1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.cms.security;
35
36 import info.magnolia.jcr.node2bean.Node2BeanTransformer;
37 import info.magnolia.jcr.node2bean.PropertyTypeDescriptor;
38 import info.magnolia.jcr.node2bean.TransformationState;
39 import info.magnolia.jcr.node2bean.TypeDescriptor;
40 import info.magnolia.jcr.node2bean.TypeMapping;
41 import info.magnolia.jcr.node2bean.impl.Node2BeanTransformerImpl;
42 import info.magnolia.objectfactory.ComponentProvider;
43 import info.magnolia.objectfactory.ObservedComponentFactory;
44 import info.magnolia.repository.RepositoryConstants;
45
46 import javax.jcr.RepositoryException;
47 import javax.servlet.http.HttpServletRequest;
48 import java.util.Arrays;
49 import java.util.Collections;
50 import java.util.HashMap;
51 import java.util.Map;
52 import java.util.Set;
53 import java.util.TreeSet;
54
55
56
57
58
59
60
61
62 public class IPSecurityManagerImpl implements IPSecurityManager {
63 private static final String ALL = "*";
64
65
66
67
68 private Map<String, Rule> rules;
69
70 public IPSecurityManagerImpl() {
71 this.rules = new HashMap<String, Rule>();
72 }
73
74 @Override
75 public boolean isAllowed(HttpServletRequest req) {
76 final Rule rule = getRule(req.getRemoteAddr());
77 return rule != null && rule.allowsMethod(req.getMethod());
78 }
79
80 @Override
81 public boolean isAllowed(String ip) {
82 return getRule(ip) != null;
83 }
84
85 protected Rule getRule(String ip) {
86 return (rules.containsKey(ip)) ? rules.get(ip) : rules.get(ALL);
87 }
88
89 public Map<String, Rule> getRules() {
90 return rules;
91 }
92
93 public void setRules(Map<String, Rule> rules) {
94 this.rules = rules;
95 }
96
97 public void addRule(String name, Rule rule) {
98 rules.put(name, rule);
99 }
100
101
102
103
104 public static final class InstanceFactory extends ObservedComponentFactory<IPSecurityManager> {
105 public InstanceFactory() {
106 super(RepositoryConstants.CONFIG, "/server/IPConfig", IPSecurityManager.class);
107 }
108
109 @Override
110 protected Node2BeanTransformer getNode2BeanTransformer() {
111 return new IPSecurityManagerTransformer();
112 }
113 }
114
115
116
117
118 public static final class IPSecurityManagerTransformer extends Node2BeanTransformerImpl {
119
120 @Override
121 public void setProperty(TypeMapping typeMapping, TransformationState state, PropertyTypeDescriptor descriptor, Map<String, Object> values) throws RepositoryException {
122 final Object currentBean = state.getCurrentBean();
123 if (currentBean instanceof IPSecurityManagerImpl) {
124 final IPSecurityManagerImpl ipSecMan = (IPSecurityManagerImpl) currentBean;
125 for (Object o : values.values()) {
126 if (o instanceof Rule) {
127 final Rule rule = (Rule) o;
128 ipSecMan.addRule(rule.getIP(), rule);
129 }
130 }
131 }
132 super.setProperty(typeMapping, state, descriptor, values);
133 }
134
135 @Override
136 protected TypeDescriptor onResolveType(TypeMapping typeMapping, TransformationState state, TypeDescriptor resolvedType, ComponentProvider componentProvider) {
137 if (state.getLevel() == 2 && resolvedType == null) {
138 return typeMapping.getTypeDescriptor(Rule.class);
139 }
140 return super.onResolveType(typeMapping, state, resolvedType, componentProvider);
141 }
142
143 }
144
145
146
147
148 public static final class Rule {
149 private String name;
150 private String ip;
151 private Set<String> methods;
152
153 public Rule() {
154 this.methods = Collections.emptySet();
155 }
156
157 public String getName() {
158 return name;
159 }
160
161 public void setName(String name) {
162 this.name = name;
163 }
164
165 public String getIP() {
166 return ip;
167 }
168
169 public void setIP(String ip) {
170 this.ip = ip;
171 }
172
173 public boolean allowsMethod(String s) {
174 return methods.contains(s);
175 }
176
177 public String getMethods() {
178 throw new IllegalStateException("Just faking a getter for content2bean's sake.");
179 }
180
181 public void setMethods(String methods) {
182 this.methods = new TreeSet<String>(String.CASE_INSENSITIVE_ORDER);
183 this.methods.addAll(Arrays.asList(methods.split(",")));
184 }
185 }
186
187 }