Class DenyDatabaseWriteManager

java.lang.Object
org.kawanfw.sql.api.server.firewall.DenyDatabaseWriteManager
All Implemented Interfaces:
SqlFirewallManager

public class DenyDatabaseWriteManager
extends Object
implements SqlFirewallManager
Firewall manager that denies any update of the database for the passed user. The database is thus guaranteed to be accessed in read only from client side.
DenyDatabaseWriteManager should be used only in order to monitor users who try to force writes on database.
If you don't need to monitor users and detect hackers, it's better to set the property database.defaultReadOnly=true in the aceql-server.properties file: it will launch a Connection.setReadOnly(boolean) JDBC call at server startup that will write-protect efficiently the SQL database.
Since:
11.0
Author:
Nicolas de Pomereu
  • Constructor Details

    • DenyDatabaseWriteManager

      public DenyDatabaseWriteManager()
  • Method Details

    • allowSqlRunAfterAnalysis

      public boolean allowSqlRunAfterAnalysis​(SqlEvent sqlEvent, Connection connection) throws IOException, SQLException
      Description copied from interface: SqlFirewallManager
      Allows to analyze the SQL call event asked by the client side and thus allow or forbid the SQL execution on the server.
      If the analysis defined by the method returns false, the SQL statement won't be executed.
      Specified by:
      allowSqlRunAfterAnalysis in interface SqlFirewallManager
      Parameters:
      sqlEvent - the SQL event asked by the client side. Contains all info about the SQL call (client username, database name, IP Address of the client, and SQL statement details)
      connection - The current SQL/JDBC Connection
      Returns:
      false if the passed SQL statement tries to update the database, else true
      Throws:
      IOException - if an IOException occurs
      SQLException - if a SQLException occurs
    • allowStatementClass

      public boolean allowStatementClass​(String username, String database, Connection connection) throws IOException, SQLException
      Description copied from interface: SqlFirewallManager
      Allows to define if the passed username is allowed to create and use a Statement instance that is not a PreparedStatement.
      Specified by:
      allowStatementClass in interface SqlFirewallManager
      Parameters:
      username - the client username to check the rule for
      database - the database name as defined in the JDBC URL field
      connection - The current SQL/JDBC Connection
      Returns:
      true. (Client programs will be allowed to create raw Statement, i.e. call statements without parameters.)
      Throws:
      IOException - if an IOException occurs
      SQLException - if a SQLException occurs
    • allowMetadataQuery

      public boolean allowMetadataQuery​(String username, String database, Connection connection) throws IOException, SQLException
      Description copied from interface: SqlFirewallManager
      Says if the username is allowed call the Metadata Query API for the passed database.
      Specified by:
      allowMetadataQuery in interface SqlFirewallManager
      Parameters:
      username - the client username to check the rule for
      database - the database name as defined in the JDBC URL field
      connection - The current SQL/JDBC Connection
      Returns:
      true. (Client programs will be allowed to call the Metadata Query API).
      Throws:
      IOException - if an IOException occurs
      SQLException - if a SQLException occurs