Class DefaultSqlFirewallManager

java.lang.Object
org.kawanfw.sql.api.server.firewall.DefaultSqlFirewallManager
All Implemented Interfaces:
SqlFirewallManager
Direct Known Subclasses:
CsvRulesManager, DenyDclManager, DenyDdlManager, DenyExecuteUpdateManager, DenyMetadataQueryManager, DenyStatementClassManager, DenyTclManager

public class DefaultSqlFirewallManager
extends Object
implements SqlFirewallManager
Default firewall manager for all SQL databases.

WARNING: This default implementation will allow to start immediate remote SQL calls but is *not* at all secured.
It is highly recommended to override this class with a secured implementation for all methods.
Since:
4.0
Author:
Nicolas de Pomereu
  • Constructor Details

    • DefaultSqlFirewallManager

      public DefaultSqlFirewallManager()
  • Method Details

    • allowStatementClass

      public boolean allowStatementClass​(String username, String database, Connection connection) throws IOException, SQLException
      Description copied from interface: SqlFirewallManager
      Allows to define if the passed username is allowed to create and use a Statement instance that is not a PreparedStatement
      Specified by:
      allowStatementClass in interface SqlFirewallManager
      Parameters:
      username - the client username to check the rule for.
      database - the database name as defined in the JDBC URL field
      connection - The current SQL/JDBC Connection
      Returns:
      true. (Client programs will be allowed to create raw Statement, i.e. call statements without parameters.)
      Throws:
      IOException - if an IOException occurs
      SQLException - if a SQLException occurs
    • allowSqlRunAfterAnalysis

      public boolean allowSqlRunAfterAnalysis​(String username, String database, Connection connection, String ipAddress, String sql, boolean isPreparedStatement, List<Object> parameterValues) throws IOException, SQLException
      Description copied from interface: SqlFirewallManager
      Allows, for the passed client username and its IP address, to know if statement is a prepared statement an to analyze the string representation of the SQL statement that is received on the server.
      If the analysis defined by the method returns false, the SQL statement won't be executed.
      Specified by:
      allowSqlRunAfterAnalysis in interface SqlFirewallManager
      Parameters:
      username - the client username to check the rule for.
      database - the database name as defined in the JDBC URL field
      connection - The current SQL/JDBC Connection
      ipAddress - the IP address of the client user
      sql - the SQL statement
      isPreparedStatement - Says if the statement is a prepared statement
      parameterValues - the parameter values of a prepared statement in the natural order, empty list for a (non prepared) statement
      Returns:
      true. No analysis is done so all SQL statements are authorized.
      Throws:
      IOException - if an IOException occurs
      SQLException - if a SQLException occurs
    • allowExecute

      public boolean allowExecute​(String username, String database, Connection connection) throws IOException, SQLException
      Description copied from interface: SqlFirewallManager
      Allows to define if the passed username is allowed to call a raw JDBC Statement.execute.
      Specified by:
      allowExecute in interface SqlFirewallManager
      Parameters:
      username - the client username to check the rule for.
      database - the database name as defined in the JDBC URL field
      connection - The current SQL/JDBC Connection
      Returns:
      true. (Client programs will be allowed to call a JDBC raw Statement.execute.)
      Throws:
      IOException - if an IOException occurs
      SQLException - if a SQLException occurs
    • allowExecuteUpdate

      public boolean allowExecuteUpdate​(String username, String database, Connection connection) throws IOException, SQLException
      Description copied from interface: SqlFirewallManager
      Allows to define if the passed username is allowed to call a statement that updates the database.
      Specified by:
      allowExecuteUpdate in interface SqlFirewallManager
      Parameters:
      username - the client username to check the rule for.
      database - the database name as defined in the JDBC URL field
      connection - The current SQL/JDBC Connection
      Returns:
      true. (Client programs will be allowed to call a database update statement.)
      Throws:
      IOException - if an IOException occurs
      SQLException - if a SQLException occurs
    • allowMetadataQuery

      public boolean allowMetadataQuery​(String username, String database, Connection connection) throws IOException, SQLException
      Description copied from interface: SqlFirewallManager
      Says if the username is allowed call the Metadata Query API for the passed database.
      Specified by:
      allowMetadataQuery in interface SqlFirewallManager
      Parameters:
      username - the client username to check the rule for.
      database - the database name as defined in the JDBC URL field
      connection - The current SQL/JDBC Connection
      Returns:
      true. (Client programs will be allowed to call the Metadata Query API).
      Throws:
      IOException - if an IOException occurs
      SQLException - if a SQLException occurs
    • runIfStatementRefused

      public void runIfStatementRefused​(String username, String database, Connection connection, String ipAddress, boolean isMetadataQuery, String sql, List<Object> parameterValues) throws IOException, SQLException
      Logs the info using DefaultDatabaseConfigurator.getLogger() Logger.
      Specified by:
      runIfStatementRefused in interface SqlFirewallManager
      Parameters:
      username - the discarded client username
      database - the database name as defined in the JDBC URL field
      connection - The current SQL/JDBC Connection
      ipAddress - the IP address of the client user
      isMetadataQuery - Says if the client request was an AceQL specific Metadata Query API
      sql - the SQL statement
      parameterValues - the parameter values of a prepared statement in the natural order, empty list for a (non prepared) statement
      Throws:
      IOException - if an IOException occurs
      SQLException - if a SQLException occurs