Module org.hsqldb

Package org.hsqldb.server

Class ServerAcl

java.lang.Object

org.hsqldb.server.ServerAcl

public final class ServerAcl
extends java.lang.Object

A list of ACL permit and deny entries with a permitAccess method which tells whether candidate addresses are permitted or denied by this ACL list.

The ACL file is reloaded whenever a modification to it is detected. If you copy in a file with an older file date, you will need to touch it.

The public runtime method is permitAccess(). The public setup method is the constructor.

Each non-comment line in the ACL file must be a rule of the format:

     {allow|deny} <ip_address>[/significant-bits]
 

For example

     allow ahostname
     deny ahost.domain.com
     allow 127.0.0.1
     allow 2001:db8::/32
 

In order to detect bit specification mistakes, we require that non-significant bits be zero in the values. An undesirable consequence of this is, you can't use a specification like the following to mean "all of the hosts on the same network as x.admc.com":

     allow x.admc.com/24
 

Since:

2.0.0

Author:

Blaine Simpson (blaine dot simpson at admc dot com)

See Also:

ServerAcl(File), permitAccess(java.lang.String)

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	ServerAcl.AclFormatException

Constructor Summary

Constructors

Constructor	Description
ServerAcl(java.io.File aclFile)

Method Summary

Modifier and Type	Method	Description
static java.lang.String	colonNotation(byte[] uba)
static java.lang.String	dottedNotation(byte[] uba)
static void	main(java.lang.String[] sa)	Utility method that allows interactive testing of individual ACL records, as well as the net effect of the ACL record list.
boolean	permitAccess(byte[] addr)
boolean	permitAccess(java.lang.String s)	Uses system network libraries to resolve the given String to an IP addr, then determine whether this address is permitted or denied.
void	setPrintWriter(java.io.PrintWriter pw)
java.lang.String	toString()

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

ServerAcl

public ServerAcl(java.io.File aclFile)
          throws java.io.IOException,
                 ServerAcl.AclFormatException

Throws:

java.io.IOException

ServerAcl.AclFormatException

Method Detail

dottedNotation

public static java.lang.String dottedNotation(byte[] uba)

Parameters:

uba - Unsigned byte array

Returns:

String

colonNotation

public static java.lang.String colonNotation(byte[] uba)

Parameters:

uba - Unsigned byte array

Returns:

String

setPrintWriter

public void setPrintWriter(java.io.PrintWriter pw)

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object

permitAccess

public boolean permitAccess(java.lang.String s)

Uses system network libraries to resolve the given String to an IP addr, then determine whether this address is permitted or denied. Specified name may be a numerical-based String like "1.2.3.4", a constant known to the networking libraries, or a host name to be resolved by the systems name resolution system. If the given String can't be resolved to an IP addr, false is returned.

Parameters:

s - String

Returns:

boolean

See Also:

permitAccess(byte[])

permitAccess

public boolean permitAccess(byte[] addr)

Parameters:

addr - byte[]

Returns:

true if access for the candidate address should be permitted, false if access should be denied.

main

public static void main(java.lang.String[] sa)
                 throws ServerAcl.AclFormatException,
                        java.io.IOException

Utility method that allows interactive testing of individual ACL records, as well as the net effect of the ACL record list. Run "java -cp path/to/hsqldb.jar org.hsqldb.server.ServerAcl --help" for Syntax help.

Parameters:

sa - String[]

Throws:

ServerAcl.AclFormatException - when badly formatted

java.io.IOException - when io error