View Javadoc
1   /**
2    * This file Copyright (c) 2003-2018 Magnolia International
3    * Ltd.  (http://www.magnolia-cms.com). All rights reserved.
4    *
5    *
6    * This file is dual-licensed under both the Magnolia
7    * Network Agreement and the GNU General Public License.
8    * You may elect to use one or the other of these licenses.
9    *
10   * This file is distributed in the hope that it will be
11   * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12   * implied warranty of MERCHANTABILITY or FITNESS FOR A
13   * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14   * Redistribution, except as permitted by whichever of the GPL
15   * or MNA you select, is prohibited.
16   *
17   * 1. For the GPL license (GPL), you can redistribute and/or
18   * modify this file under the terms of the GNU General
19   * Public License, Version 3, as published by the Free Software
20   * Foundation.  You should have received a copy of the GNU
21   * General Public License, Version 3 along with this program;
22   * if not, write to the Free Software Foundation, Inc., 51
23   * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24   *
25   * 2. For the Magnolia Network Agreement (MNA), this file
26   * and the accompanying materials are made available under the
27   * terms of the MNA which accompanies this distribution, and
28   * is available at http://www.magnolia-cms.com/mna.html
29   *
30   * Any modifications to this file must keep this entire header
31   * intact.
32   *
33   */
34  package info.magnolia.cms.security;
35  
36  import info.magnolia.jcr.node2bean.Node2BeanTransformer;
37  import info.magnolia.jcr.node2bean.PropertyTypeDescriptor;
38  import info.magnolia.jcr.node2bean.TransformationState;
39  import info.magnolia.jcr.node2bean.TypeDescriptor;
40  import info.magnolia.jcr.node2bean.TypeMapping;
41  import info.magnolia.jcr.node2bean.impl.Node2BeanTransformerImpl;
42  import info.magnolia.objectfactory.ComponentProvider;
43  import info.magnolia.objectfactory.ObservedComponentFactory;
44  import info.magnolia.repository.RepositoryConstants;
45  
46  import java.util.Arrays;
47  import java.util.Collections;
48  import java.util.HashMap;
49  import java.util.Map;
50  import java.util.Set;
51  import java.util.TreeSet;
52  
53  import javax.jcr.RepositoryException;
54  import javax.servlet.http.HttpServletRequest;
55  
56  
57  /**
58   * A very limited implementation of {@link IPSecurityManager}. On can either limit the IP addresses
59   * (no patterns), or grant access for all IPs.
60   */
61  public class IPSecurityManagerImpl implements IPSecurityManager {
62      private static final String ALL = "*";
63  
64      /**
65       * The key is the IP.
66       */
67      private Map<String, Rule> rules;
68  
69      public IPSecurityManagerImpl() {
70          this.rules = new HashMap<String, Rule>();
71      }
72  
73      @Override
74      public boolean isAllowed(HttpServletRequest req) {
75          final Rule rule = getRule(req.getRemoteAddr());
76          return rule != null && rule.allowsMethod(req.getMethod());
77      }
78  
79      @Override
80      public boolean isAllowed(String ip) {
81          return getRule(ip) != null;
82      }
83  
84      protected Rule getRule(String ip) {
85          return (rules.containsKey(ip)) ? rules.get(ip) : rules.get(ALL);
86      }
87  
88      public Map<String, Rule> getRules() {
89          return rules;
90      }
91  
92      public void setRules(Map<String, Rule> rules) {
93          this.rules = rules;
94      }
95  
96      public void addRule(String name, Rule rule) {
97          rules.put(name, rule);
98      }
99  
100     /**
101      * Provides a custom transformer as the current configuration is not c2b friendly.
102      */
103     public static final class InstanceFactory extends ObservedComponentFactory<IPSecurityManager> {
104         public InstanceFactory() {
105             super(RepositoryConstants.CONFIG, "/server/IPConfig", IPSecurityManager.class);
106         }
107 
108         @Override
109         protected Node2BeanTransformer getNode2BeanTransformer() {
110             return new IPSecurityManagerTransformer();
111         }
112     }
113 
114     /**
115      * Transformer which uses the IP value of the rule as the key.
116      */
117     public static final class IPSecurityManagerTransformer extends Node2BeanTransformerImpl {
118 
119         @Override
120         public void setProperty(TypeMapping typeMapping, TransformationState state, PropertyTypeDescriptor descriptor, Map<String, Object> values) throws RepositoryException {
121             final Object currentBean = state.getCurrentBean();
122             if (currentBean instanceof IPSecurityManagerImpl) {
123                 final IPSecurityManagerImplmagnolia/cms/security/IPSecurityManagerImpl.html#IPSecurityManagerImpl">IPSecurityManagerImpl ipSecMan = (IPSecurityManagerImpl) currentBean;
124                 for (Object o : values.values()) {
125                     if (o instanceof Rule) {
126                         final Rule rule = (Rule) o;
127                         ipSecMan.addRule(rule.getIP(), rule);
128                     }
129                 }
130             }
131             super.setProperty(typeMapping, state, descriptor, values);
132         }
133 
134         @Override
135         protected TypeDescriptorDescriptor">TypeDescriptor onResolveType(TypeMapping typeMapping, TransformationState state, TypeDescriptor resolvedType, ComponentProvider componentProvider) {
136             if (state.getLevel() == 2 && resolvedType == null) {
137                 return typeMapping.getTypeDescriptor(Rule.class);
138             }
139             return super.onResolveType(typeMapping, state, resolvedType, componentProvider);
140         }
141 
142     }
143 
144     /**
145      * Basic rule. Does not support patterns.
146      */
147     public static final class Rule {
148         private String name;
149         private String ip;
150         private Set<String> methods;
151 
152         public Rule() {
153             this.methods = Collections.emptySet();
154         }
155 
156         public String getName() {
157             return name;
158         }
159 
160         public void setName(String name) {
161             this.name = name;
162         }
163 
164         public String getIP() {
165             return ip;
166         }
167 
168         public void setIP(String ip) {
169             this.ip = ip;
170         }
171 
172         public boolean allowsMethod(String s) {
173             return methods.contains(s);
174         }
175 
176         public String getMethods() {
177             throw new IllegalStateException("Just faking a getter for content2bean's sake.");
178         }
179 
180         public void setMethods(String methods) {
181             this.methods = new TreeSet<String>(String.CASE_INSENSITIVE_ORDER);
182             this.methods.addAll(Arrays.asList(methods.split(",")));
183         }
184     }
185 
186 }