Module org.hsqldb

Class ServerAcl

java.lang.Object
org.hsqldb.server.ServerAcl

public final class ServerAcl extends Object
A list of ACL permit and deny entries with a permitAccess method which tells whether candidate addresses are permitted or denied by this ACL list.

The ACL file is reloaded whenever a modification to it is detected. If you copy in a file with an older file date, you will need to touch it.

The public runtime method is permitAccess(). The public setup method is the constructor.

Each non-comment line in the ACL file must be a rule of the format:


     {allow|deny} <ip_address>[/significant-bits]
 
For example

     allow ahostname
     deny ahost.domain.com
     allow 127.0.0.1
     allow 2001:db8::/32
 

In order to detect bit specification mistakes, we require that non-significant bits be zero in the values. An undesirable consequence of this is, you can't use a specification like the following to mean "all of the hosts on the same network as x.admc.com":


     allow x.admc.com/24
 
Since:
2.0.0
Author:
Blaine Simpson (blaine dot simpson at admc dot com)
See Also:
  • Constructor Details

  • Method Details

    • dottedNotation

      public static String dottedNotation(byte[] uba)
      Parameters:
      uba - Unsigned byte array
      Returns:
      String
    • colonNotation

      public static String colonNotation(byte[] uba)
      Parameters:
      uba - Unsigned byte array
      Returns:
      String
    • setPrintWriter

      public void setPrintWriter(PrintWriter pw)
    • toString

      public String toString()
      Overrides:
      toString in class Object
    • permitAccess

      public boolean permitAccess(String s)
      Uses system network libraries to resolve the given String to an IP addr, then determine whether this address is permitted or denied. Specified name may be a numerical-based String like "1.2.3.4", a constant known to the networking libraries, or a host name to be resolved by the systems name resolution system. If the given String can't be resolved to an IP addr, false is returned.
      Parameters:
      s - String
      Returns:
      boolean
      See Also:
    • permitAccess

      public boolean permitAccess(byte[] addr)
      Parameters:
      addr - byte[]
      Returns:
      true if access for the candidate address should be permitted, false if access should be denied.
    • main

      public static void main(String[] sa) throws ServerAcl.AclFormatException, IOException
      Utility method that allows interactive testing of individual ACL records, as well as the net effect of the ACL record list. Run "java -cp path/to/hsqldb.jar org.hsqldb.server.ServerAcl --help" for Syntax help.
      Parameters:
      sa - String[]
      Throws:
      ServerAcl.AclFormatException - when badly formatted
      IOException - when io error