Class DenySqlInjectionManagerAsync

All Implemented Interfaces:

public class DenySqlInjectionManagerAsync
extends DefaultSqlFirewallManager
implements SqlFirewallManager
A firewall manager that allows detecting SQL asynchronously injection attacks, using the third-party Cloudmersive API:
Usage requires getting a Cloudmersive API key through a free or paying account creation at

The Cloudmersive parameters (API key, detection level, ...) are stored in the file that is loaded at the AceQL server startup.
The file must be located in the same directory as the file used when starting the AceQL server.

The SQL injection detection is asynchronous: this means that allowSqlRunAfterAnalysis will always immediately return true and that the result of the analysis will trigger later all SqlFirewallTrigger defined in the file.

Note that because of the asynchronous behavior, a new Connection will be extracted from the pool in order to process the SqlFirewallTrigger.runIfStatementRefused(SqlEvent, SqlFirewallManager, Connection) methods.
The Connection will be cleanly released after all calls.
Nicolas de Pomereu
See Also:
  • Constructor Details

    • DenySqlInjectionManagerAsync

      public DenySqlInjectionManagerAsync()
  • Method Details

    • allowSqlRunAfterAnalysis

      public boolean allowSqlRunAfterAnalysis​(SqlEvent sqlEvent, Connection connection) throws IOException, SQLException
      Allows detecting in background / asynchronously if Cloudmersive SQL injection detector accepts the SQL statement. (The allowSqlRunAfterAnalysis call thus always returns immediately true).
      Specified by:
      allowSqlRunAfterAnalysis in interface SqlFirewallManager
      allowSqlRunAfterAnalysis in class DefaultSqlFirewallManager
      sqlEvent - the SQL event asked by the client side. Contains all info about the SQL call (client username, database name, IP Address of the client, and SQL statement details)
      connection - The current SQL/JDBC Connection
      true. No analysis is done so all SQL statements are authorized.
      IOException - if an IOException occurs
      SQLException - if a SQLException occurs