1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.cms.security;
35
36 import info.magnolia.cms.beans.config.ContentRepository;
37 import info.magnolia.content2bean.Content2BeanTransformer;
38 import info.magnolia.content2bean.PropertyTypeDescriptor;
39 import info.magnolia.content2bean.TransformationState;
40 import info.magnolia.content2bean.TypeDescriptor;
41 import info.magnolia.content2bean.impl.Content2BeanTransformerImpl;
42 import info.magnolia.objectfactory.ObservedComponentFactory;
43
44 import javax.servlet.http.HttpServletRequest;
45 import java.util.Arrays;
46 import java.util.Collections;
47 import java.util.HashMap;
48 import java.util.Map;
49 import java.util.Set;
50 import java.util.TreeSet;
51
52
53
54
55
56
57 public class IPSecurityManagerImpl implements IPSecurityManager {
58 private static final String ALL = "*";
59 private Map<String, Rule> rules;
60
61 public IPSecurityManagerImpl() {
62 this.rules = new HashMap<String, Rule>();
63 }
64
65 public boolean isAllowed(HttpServletRequest req) {
66 final Rule rule = getRule(req.getRemoteAddr());
67 return rule != null && rule.allowsMethod(req.getMethod());
68 }
69
70 public boolean isAllowed(String ip) {
71 return getRule(ip) != null;
72 }
73
74 protected Rule getRule(String ip) {
75 if (rules.containsKey(ip)) {
76 return rules.get(ip);
77 } else {
78 return rules.get(ALL);
79 }
80 }
81
82 public Map<String, Rule> getRules() {
83 return rules;
84 }
85
86 public void setRules(Map<String, Rule> rules) {
87 this.rules = rules;
88 }
89
90 public void addRule(String name, Rule rule) {
91 rules.put(name, rule);
92 }
93
94 public static final class InstanceFactory extends ObservedComponentFactory<IPSecurityManager> {
95 public InstanceFactory() {
96 super(ContentRepository.CONFIG, "/server/IPConfig", IPSecurityManager.class);
97 }
98
99 protected Content2BeanTransformer getContent2BeanTransformer() {
100 return new IPSecurityManagerTransformer();
101 }
102 }
103
104 public static final class IPSecurityManagerTransformer extends Content2BeanTransformerImpl {
105
106 public void setProperty(TransformationState state, PropertyTypeDescriptor descriptor, Map<String, Object> values) {
107 final Object currentBean = state.getCurrentBean();
108 if (currentBean instanceof IPSecurityManagerImpl) {
109 final IPSecurityManagerImpl ipSecMan = (IPSecurityManagerImpl) currentBean;
110 for (Object o : values.values()) {
111 if (o instanceof Rule) {
112 final Rule rule = (Rule) o;
113 ipSecMan.addRule(rule.getIP(), rule);
114 }
115 }
116 }
117 super.setProperty(state, descriptor, values);
118 }
119
120 protected TypeDescriptor onResolveType(TransformationState state,
121 TypeDescriptor resolvedType) {
122 if (state.getLevel() == 2 && resolvedType == null) {
123 return this.getTypeMapping().getTypeDescriptor(Rule.class);
124 }
125 return super.onResolveType(state, resolvedType);
126 }
127
128 }
129
130 public static final class Rule {
131 private String name;
132 private String ip;
133 private Set<String> methods;
134
135 public Rule() {
136 this.methods = Collections.emptySet();
137 }
138
139 public String getName() {
140 return name;
141 }
142
143 public void setName(String name) {
144 this.name = name;
145 }
146
147 public String getIP() {
148 return ip;
149 }
150
151 public void setIP(String ip) {
152 this.ip = ip;
153 }
154
155 public boolean allowsMethod(String s) {
156 return methods.contains(s);
157 }
158
159 public String getMethods() {
160 throw new IllegalStateException("Just faking a getter for content2bean's sake.");
161 }
162
163 public void setMethods(String methods) {
164 this.methods = new TreeSet<String>(String.CASE_INSENSITIVE_ORDER);
165 this.methods.addAll(Arrays.asList(methods.split(",")));
166 }
167 }
168
169 }