Class DenyExceptOnWhitelistManager
java.lang.Object
org.kawanfw.sql.api.server.firewall.DefaultSqlFirewallManager
org.kawanfw.sql.api.server.firewall.DenyExceptOnWhitelistManager
- All Implemented Interfaces:
SqlFirewallManager
public class DenyExceptOnWhitelistManager extends DefaultSqlFirewallManager implements SqlFirewallManager
Firewall manager that only allows incoming SQL statements which are also
sequentially stored in a text file.
The name of the text file that will be used by a database is:
The file must be located in the same directory as the
Each line of the text file must contain one statement, without quotes (") or ending semicolon (;).
Note that all statements will be "normalized" using
<database>_deny_except_whitelist.txt, where
database is the name of the database declared in the
aceql.properties files.The file must be located in the same directory as the
aceql.properties file used when starting the AceQL server.Each line of the text file must contain one statement, without quotes (") or ending semicolon (;).
Note that all statements will be "normalized" using
StatementNormalizer before comparison between the statement in the
text file and the incoming one from client side.- Since:
- 11.0
- Author:
- Nicolas de Pomereu
-
Constructor Summary
Constructors Constructor Description DenyExceptOnWhitelistManager() -
Method Summary
Modifier and Type Method Description booleanallowSqlRunAfterAnalysis(SqlEvent sqlEvent, Connection connection)Allows the execution of the statement if it does *not* exist in the:<database>_deny_except_whitelist.txtfile.Methods inherited from class org.kawanfw.sql.api.server.firewall.DefaultSqlFirewallManager
allowExecute, allowMetadataQuery, allowStatementClassMethods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.kawanfw.sql.api.server.firewall.SqlFirewallManager
allowExecute, allowMetadataQuery, allowStatementClass
-
Constructor Details
-
DenyExceptOnWhitelistManager
public DenyExceptOnWhitelistManager()
-
-
Method Details
-
allowSqlRunAfterAnalysis
public boolean allowSqlRunAfterAnalysis(SqlEvent sqlEvent, Connection connection) throws IOException, SQLExceptionAllows the execution of the statement if it does *not* exist in the:<database>_deny_except_whitelist.txtfile.
Thedatabaseprefix is the value ofSqlEvent.getDatabase().- Specified by:
allowSqlRunAfterAnalysisin interfaceSqlFirewallManager- Overrides:
allowSqlRunAfterAnalysisin classDefaultSqlFirewallManager- Parameters:
sqlEvent- the SQL event asked by the client side. Contains all info about the SQL call (client username, database name, IP Address of the client, and SQL statement details)connection- The current SQL/JDBCConnection- Returns:
true. No analysis is done so all SQL statements are authorized.- Throws:
IOException- if an IOException occursSQLException- if a SQLException occurs
-