001: package com.salmonllc.remote.server;
002:
003: import com.salmonllc.remote.Reflect;
004:
005: import java.util.Vector;
006:
007: /**
008: * Created by IntelliJ IDEA.
009: * User: Fred Cahill
010: * Date: Sep 29, 2004
011: * Time: 9:27:06 AM
012: * To change this template use Options | File Templates.
013: */
014: /*
015: * This class is the default RemoteReflectionSecurityPolicy instance assigned to RemoteReflector servlet.
016: */
017: public class RemoteReflectionSecurityManager implements
018: RemoteReflectionSecurityPolicy {
019:
020: private class ClassMethod {
021: String _cls;
022: String _method;
023:
024: ClassMethod(String sClass, String sMethod) {
025: _cls = sClass;
026: _method = sMethod;
027: }
028:
029: public boolean equals(Object obj) {
030: if (obj != null && obj instanceof ClassMethod) {
031: return (((ClassMethod) obj).getClassName().equals(_cls) && ((ClassMethod) obj)
032: .getMethod().equals(_method));
033: }
034: return false;
035: }
036:
037: public String getClassName() {
038: return _cls;
039: }
040:
041: public String getMethod() {
042: return _method;
043: }
044: }
045:
046: private Vector vAllowedClasses = new Vector();
047: private Vector vAllowedClassesMethods = new Vector();
048:
049: /*
050: * Checks to see if Instantiation is allowed for the passed class.
051: * @param cl java.lang.Class The class to check to see if allowed to instantiate.
052: * @return boolean indicates wheather the class is allowed to be instantiated by the RemoteReflector Servlet
053: */
054: public boolean isInstantiationAllowed(Class cl) {
055: Class[] interfaces = cl.getInterfaces();
056: if (interfaces != null) {
057: for (int i = 0; i < interfaces.length; i++) {
058: if (interfaces[i].getName().equals(
059: Reflect.class.getName()))
060: return true;
061: if (vAllowedClasses.contains(cl.getName()))
062: return true;
063: }
064: }
065: return false;
066: }
067:
068: /*
069: * Checks to see if Instantiation is allowed for the passed class.
070: * @param obj java.lang.Object The object for which you want to execute the method on.
071: * @param sMethod java.lang.String The method you want to check if you are allowed to execute.
072: * @return boolean indicates wheather the method is allowed to be executed on the passed object by the RemoteReflector Servlet
073: */
074: public boolean isMethodCallAllowed(Object obj, String sMethod) {
075: if (obj instanceof Reflect)
076: return true;
077: if (vAllowedClassesMethods.contains(new ClassMethod(obj
078: .getClass().getName(), sMethod)))
079: return true;
080: return false;
081: }
082:
083: /*
084: * Specifies a class to allow instantiation of via RemoteReflector.
085: * @param cl java.lang.Class The class to allow to instantiate.
086: */
087: public void allowInstantiation(Class cl) {
088: if (!vAllowedClasses.contains(cl.getName()))
089: vAllowedClasses.addElement(cl.getName());
090: }
091:
092: /*
093: * Specifies a class and method to allow execution of via RemoteReflector.
094: * @param cl java.lang.Class The class to allow to execute specified method on.
095: * @param sMethod java.lang.String The method to which to allow execution of.
096: */
097: public void allowMethodCall(Class cl, String sMethod) {
098: ClassMethod cm = new ClassMethod(cl.getName(), sMethod);
099: if (!vAllowedClassesMethods.contains(cm))
100: vAllowedClassesMethods.addElement(cm);
101: }
102:
103: /*
104: * Removes the specified class from the allowed classes to be instantiated via RemoteReflector.
105: * @param cl java.lang.Class The class to remove from allowed classes.
106: */
107: public void removeInstantiation(Class cl) {
108: vAllowedClasses.removeElement(cl.getName());
109: }
110:
111: /*
112: * Specifies a class and method to remove from allowed class/methods.
113: * @param cl java.lang.Class The class to which the method belongs.
114: * @param sMethod java.lang.String The method to remove from allowed.
115: */
116: public void removeMethodCall(Class cl, String sMethod) {
117: vAllowedClassesMethods.removeElement(new ClassMethod(cl
118: .getName(), sMethod));
119: }
120:
121: /**
122: * @return Returns the Vector of Allowed classes.
123: */
124: public Vector getAllowedClasses() {
125: return vAllowedClasses;
126: }
127:
128: /**
129: * @param Sets the Vector of allowed classes
130: */
131: public void setAllowedClasses(Vector allowedClasses) {
132: vAllowedClasses = allowedClasses;
133: }
134:
135: /**
136: * @return Returns the vector of Allowed Class Methods.
137: */
138: public Vector getAllowedClassesMethods() {
139: return vAllowedClassesMethods;
140: }
141:
142: /**
143: * @param allowedClassesMethods A vector of Allowed Class Methods to set.
144: */
145: public void setAllowedClassesMethods(Vector allowedClassesMethods) {
146: vAllowedClassesMethods = allowedClassesMethods;
147: }
148: }
|