java.lang.Object
org.hsqldb.server.ServerAcl
A list of ACL permit and deny entries with a permitAccess method
which tells whether candidate addresses are permitted or denied
by this ACL list.
The ACL file is reloaded whenever a modification to it is detected. If you copy in a file with an older file date, you will need to touch it.
The public runtime method is permitAccess(). The public setup method is the constructor.
Each non-comment line in the ACL file must be a rule of the format:
{allow|deny} <ip_address>[/significant-bits]
For example
allow ahostname
deny ahost.domain.com
allow 127.0.0.1
allow 2001:db8::/32
In order to detect bit specification mistakes, we require that non-significant bits be zero in the values. An undesirable consequence of this is, you can't use a specification like the following to mean "all of the hosts on the same network as x.admc.com":
allow x.admc.com/24
- Since:
- 2.0.0
- Author:
- Blaine Simpson (blaine dot simpson at admc dot com)
- See Also:
-
Nested Class Summary
Nested Classes -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic String
colonNotation
(byte[] uba) static String
dottedNotation
(byte[] uba) static void
Utility method that allows interactive testing of individual ACL records, as well as the net effect of the ACL record list.boolean
permitAccess
(byte[] addr) boolean
Uses system network libraries to resolve the given String to an IP addr, then determine whether this address is permitted or denied.void
toString()
-
Constructor Details
-
ServerAcl
-
-
Method Details
-
dottedNotation
- Parameters:
uba
- Unsigned byte array- Returns:
- String
-
colonNotation
- Parameters:
uba
- Unsigned byte array- Returns:
- String
-
setPrintWriter
-
toString
-
permitAccess
Uses system network libraries to resolve the given String to an IP addr, then determine whether this address is permitted or denied. Specified name may be a numerical-based String like "1.2.3.4", a constant known to the networking libraries, or a host name to be resolved by the systems name resolution system. If the given String can't be resolved to an IP addr, false is returned.- Parameters:
s
- String- Returns:
- boolean
- See Also:
-
permitAccess
public boolean permitAccess(byte[] addr) - Parameters:
addr
- byte[]- Returns:
- true if access for the candidate address should be permitted, false if access should be denied.
-
main
Utility method that allows interactive testing of individual ACL records, as well as the net effect of the ACL record list. Run "java -cp path/to/hsqldb.jar org.hsqldb.server.ServerAcl --help" for Syntax help.- Parameters:
sa
- String[]- Throws:
ServerAcl.AclFormatException
- when badly formattedIOException
- when io error
-