WebLogic Server 6.0 Code Examples, BEA Systems, Inc.

examples.security.net
Class SimpleConnectionFilter

java.lang.Object
  |
  +--examples.security.net.SimpleConnectionFilter
All Implemented Interfaces:
weblogic.security.net.ConnectionFilter, java.util.EventListener

public class SimpleConnectionFilter
extends java.lang.Object
implements weblogic.security.net.ConnectionFilter

Simple rules-based connection filter example. This example reads in a set of rules from a file and bases its filtering decisions on these rules.

Syntax of the rule file is as follows: each rule is written on a single line. Tokens in a rule are separated by white space. "#" is the comment character; everything after it on a line is ignored. Whitespace before or after a rule is ignored. Lines consisting solely of whitespace or comments are skipped.

All rules follow this form:

target	action	protocols
where target is a specification of one or more hosts to filter, action is the action to perform (and must be either allow or deny), and protocols is the list of protocol names to match (must be one of http, https, t3, t3s, giop, or giops; if no protocols are listed, all protocols will match a rule).

This example recognizes two kinds of rule:

When a client connects, these rules are evaluated in the order in which they were written, and the first rule to match determines how the connection is treated. If no rules match, the connection is permitted.

If you want to "lock down" your server and only allow connections from certain addresses, you can specify 0.0.0.0/0 deny as your last rule.

Note: This example does not take full advantage of the information provided by the connection filter. Further expansion is left as an exercise for the reader. It assumes IPv4 addresses, but it should be easy to convert it to use IPv6 addresses, if necessary.

Author:
Copyright (c) 1999-2000 by BEA Systems, Inc. All Rights Reserved.

Field Summary
static java.lang.String FILTER_FILE
          The name of the filter rule file.
 
Constructor Summary
SimpleConnectionFilter()
          Constructs a new connection filter.
SimpleConnectionFilter(java.io.InputStream is)
          Constructs a new connection filter.
 
Method Summary
 void accept(weblogic.security.net.ConnectionEvent evt)
          Filters a client connection event.
(package private) static int addressToInt(java.net.InetAddress addr)
          Turns an address object into a single IPv4 address.
static void main(java.lang.String[] args)
          Simple test harness.
protected static boolean parseAction(java.lang.String whatever)
          Parses an action and returns its meaning.
protected static int[] parseAddresses(java.lang.String str)
          Given a string, returns an array of IPv4 addresses corresponding to that string as a host.
protected  void parseLine(java.lang.String line, java.util.Vector entries)
          Parses an individual line of the rule file.
protected static int parseNetmask(java.lang.String maskStr)
          Returns an IPv4 netmask, as derived from a spec string.
protected static int parseProtocols(java.util.StringTokenizer toks)
          Parses a list of protocols and returns a bitmask that will let us match a protocol quickly at connect time.
 
Methods inherited from class java.lang.Object
, clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

FILTER_FILE

public static final java.lang.String FILTER_FILE
The name of the filter rule file.
Constructor Detail

SimpleConnectionFilter

public SimpleConnectionFilter()
                       throws java.io.IOException
Constructs a new connection filter. This constructor attempts to find the rule file in either the current directory or as a resource in the server's CLASSPATH.
Throws:
java.io.IOException - a problem occurred while reading the rule file
See Also:
FILTER_FILE

SimpleConnectionFilter

public SimpleConnectionFilter(java.io.InputStream is)
                       throws java.io.IOException
Constructs a new connection filter. Rules are read from the given stream.
Parameters:
is - stream to read from
Throws:
java.io.IOException - a problem occurred while reading the rule file
Method Detail

accept

public void accept(weblogic.security.net.ConnectionEvent evt)
            throws weblogic.security.net.FilterException
Filters a client connection event. If the connection should be allowed, this method returns normally.
Specified by:
accept in interface weblogic.security.net.ConnectionFilter
Parameters:
evt - the connection event
Throws:
weblogic.security.net.FilterException - the connection should be rejected by the server

addressToInt

static final int addressToInt(java.net.InetAddress addr)
Turns an address object into a single IPv4 address.

main

public static void main(java.lang.String[] args)
                 throws java.lang.Exception
Simple test harness. You can use this to write rules by hand, and then check them.

parseAction

protected static final boolean parseAction(java.lang.String whatever)
                                    throws java.io.IOException
Parses an action and returns its meaning. True to allow, false to deny.
Parameters:
whatever - the action string

parseAddresses

protected static final int[] parseAddresses(java.lang.String str)
                                     throws java.io.IOException
Given a string, returns an array of IPv4 addresses corresponding to that string as a host.
Parameters:
str - hostname or IPv4 address in string form

parseLine

protected void parseLine(java.lang.String line,
                         java.util.Vector entries)
                  throws java.io.IOException,
                         java.lang.IllegalArgumentException
Parses an individual line of the rule file. Any resulting rules are added to the given entries vector.
Parameters:
line - the line to parse (guaranteed not to contain comments, surrounding whitespace, or be empty)
entries - the running list of rules

parseNetmask

protected static final int parseNetmask(java.lang.String maskStr)
                                 throws java.io.IOException
Returns an IPv4 netmask, as derived from a spec string. The string can either be a number, for a mask length, or a dotted-quad mask.
Parameters:
maskStr - mask spec string

parseProtocols

protected static final int parseProtocols(java.util.StringTokenizer toks)
                                   throws weblogic.security.net.FilterException
Parses a list of protocols and returns a bitmask that will let us match a protocol quickly at connect time.

Documentation is available at
http://e-docs.bea.com/wls/docs60

Copyright © 2000 BEA Systems, Inc. All Rights Reserved.