1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.cms.security;
35
36 import info.magnolia.content2bean.Content2BeanTransformer;
37 import info.magnolia.content2bean.PropertyTypeDescriptor;
38 import info.magnolia.content2bean.TransformationState;
39 import info.magnolia.content2bean.TypeDescriptor;
40 import info.magnolia.content2bean.TypeMapping;
41 import info.magnolia.content2bean.impl.Content2BeanTransformerImpl;
42 import info.magnolia.objectfactory.ComponentProvider;
43 import info.magnolia.objectfactory.ObservedComponentFactory;
44 import info.magnolia.repository.RepositoryConstants;
45
46 import javax.servlet.http.HttpServletRequest;
47 import java.util.Arrays;
48 import java.util.Collections;
49 import java.util.HashMap;
50 import java.util.Map;
51 import java.util.Set;
52 import java.util.TreeSet;
53
54
55
56
57
58
59
60
61 public class IPSecurityManagerImpl implements IPSecurityManager {
62 private static final String ALL = "*";
63
64
65
66
67 private Map<String, Rule> rules;
68
69 public IPSecurityManagerImpl() {
70 this.rules = new HashMap<String, Rule>();
71 }
72
73 @Override
74 public boolean isAllowed(HttpServletRequest req) {
75 final Rule rule = getRule(req.getRemoteAddr());
76 return rule != null && rule.allowsMethod(req.getMethod());
77 }
78
79 @Override
80 public boolean isAllowed(String ip) {
81 return getRule(ip) != null;
82 }
83
84 protected Rule getRule(String ip) {
85 return (rules.containsKey(ip)) ? rules.get(ip) : rules.get(ALL);
86 }
87
88 public Map<String, Rule> getRules() {
89 return rules;
90 }
91
92 public void setRules(Map<String, Rule> rules) {
93 this.rules = rules;
94 }
95
96 public void addRule(String name, Rule rule) {
97 rules.put(name, rule);
98 }
99
100
101
102
103 public static final class InstanceFactory extends ObservedComponentFactory<IPSecurityManager> {
104 public InstanceFactory() {
105 super(RepositoryConstants.CONFIG, "/server/IPConfig", IPSecurityManager.class);
106 }
107
108 @Override
109 protected Content2BeanTransformer getContent2BeanTransformer() {
110 return new IPSecurityManagerTransformer();
111 }
112 }
113
114
115
116
117 public static final class IPSecurityManagerTransformer extends Content2BeanTransformerImpl {
118
119 @Override
120 public void setProperty(TypeMapping typeMapping, TransformationState state, PropertyTypeDescriptor descriptor, Map<String, Object> values) {
121 final Object currentBean = state.getCurrentBean();
122 if (currentBean instanceof IPSecurityManagerImpl) {
123 final IPSecurityManagerImpl ipSecMan = (IPSecurityManagerImpl) currentBean;
124 for (Object o : values.values()) {
125 if (o instanceof Rule) {
126 final Rule rule = (Rule) o;
127 ipSecMan.addRule(rule.getIP(), rule);
128 }
129 }
130 }
131 super.setProperty(typeMapping, state, descriptor, values);
132 }
133
134 @Override
135 protected TypeDescriptor onResolveType(TypeMapping typeMapping, TransformationState state, TypeDescriptor resolvedType, ComponentProvider componentProvider) {
136 if (state.getLevel() == 2 && resolvedType == null) {
137 return typeMapping.getTypeDescriptor(Rule.class);
138 }
139 return super.onResolveType(typeMapping, state, resolvedType, componentProvider);
140 }
141
142 }
143
144
145
146
147 public static final class Rule {
148 private String name;
149 private String ip;
150 private Set<String> methods;
151
152 public Rule() {
153 this.methods = Collections.emptySet();
154 }
155
156 public String getName() {
157 return name;
158 }
159
160 public void setName(String name) {
161 this.name = name;
162 }
163
164 public String getIP() {
165 return ip;
166 }
167
168 public void setIP(String ip) {
169 this.ip = ip;
170 }
171
172 public boolean allowsMethod(String s) {
173 return methods.contains(s);
174 }
175
176 public String getMethods() {
177 throw new IllegalStateException("Just faking a getter for content2bean's sake.");
178 }
179
180 public void setMethods(String methods) {
181 this.methods = new TreeSet<String>(String.CASE_INSENSITIVE_ORDER);
182 this.methods.addAll(Arrays.asList(methods.split(",")));
183 }
184 }
185
186 }