Package org.kawanfw.sql.api.server.firewall.trigger

Interface SqlFirewallTrigger

All Known Implementing Classes:
BanUserSqlFirewallTrigger, BeeperSqlFirewallTrigger, DefaultSqlFirewallTrigger, JdbcLoggerSqlFirewallTrigger, JsonLoggerSqlFirewallTrigger
public interface SqlFirewallTrigger
Interface that allows to define a trigger if for the specified SqlFirewallManager the allowSqlRunAfterAnalysis() method call returns false.

Concrete implementations are defined in the aceql-server.properties file.

Multiple SqlFirewallTrigger may be defined and chained in property value by separating class names by a comma.
When SqlFirewallTrigger classes are chained, all of them are successively executed in the declared order.

Note that the framework comes with a default SqlFirewallTrigger implementation that does nothing.

Built in and ready to use classes that don't require any coding are included. The classes may be chained. See each Javadoc for more details:

  • BanUserSqlFirewallTrigger: a trigger that inserts the username and other info into a SQL table. The SQL table is scanned/controlled at each request, so the banned user cannot access any more the AceQL server.
  • BeeperSqlFirewallTrigger: a trigger that simply beeps on the terminal if an attack is detected by a SqlFirewallManager.
  • JdbcLoggerSqlFirewallTrigger: a trigger that logs into a SQL table all info about the denied SQL request.
  • JsonLoggerSqlFirewallTrigger: a trigger that logs in JSON format all info about the denied SQL request.

Since:
11.0
Author:
Nicolas de Pomereu

  • Method Summary

    Modifier and Type Method Description
    void runIfStatementRefused​(SqlEvent sqlEvent, SqlFirewallManager sqlFirewallManager, Connection connection)
    Allows to implement specific a Java rule immediately after a SQL statement described by a SqlEvent has been refused because one of the SqlFirewallManager.allowXxx method returned false.

  • Method Details

    • runIfStatementRefused

      void runIfStatementRefused​(SqlEvent sqlEvent, SqlFirewallManager sqlFirewallManager, Connection connection) throws IOException, SQLException
      Allows to implement specific a Java rule immediately after a SQL statement described by a SqlEvent has been refused because one of the SqlFirewallManager.allowXxx method returned false.

      Examples:
      • Delete the user from the username SQL table so that he never comes back.
      • Log the IP address.
      • Log the info.
      • Send an alert message/email to a Security Officer.
      • Etc.

      Parameters:
      sqlEvent - the SQL event asked by the client side. Contains all info about the SQL call (client username, database name, IP Address of the client, and SQL statement details).
      sqlFirewallManager - the instance that triggers this call.
      connection - The current SQL/JDBC Connection
      Throws:
      IOException - if an IOException occurs
      SQLException - if a SQLException occurs