org.kawanfw.sql.api.server.firewall.DefaultSqlFirewallManager

All Implemented Interfaces:: SqlFirewallManager

Direct Known Subclasses:: CsvRulesManager, DenyDatabaseWriteManager, DenyDclManager, DenyDdlManager, DenyExceptOnWhitelistManager, DenyMetadataQueryManager, DenyOnBlacklistManager, DenySqlInjectionManager, DenySqlInjectionManagerAsync, DenyStatementClassManager

public class DefaultSqlFirewallManager
extends Object
implements SqlFirewallManager

Default firewall manager for all SQL databases.

WARNING: This default implementation will allow to start immediate remote SQL calls but is *not* at all secured.
It is highly recommended to override this class with a secured implementation for all methods.

Since:: 4.0
Author:: Nicolas de Pomereu

Constructor Summary

Constructors

Constructor Description

DefaultSqlFirewallManager()

Method Summary

Modifier and Type	Method	Description
`boolean`	`allowExecute(String username, String database, Connection connection)`	Allows to define if the passed username is allowed to call a raw JDBC `Statement.execute`.
`boolean`	`allowMetadataQuery(String username, String database, Connection connection)`	Says if the username is allowed call the Metadata Query API for the passed database.
`boolean`	`allowSqlRunAfterAnalysis(SqlEvent sqlEvent, Connection connection)`	Allows to analyze the SQL call event asked by the client side and thus allow or forbid the SQL execution on the server. If the analysis defined by the method returns false, the SQL statement won't be executed.
`boolean`	`allowStatementClass(String username, String database, Connection connection)`	Allows to define if the passed username is allowed to create and use a `Statement` instance that is not a `PreparedStatement`.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- DefaultSqlFirewallManager
  
  public DefaultSqlFirewallManager()
Method Details
- allowStatementClass
  
  public boolean allowStatementClass(String username, String database, Connection connection) throws IOException, SQLException
  
  Description copied from interface: SqlFirewallManager
  
  Allows to define if the passed username is allowed to create and use a Statement instance that is not a PreparedStatement.
  
  Specified by:
  
  allowStatementClass in interface SqlFirewallManager
  
  Parameters:
  
  username - the client username to check the rule for
  
  database - the database name as defined in the JDBC URL field
  
  connection - The current SQL/JDBC Connection
  
  Returns:
  
  true. (Client programs will be allowed to create raw Statement, i.e. call statements without parameters.)
  
  Throws:
  
  IOException - if an IOException occurs
  
  SQLException - if a SQLException occurs
- allowSqlRunAfterAnalysis
  
  public boolean allowSqlRunAfterAnalysis(SqlEvent sqlEvent, Connection connection) throws IOException, SQLException
  
  Description copied from interface: SqlFirewallManager
  
  Allows to analyze the SQL call event asked by the client side and thus allow or forbid the SQL execution on the server.
  If the analysis defined by the method returns false, the SQL statement won't be executed.
  
  Specified by:
  
  allowSqlRunAfterAnalysis in interface SqlFirewallManager
  
  Parameters:
  
  sqlEvent - the SQL event asked by the client side. Contains all info about the SQL call (client username, database name, IP Address of the client, and SQL statement details)
  
  connection - The current SQL/JDBC Connection
  
  Returns:
  
  true. No analysis is done so all SQL statements are authorized.
  
  Throws:
  
  IOException - if an IOException occurs
  
  SQLException - if a SQLException occurs
- allowExecute
  
  public boolean allowExecute(String username, String database, Connection connection) throws IOException, SQLException
  
  Description copied from interface: SqlFirewallManager
  
  Allows to define if the passed username is allowed to call a raw JDBC Statement.execute.
  
  Specified by:
  
  allowExecute in interface SqlFirewallManager
  
  Parameters:
  
  username - the client username to check the rule for
  
  database - the database name as defined in the JDBC URL field
  
  connection - The current SQL/JDBC Connection
  
  Returns:
  
  true. (Client programs will be allowed to call a JDBC raw Statement.execute.)
  
  Throws:
  
  IOException - if an IOException occurs
  
  SQLException - if a SQLException occurs
- allowMetadataQuery
  
  public boolean allowMetadataQuery(String username, String database, Connection connection) throws IOException, SQLException
  
  Description copied from interface: SqlFirewallManager
  
  Says if the username is allowed call the Metadata Query API for the passed database.
  
  Specified by:
  
  allowMetadataQuery in interface SqlFirewallManager
  
  Parameters:
  
  username - the client username to check the rule for
  
  database - the database name as defined in the JDBC URL field
  
  connection - The current SQL/JDBC Connection
  
  Returns:
  
  true. (Client programs will be allowed to call the Metadata Query API).
  
  Throws:
  
  IOException - if an IOException occurs
  
  SQLException - if a SQLException occurs

Class DefaultSqlFirewallManager

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

DefaultSqlFirewallManager

Method Details

allowStatementClass

allowSqlRunAfterAnalysis

allowExecute

allowMetadataQuery