org.hsqldb.server
Class ServerAcl

java.lang.Object
  extended by org.hsqldb.server.ServerAcl

public final class ServerAcl
extends Object

A list of ACL permit and deny entries with a permitAccess method which tells whether candidate addresses are permitted or denied by this ACL list.

The ACL file is reloaded whenever a modification to it is detected. If you copy in a file with an older file date, you will need to touch it.

The public runtime method is permitAccess(). The public setup method is the constructor.

Each non-comment line in the ACL file must be a rule of the format:


     {allow|deny} <ip_address>[/significant-bits]
 
For example

     allow ahostname
     deny ahost.domain.com
     allow 127.0.0.1
     allow 2001:db8::/32
 

In order to detect bit specification mistakes, we require that non-significant bits be zero in the values. An undesirable consequence of this is, you can't use a specification like the following to mean "all of the hosts on the same network as x.admc.com":


     allow x.admc.com/24
 

See Also:
ServerAcl(File), permitAccess(java.lang.String)

Nested Class Summary
static class ServerAcl.AclFormatException
           
 
Constructor Summary
ServerAcl(File aclFile)
           
 
Method Summary
static String colonNotation(byte[] uba)
           
static String dottedNotation(byte[] uba)
           
static void main(String[] sa)
          Utility method that allows interactive testing of individual ACL records, as well as the net effect of the ACL record list.
 boolean permitAccess(byte[] addr)
           
 boolean permitAccess(String s)
          Uses system network libraries to resolve the given String to an IP addr, then determine whether this address is permitted or denied.
 void setPrintWriter(PrintWriter pw)
           
 String toString()
           
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

ServerAcl

public ServerAcl(File aclFile)
          throws IOException,
                 ServerAcl.AclFormatException
Throws:
IOException
ServerAcl.AclFormatException
Method Detail

dottedNotation

public static String dottedNotation(byte[] uba)
Parameters:
uba - Unsigned byte array
Returns:
String

colonNotation

public static String colonNotation(byte[] uba)
Parameters:
uba - Unsigned byte array
Returns:
String

setPrintWriter

public void setPrintWriter(PrintWriter pw)

toString

public String toString()
Overrides:
toString in class Object

permitAccess

public boolean permitAccess(String s)
Uses system network libraries to resolve the given String to an IP addr, then determine whether this address is permitted or denied. Specified name may be a numerical-based String like "1.2.3.4", a constant known to the networking libraries, or a host name to be resolved by the systems name resolution system. If the given String can't be resolved to an IP addr, false is returned.

Parameters:
s - String
Returns:
boolean
See Also:
permitAccess(byte[])

permitAccess

public boolean permitAccess(byte[] addr)
Parameters:
addr - byte[]
Returns:
true if access for the candidate address should be permitted, false if access should be denied.

main

public static void main(String[] sa)
                 throws ServerAcl.AclFormatException,
                        IOException
Utility method that allows interactive testing of individual ACL records, as well as the net effect of the ACL record list. Run "java -cp path/to/hsqldb.jar org.hsqldb.server.ServerAcl --help" for Syntax help.

Parameters:
sa - String[]
Throws:
ServerAcl.AclFormatException - when badly formatted
IOException - when io error


Copyright © 2001 - 2017 HSQL Development Group.