1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.cms.security;
35
36 import info.magnolia.cms.beans.config.ContentRepository;
37 import info.magnolia.content2bean.Content2BeanTransformer;
38 import info.magnolia.content2bean.PropertyTypeDescriptor;
39 import info.magnolia.content2bean.TransformationState;
40 import info.magnolia.content2bean.TypeDescriptor;
41 import info.magnolia.content2bean.impl.Content2BeanTransformerImpl;
42 import info.magnolia.objectfactory.ObservedComponentFactory;
43
44 import javax.servlet.http.HttpServletRequest;
45 import java.util.Arrays;
46 import java.util.Collections;
47 import java.util.HashMap;
48 import java.util.Map;
49 import java.util.Set;
50 import java.util.TreeSet;
51
52
53
54
55
56
57
58
59 public class IPSecurityManagerImpl implements IPSecurityManager {
60 private static final String ALL = "*";
61
62
63
64
65 private Map<String, Rule> rules;
66
67 public IPSecurityManagerImpl() {
68 this.rules = new HashMap<String, Rule>();
69 }
70
71 public boolean isAllowed(HttpServletRequest req) {
72 final Rule rule = getRule(req.getRemoteAddr());
73 return rule != null && rule.allowsMethod(req.getMethod());
74 }
75
76 public boolean isAllowed(String ip) {
77 return getRule(ip) != null;
78 }
79
80 protected Rule getRule(String ip) {
81 if (rules.containsKey(ip)) {
82 return rules.get(ip);
83 } else {
84 return rules.get(ALL);
85 }
86 }
87
88 public Map<String, Rule> getRules() {
89 return rules;
90 }
91
92 public void setRules(Map<String, Rule> rules) {
93 this.rules = rules;
94 }
95
96 public void addRule(String name, Rule rule) {
97 rules.put(name, rule);
98 }
99
100
101
102
103 public static final class InstanceFactory extends ObservedComponentFactory<IPSecurityManager> {
104 public InstanceFactory() {
105 super(ContentRepository.CONFIG, "/server/IPConfig", IPSecurityManager.class);
106 }
107
108 protected Content2BeanTransformer getContent2BeanTransformer() {
109 return new IPSecurityManagerTransformer();
110 }
111 }
112
113
114
115
116 public static final class IPSecurityManagerTransformer extends Content2BeanTransformerImpl {
117
118 public void setProperty(TransformationState state, PropertyTypeDescriptor descriptor, Map<String, Object> values) {
119 final Object currentBean = state.getCurrentBean();
120 if (currentBean instanceof IPSecurityManagerImpl) {
121 final IPSecurityManagerImpl ipSecMan = (IPSecurityManagerImpl) currentBean;
122 for (Object o : values.values()) {
123 if (o instanceof Rule) {
124 final Rule rule = (Rule) o;
125 ipSecMan.addRule(rule.getIP(), rule);
126 }
127 }
128 }
129 super.setProperty(state, descriptor, values);
130 }
131
132 protected TypeDescriptor onResolveType(TransformationState state,
133 TypeDescriptor resolvedType) {
134 if (state.getLevel() == 2 && resolvedType == null) {
135 return this.getTypeMapping().getTypeDescriptor(Rule.class);
136 }
137 return super.onResolveType(state, resolvedType);
138 }
139
140 }
141
142
143
144
145 public static final class Rule {
146 private String name;
147 private String ip;
148 private Set<String> methods;
149
150 public Rule() {
151 this.methods = Collections.emptySet();
152 }
153
154 public String getName() {
155 return name;
156 }
157
158 public void setName(String name) {
159 this.name = name;
160 }
161
162 public String getIP() {
163 return ip;
164 }
165
166 public void setIP(String ip) {
167 this.ip = ip;
168 }
169
170 public boolean allowsMethod(String s) {
171 return methods.contains(s);
172 }
173
174 public String getMethods() {
175 throw new IllegalStateException("Just faking a getter for content2bean's sake.");
176 }
177
178 public void setMethods(String methods) {
179 this.methods = new TreeSet<String>(String.CASE_INSENSITIVE_ORDER);
180 this.methods.addAll(Arrays.asList(methods.split(",")));
181 }
182 }
183
184 }