001: /*
002: * UserAccessController.java
003: *
004: * Created on May 23, 2003, 12:15 PM
005: */
006:
007: package com.sun.portal.netlet.eproxy;
008:
009: /*
010: *
011: * Checks for access control either at the GW or Netlet Proxy. Checking access
012: * just at the netlet servlet is not enough
013: *
014: * @author Rajesh T @date 23 - 05 - 2003
015: */
016:
017: import java.net.InetAddress;
018: import java.net.UnknownHostException;
019: import java.util.List;
020: import java.util.StringTokenizer;
021: import java.util.logging.Level;
022: import java.util.logging.Logger;
023:
024: import com.sun.portal.log.common.PortalLogger;
025: import com.sun.portal.rproxy.configservlet.client.GatewayProfile;
026: import com.sun.portal.rproxy.configservlet.client.NetletProfile;
027:
028: public class NetletAccessController {
029:
030: private NetletProfile netletUserProfile = null;
031:
032: private List denyList = null;
033:
034: private List allowList = null;
035:
036: private static final String serverDomain = GatewayProfile
037: .getString("DefaultDomainAndSubdomains", null);
038:
039: private static Logger logger = PortalLogger
040: .getLogger(NetletAccessController.class);
041:
042: /*
043: * Create a instance of Netlet Access Controller
044: */
045:
046: public NetletAccessController(NetletProfile netletProfile) {
047: netletUserProfile = netletProfile;
048: denyList = netletUserProfile.getStringList("DenyHosts");
049: allowList = netletUserProfile.getStringList("AccessHosts");
050: }
051:
052: /*
053: * Service based access control - TBD
054: */
055:
056: public boolean isAccessAllowed(String host, int port) {
057: return isAccessAllowed(host.trim() + ":"
058: + Integer.toString(port));
059: }
060:
061: /*
062: * If there a match in deny list deny access - Deny takes precedence then
063: * check allow list if enry found allow access else deny.
064: */
065:
066: public boolean isAccessAllowed(String host) {
067: StringTokenizer hosts = new StringTokenizer(host, "+");
068:
069: while (hosts.hasMoreTokens()) {
070: String currentHost = hosts.nextToken().toString();
071: if (!isValidHost(currentHost)) {
072: logger
073: .warning("NetletAccessController: host not resolvable : "
074: + currentHost);
075: /* BugFix: 5067138 - begins */
076: continue;
077: } else {
078: if (checkDenyAccess(currentHost)) {
079: continue;
080: }
081:
082: if (!checkAllowAccess(currentHost)) {
083: continue;
084: }
085: return true;
086: }
087: }
088: return false;
089: /*
090: * BugFix: 5067138 - ends. Return false only if none of the hosts are
091: * resolvable.
092: */
093: }
094:
095: /*
096: * Checks whether the given hostname is valid or not.
097: */
098: private boolean isValidHost(String hostName) {
099: InetAddress inetaddr = null;
100: try {
101: inetaddr = InetAddress.getByName(hostName);
102: } catch (UnknownHostException uhe) {
103: return false;
104: }
105: String resolvedHostName = inetaddr.getHostName();
106: if (isIPAddress(hostName) && hostName.equals(resolvedHostName)) {
107: return false;
108: }
109: return true;
110: }
111:
112: /*
113: * Is there match in Allow List ?
114: */
115:
116: private boolean checkAllowAccess(String host) {
117:
118: if (allowList != null) {
119: boolean stringMatch = false;
120: String ipAddr = null;
121: try {
122: InetAddress inetaddr = InetAddress.getByName(host);
123: if (isIPAddress(host)) {
124: ipAddr = host;
125: host = inetaddr.getHostName();
126: } else {
127: ipAddr = inetaddr.getHostAddress();
128: }
129: } catch (UnknownHostException uhe) {
130: }
131: if (host.indexOf(".") == -1 && serverDomain != null) {
132: host += ".";
133: host += serverDomain;
134: }
135: for (int i = 0; i < allowList.size(); i++) {
136: String privilegeString = (String) allowList.get(i);
137: if (privilegeString.equals("*")) {
138: return true;
139: }
140:
141: if (privilegeString.indexOf(".") == -1
142: && serverDomain != null) {
143: privilegeString += ".";
144: privilegeString += serverDomain;
145: }
146:
147: stringMatch = wildcardMatch(host.toLowerCase(),
148: privilegeString.toLowerCase());
149: if (!stringMatch) {
150: stringMatch = wildcardMatch(ipAddr, privilegeString
151: .toLowerCase());
152: }
153:
154: // logger.info("NetletAccessController : Checking Allow : " +
155: Object[] param = { host, ipAddr, serverDomain,
156: privilegeString, new Boolean(stringMatch) };
157: logger.log(Level.INFO, "PSSRNTLT_CSPNEPROX045", param);
158:
159: if (stringMatch)
160: return true;
161:
162: }
163: }
164: return false;
165: }
166:
167: /*
168: * Is there match in Deny List ?
