smarthostauthorizer.java

来自「sea是一个基于seda模式的实现。这个设计模式将系统分为很多stage。每个s」· Java 代码 · 共 91 行

/*
 * Copyright (c) 2003, The Regents of the University of California, through
 * Lawrence Berkeley National Laboratory (subject to receipt of any required
 * approvals from the U.S. Dept. of Energy). All rights reserved.
 */
package gov.lbl.dsd.sea.nio.auth;

import java.net.InetAddress;

/**
 * Allow/deny rule-based mechanism to configure and query whether or not a given
 * host is allowed to perform a certain action.
 * <p>
 * Via {@link SmartHostAuthorizationRules} supports allow and deny rules based
 * on exact or patterned DNS host names, exact or patterned IP addresses, as
 * well as regular expressions on "hostName/IPaddress" pairs.
 * 
 * @author whoschek@lbl.gov
 * @author $Author: hoschek3 $
 * @version $Revision: 1.5 $, $Date: 2004/06/29 00:47:03 $
 */
public class SmartHostAuthorizer implements HostAuthorizer, java.io.Serializable {

	private boolean allowBeforeDeny;           // allow-deny or deny-allow order
	private HostAuthorizationRules allowRules; // the rules used for allow checks
	private HostAuthorizationRules denyRules;  // the rules used for deny checks
	
	private static final org.apache.commons.logging.Log log = org.apache.commons.logging.LogFactory.getLog(SmartHostAuthorizer.class);

	/**
	 * Creates an authorizer with the given parameters.
	 * 
	 * @param allowBeforeDeny apply allow rules before deny rules, or deny rules before allow rules?
	 * @param allowRules the rules used for allow checks
	 * @param denyRules the rules used for deny checks
	 */
	public SmartHostAuthorizer(boolean allowBeforeDeny, HostAuthorizationRules allowRules, HostAuthorizationRules denyRules) {
		if (allowRules == null || denyRules == null) throw new IllegalArgumentException("rule must not be null");

		this.allowBeforeDeny = allowBeforeDeny;
		this.allowRules = allowRules;
		this.denyRules = denyRules;
	}
	
	/**
	 * Creates a denying authorizer (isAllowed(x) returns false).
	 */
	public SmartHostAuthorizer() {
		this(true,  new SmartHostAuthorizationRules(),  new SmartHostAuthorizationRules());
	}
	
	/** 
	 * Returns the rules used for allow checks.
	 */
	public HostAuthorizationRules getAllowRules() {
		return this.allowRules;
	}
	
	/** 
	 * Returns the rules used for deny checks.
	 */
	public HostAuthorizationRules getDenyRules() {
		return this.denyRules;
	}
	
	/**
	 * Returns whether or not the given host (aka InetAddress) is allowed to
	 * perform a certain action, depending on the current allow/deny rules.
	 * 
	 * @param address
	 *            the host attempting to be authorized
	 */
	public boolean isAllowed(InetAddress address) {
		if (address == null) throw new IllegalArgumentException("address must not be null");
		
		if (allowBeforeDeny) {
			return this.getAllowRules().isMatch(address) && 
				(! this.getDenyRules().isMatch(address));
		}
		else {
			return (! this.getDenyRules().isMatch(address)) ||
				this.getAllowRules().isMatch(address);
		}
	}
	
	public String toString() {
		return this.getClass().getName() + "[" + "allowRules="+getAllowRules() + ", denyRules="+getDenyRules() + "]";
	}
	
}