow whether this is an ALLOW or DENY rule param expression what this rule matches using wildcards

add

public void add(String acl)
Add some new rules to the Access Control List in the form of a String. The String should be of the following format: expression:rule;expression:rule;expression:rule... Where expression is a wildcard to match against, and rule is either 'ALLOW' or 'DENY'. There is a special expression of 'DEFAULT' which represents the default rule (what should happen if no expression is matched when performing a check).

Parameters:
acl - a String representation of the ACL.

check

public boolean check(String address)
Check to see if a string is permitted by the ACL. Useful for testing, and non-Socket uses of this class.

Parameters:
address - the string to check
Returns:
whether the address was permitted by the ACL

check

public boolean check(InetAddress address)
Check to see if an InetAddress is permitted by the ACL. Perfect for Socket uses of this class. A rule will either be for a name, or an IP address (this is determined in the add method), and the appropriate comparison will be performed.

Parameters:
address - the InetAddress to check
Returns:
whether the InetAddress was permitted by the ACL

clear

public void clear()
Clears the ACL and resets the default mode.

setDefaultMode

public void setDefaultMode(boolean defaultMode)
Changes the default mode of the ACL. This is what the check will return if it does not find an explict rule to match against.

Parameters:
defaultMode - the new default mode

toString

public String toString()
Gives a String representation of this ACL.

Returns:
A String representation of this ACL.

ipStringToShort

private short[] ipStringToShort(String ip)
Converts an IP address in String format into a short array of length 4. Any wildcards, *, found in the IP address are represented by a -1. If the given String is not an IP address null is returned instead.

Parameters:
ip - The IP address in String format
Returns:
The IP address in a short[]

compareShorts

private boolean compareShorts(short[] first,
                              short[] second)
Compares two short arrays. The first array can contain a -1, which will always match any value -- it's a wildcard. They must be the same length to match.

Parameters:
first - The first array to compare (with -1 wildcard if required)
second - The second array to compare
Returns:
the result of the comparison
Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2000-2003 i-scream. All Rights Reserved.