Class BanUserSqlFirewallTrigger

java.lang.Object
org.kawanfw.sql.api.server.firewall.trigger.BanUserSqlFirewallTrigger
All Implemented Interfaces:
SqlFirewallTrigger

public class BanUserSqlFirewallTrigger
extends Object
implements SqlFirewallTrigger
A trigger that will insert into the following table the info detected by the SqlFirewallManager which fired the trigger:
 
    create table aceql_banned_user
    (               
      username                  varchar(254)    not null,    
      ip_address                varchar(254)    not null, 
      sql_database              varchar(254)    not null,       
      sql_firewall_manager      varchar(254)    not null,
      sql_statement             varchar(4000)           ,
      is_metadata               integer                 , 
      dt_creation               timestamp       not null                
    );
    create index idx_address_username on aceql_banned_user(username);
 
 
Users inserted in the SQL table will not be allowed - by the AceQL Server - to further access to the SQL database after the ban action.
Any new access attempt of a banned user will be blocked by returning the ambiguous error message "Access Forbidden for Username".

Activation of this trigger requires to define the BanUserSqlFirewallTrigger as a value in the database.sqlFirewallTriggerClassNames property of the aceql-server.properties file.

Example:
my_database.sqlFirewallTriggerClassNames=com.mycompany.MySqlFirewallTrigger1, com.mycomapny.MySqlFirewallTrigger2

Since:
11.0
Author:
Nicolas de Pomereu
  • Constructor Details

    • BanUserSqlFirewallTrigger

      public BanUserSqlFirewallTrigger()
  • Method Details

    • runIfStatementRefused

      public void runIfStatementRefused​(SqlEvent sqlEvent, SqlFirewallManager sqlFirewallManager, Connection connection) throws IOException, SQLException
      Inserts the SqlEvent info into the aceql_banned_user SQL table.
      Specified by:
      runIfStatementRefused in interface SqlFirewallTrigger
      Parameters:
      sqlEvent - the SQL event asked by the client side. Contains all info about the SQL call (client username, database name, IP Address of the client, and SQL statement details).
      sqlFirewallManager - the instance that triggers this call.
      connection - The current SQL/JDBC Connection
      Throws:
      IOException - if an IOException occurs
      SQLException - if a SQLException occurs