169: */
170:
171: private boolean checkDenyAccess(String host) {
172: if (denyList != null) {
173: boolean stringMatch = false;
174: String ipAddr = null;
175: try {
176: InetAddress inetaddr = InetAddress.getByName(host);
177: if (isIPAddress(host)) {
178: ipAddr = host;
179: host = inetaddr.getHostName();
180: } else {
181: ipAddr = inetaddr.getHostAddress();
182: }
183: } catch (UnknownHostException uhe) {
184: }
185: if (host.indexOf(".") == -1 && serverDomain != null) {
186: host += ".";
187: host += serverDomain;
188: }
189: for (int i = 0; i < denyList.size(); i++) {
190: String privilegeString = (String) denyList.get(i);
191: if (privilegeString.length() > 0) {
192: if (privilegeString.equals("*")) {
193: return true;
194: }
195:
196: if (privilegeString.indexOf(".") == -1
197: && serverDomain != null) {
198: privilegeString += ".";
199: privilegeString += serverDomain;
200: }
201:
202: stringMatch = wildcardMatch(host.toLowerCase(),
203: privilegeString.toLowerCase());
204: if (!stringMatch) {
205: // check for IP Address.
206: stringMatch = wildcardMatch(ipAddr,
207: privilegeString.toLowerCase());
208: }
209: // logger.info("NetletAccessController : Checking Deny : " +
210: Object[] params = { host, ipAddr, privilegeString,
211: new Boolean(stringMatch) };
212: logger.log(Level.INFO, "PSSRNTLT_CSPNEPROX046",
213: params);
214:
215: }
216:
217: if (stringMatch)
218: return true;
219: }
220: }
221: return false;
222: }
223:
224: /*
225: * Look for wildcard match
226: */
227:
228: private boolean wildcardMatch(String str1, String str2) {
229: int beginIndex1 = 0;
230: int endIndex1 = 0;
231: int beginIndex2 = 0;
232: int endIndex2 = 0;
233: int strlen1 = str1.length();
234: int strlen2 = str2.length();
235: String substr = null;
236:
237: // if one of the string is null, consider it no match.
238: if ((str1 == null) || (str2 == null))
239: return (false);
240:
241: if ((endIndex2 = str2.indexOf('*', beginIndex2)) != -1) {
242: // get the substring prior to the first '*'
243: substr = str2.substring(beginIndex2, endIndex2);
244:
245: // check if the first char in str2 is '*', i.e. the substring is
246: // null
247: if (endIndex2 > beginIndex2) {
248: // str1 contains the substring too? if not, no match
249: if ((beginIndex1 = str1.indexOf(substr, beginIndex1)) == -1)
250: return (false);
251: // if it is not a SUFFIX match, then the prefixes should be
252: // equal
253: if ((beginIndex1 != beginIndex2))
254: return (false);
255: }
256: // move the pointer to next char after the substring already matched
257: beginIndex1 = beginIndex1 + (endIndex2 - beginIndex2);
258: if (endIndex2 >= strlen2 - 1)
259: return (true);
260: beginIndex2 = endIndex2 + 1;
261: } else // str2 doesn't contain wildcard '*'
262: {
263: if ((beginIndex1 = str1.indexOf(str2)) == -1)
264: return (false);
265: if ((strlen1 == strlen2))
266: return (true);
267: return (false);
268: }
269:
270: // There are more than '*'s in str2, repeat what we have done
271: while ((endIndex2 = str2.indexOf('*', beginIndex2)) != -1) {
272: substr = str2.substring(beginIndex2, endIndex2);
273: if (endIndex2 > beginIndex2)
274: if ((beginIndex1 = str1.indexOf(substr, beginIndex1)) == -1)
275: return (false);
276: beginIndex1 = beginIndex1 + (endIndex2 - beginIndex2);
277: if (endIndex2 >= strlen2 - 1)
278: return (true);
279: beginIndex2 = endIndex2 + 1;
280: }
281: // The substring after the last '*'
282: substr = str2.substring(beginIndex2, strlen2);
283:
284: if ((endIndex1 = str1.lastIndexOf(substr, strlen1 - 1)) == -1)
285: return (false);
286:
287: if (beginIndex1 > endIndex1)
288: return (false);
289:
290: beginIndex1 = endIndex1;
291: if (((strlen1 - beginIndex1) == (strlen2 - beginIndex2)))
292: return (true);
293: return (false);
294: }
295:
296: /*
297: * Checks whether the given String is in pure IPAddress format
298: */
299:
300: private boolean isIPAddress(String hostName) {
301: StringTokenizer st = new StringTokenizer(hostName, ".");
302: int count = 0;
303: while (st.hasMoreTokens()) {
304: String str = st.nextToken();
305: try {
306: int intVal = Integer.parseInt(str);
307: if (intVal > 255)
308: return false;
309: } catch (NumberFormatException ex) {
310: return false;
311: }
312: ++count;
313: }
314: return count == 4 ? true : false;
315: }
316:
317: }
|