Package org.kawanfw.sql.api.server.firewall.trigger

Class BanUserSqlFirewallTrigger

java.lang.Object

org.kawanfw.sql.api.server.firewall.trigger.BanUserSqlFirewallTrigger

All Implemented Interfaces:

SqlFirewallTrigger

public class BanUserSqlFirewallTrigger
extends Object
implements SqlFirewallTrigger

A trigger that will insert into the following table the info detected by the SqlFirewallManager which fired the trigger:

 
    create table aceql_banned_user
    (               
      username                  varchar(254)    not null,    
      ip_address                varchar(254)    not null, 
      sql_database              varchar(254)    not null,       
      sql_firewall_manager      varchar(254)    not null,
      sql_statement             varchar(4000)           ,
      is_metadata               integer                 , 
      dt_creation               timestamp       not null                
    );
    create index idx_address_username on aceql_banned_user(username);
 
 

Users inserted in the SQL table will not be allowed - by the AceQL Server - to further access to the SQL database after the ban action.
Any new access attempt of a banned user will be blocked by returning the ambiguous error message "Access Forbidden for Username".

Activation of this trigger requires to define the BanUserSqlFirewallTrigger as a value in the database.sqlFirewallTriggerClassNames property of the aceql-server.properties file.

Example:
my_database.sqlFirewallTriggerClassNames=com.mycompany.MySqlFirewallTrigger1, com.mycomapny.MySqlFirewallTrigger2

Since:

11.0

Author:

Nicolas de Pomereu

Constructor Summary

Constructors

Constructor	Description
BanUserSqlFirewallTrigger()

Method Summary

Modifier and Type	Method	Description
void	runIfStatementRefused(SqlEvent sqlEvent, SqlFirewallManager sqlFirewallManager, Connection connection)	Inserts the SqlEvent info into the aceql_banned_user SQL table.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

BanUserSqlFirewallTrigger

public BanUserSqlFirewallTrigger()

Method Details

runIfStatementRefused

public void runIfStatementRefused(SqlEvent sqlEvent,
SqlFirewallManager sqlFirewallManager,
Connection connection)
                           throws IOException,
SQLException

Inserts the SqlEvent info into the aceql_banned_user SQL table.

Specified by:

runIfStatementRefused in interface SqlFirewallTrigger

Parameters:

sqlEvent - the SQL event asked by the client side. Contains all info about the SQL call (client username, database name, IP Address of the client, and SQL statement details).

sqlFirewallManager - the instance that triggers this call.

connection - The current SQL/JDBC Connection

Throws:

IOException - if an IOException occurs

SQLException - if a SQLException occurs