Interface SqlFirewallManager
- All Known Implementing Classes:
CsvRulesManager
,CsvRulesManagerNoReload
,DefaultSqlFirewallManager
,DenyDclManager
,DenyDdlManager
,DenyExecuteUpdateManager
,DenyMetadataQueryManager
,DenyStatementClassManager
,DenyTclManager
public interface SqlFirewallManager
Interface that allows to define firewall rules for AceQL HTTP SQL calls.
Concrete implementations are defined in aceql-server.properties.
A concrete implementation should be developed on the server side in order to:
Concrete implementations are defined in aceql-server.properties.
A concrete implementation should be developed on the server side in order to:
- Define if a client user has the right to call a
Statement.execute
(i.e. call a raw execute). - Define if a client user has the right to call a
Statement.executeUpdate
(i.e. call a statement that updates the database). - Define if a client user has the right to call a raw
Statement
that is not aPreparedStatement
. - Define if a client user has the right to call a the AceQL Metadata API.
- Define a specific piece of Java code to analyze the source code of the SQL statement before allowing or not it's execution.
Multiple SqlFirewallManager
may be defined and chained.
Note that the framework comes with a default SqlFirewallManager
implementation that is *not* secured and should be extended:
DefaultSqlFirewallManager
.
Built in and ready to use classes that don't require any coding are included. The classes may be chained. See each Javadoc for more details:
CsvRulesManager
: manager that apply rules written in a CSV file.CsvRulesManagerNoReload
: same asCsvRulesManager
, but dynamic reload of rules is prohibited if the CSV file is updated.DenyDclManager
: manager that denies any DCL (Data Control Language) call.DenyDdlManager
: manager that denies any DDL (Data Definition Language) call.DenyTclManager
: manager that denies any TCL (Transaction Control Language) call.DenyExecuteUpdateManager
: manager that denies any update of the database.DenyMetadataQueryManager
: manager that denies the use of the AceQL Metadata Query API.DenyStatementClassManager
: manager that denies any call of the raw Statement Java class. (Calling Statements without parameters is forbidden).
Note that the helper class StatementAnalyzer
allows to do some simple
tests on the SQL statement string representation.
- Since:
- 4.1
- Author:
- Nicolas de Pomereu
-
Method Summary
Modifier and Type Method Description boolean
allowExecute(String username, String database, Connection connection)
Allows to define if the passed username is allowed to call a raw JDBCStatement.execute
.boolean
allowExecuteUpdate(String username, String database, Connection connection)
Allows to define if the passed username is allowed to call a statement that updates the database.boolean
allowMetadataQuery(String username, String database, Connection connection)
Says if the username is allowed call the Metadata Query API for the passed database.boolean
allowSqlRunAfterAnalysis(SqlEvent sqlEvent, Connection connection)
Allows to analyze the SQL call event asked by the client side and thus allow or forbid the SQL execution on the server.
If the analysis defined by the method returns false, the SQL statement won't be executed.boolean
allowStatementClass(String username, String database, Connection connection)
Allows to define if the passed username is allowed to create and use aStatement
instance that is not aPreparedStatement
.void
runIfStatementRefused(SqlEvent sqlEvent, Connection connection)
Allows to implement specific a Java rule immediately after a SQL statement described by a SqlEvent has been refused because one of theSqlFirewallManager.allowXxx
method returned false.
-
Method Details
-
allowMetadataQuery
boolean allowMetadataQuery(String username, String database, Connection connection) throws IOException, SQLExceptionSays if the username is allowed call the Metadata Query API for the passed database.- Parameters:
username
- the client username to check the rule fordatabase
- the database name as defined in the JDBC URL fieldconnection
- The current SQL/JDBCConnection
- Returns:
true
if the user has the right to call the Metadata Query API, elsefalse
- Throws:
IOException
- if an IOException occursSQLException
- if a SQLException occurs
-
allowStatementClass
boolean allowStatementClass(String username, String database, Connection connection) throws IOException, SQLExceptionAllows to define if the passed username is allowed to create and use aStatement
instance that is not aPreparedStatement
.- Parameters:
username
- the client username to check the rule fordatabase
- the database name as defined in the JDBC URL fieldconnection
- The current SQL/JDBCConnection
- Returns:
true
if the user has the right to call a rawexecute
- Throws:
IOException
- if an IOException occursSQLException
- if a SQLException occurs
-
allowSqlRunAfterAnalysis
boolean allowSqlRunAfterAnalysis(SqlEvent sqlEvent, Connection connection) throws IOException, SQLExceptionAllows to analyze the SQL call event asked by the client side and thus allow or forbid the SQL execution on the server.
If the analysis defined by the method returns false, the SQL statement won't be executed.- Parameters:
sqlEvent
- the SQL event asked by the client side. Contains all info about the SQL call (client username, database name, IP Address of the client, and SQL statement details)connection
- The current SQL/JDBCConnection
- Returns:
true
if the analyzed statement or prepared statement is validated and authorized to run, elsefalse
- Throws:
IOException
- if an IOException occursSQLException
- if a SQLException occurs
-
allowExecute
boolean allowExecute(String username, String database, Connection connection) throws IOException, SQLExceptionAllows to define if the passed username is allowed to call a raw JDBCStatement.execute
.- Parameters:
username
- the client username to check the rule fordatabase
- the database name as defined in the JDBC URL fieldconnection
- The current SQL/JDBCConnection
- Returns:
true
if the user has the right call a database update statement- Throws:
IOException
- if an IOException occursSQLException
- if a SQLException occurs
-
allowExecuteUpdate
boolean allowExecuteUpdate(String username, String database, Connection connection) throws IOException, SQLExceptionAllows to define if the passed username is allowed to call a statement that updates the database.- Parameters:
username
- the client username to check the rule fordatabase
- the database name as defined in the JDBC URL fieldconnection
- The current SQL/JDBCConnection
- Returns:
true
if the user has the right call a database update statement- Throws:
IOException
- if an IOException occursSQLException
- if a SQLException occurs
-
runIfStatementRefused
void runIfStatementRefused(SqlEvent sqlEvent, Connection connection) throws IOException, SQLExceptionAllows to implement specific a Java rule immediately after a SQL statement described by a SqlEvent has been refused because one of theSqlFirewallManager.allowXxx
method returned false.
Examples:- Delete the user from the username SQL table so that he never comes back.
- Log the IP address.
- Log the info.
- Send an alert message/email to a Security Officer.
- Etc.
- Parameters:
sqlEvent
- the SQL event asked by the client side. Contains all info about the SQL call (client username, database name, IP Address of the client, and SQL statement details).connection
- The current SQL/JDBCConnection
- Throws:
IOException
- if an IOException occursSQLException
- if a SQLException occurs
-