public final class AccessRuleList extends Object implements AccessRuleContainer
An access rule list descriptor, a character string, can be
converted to produce an AccessRuleList object. A valid descriptor
consists of a list of access rule descriptors (see class
AccessRule) and/or access rule file descriptors (see class
AccessRuleFile), separated by semi-colon characters (';').
Optionally, the rules can have any amount of whitespace (space-, tab-,
newline- and carriage return-characters), before and after them. The last
descriptor cannot end with a semi-colon.
An example of an access rule list descriptor is:
allow 194.134.168.213/32 *;
deny 194.134.168.213/24 _*;
allow 194.134.168.213/24 *;
file /var/conf/file1.acl;
deny 0.0.0.0/0 *The above access control list grants the IP address 194.134.168.213
access to all functions. Then in the second rule it denies
access to all IP addresses in the range 194.134.168.0 to 194.134.168.255 to
all functions that start with an underscore ('_'). Then it
allows access for those IP addresses to all other functions, then it
applies the rules in the /var/conf/file1.acl file and finally
all other IP addresses are denied access to any of the functions.
| Modifier and Type | Method and Description |
|---|---|
void |
dispose()
Disposes this access rule.
|
int |
getRuleCount()
Counts the number of rules in this list.
|
Boolean |
isAllowed(String ip,
String functionName,
String conventionName)
Determines if the specified IP address is allowed to access the
specified function, returning a
Boolean object or
null. |
static AccessRuleList |
parseAccessRuleList(String descriptor,
int interval)
Parses the specified character string to construct a new
AccessRuleList object, with the specified watch interval
for referenced files. |
String |
toString()
Returns a character string representation of this object.
|
public static final AccessRuleList parseAccessRuleList(String descriptor, int interval) throws IllegalArgumentException, ParseException
AccessRuleList object, with the specified watch interval
for referenced files.
If the specified interval is 0, then no watching will be
performed.
descriptor - the access rule list descriptor, the character string to parse,
cannot be null.interval - the interval used to check the ACL files for modification, in
seconds, must be >= 0.AccessRuleList instance, never null.IllegalArgumentException - if descriptor == null || interval < 0.ParseException - if there was a parsing error.public int getRuleCount()
public Boolean isAllowed(String ip, String functionName, String conventionName) throws IllegalStateException, IllegalArgumentException, ParseException
Boolean object or
null.
This method finds the first matching rule and then returns the
allow property of that rule (see
AccessRule.isAllowRule()). If there is no matching rule, then
null is returned.
isAllowed in interface AccessRuleContainerip - the IP address, cannot be null.functionName - the name of the function, cannot be null.conventionName - the name of the calling convention to match, can be null.Boolean.TRUE if the specified IP address is allowed to access
the specified function, Boolean.FALSE if it is disallowed
access or null if no match is found.IllegalStateException - if this object is disposed (since XINS 1.3.0).IllegalArgumentException - if ip == null || functionName == null.ParseException - if the specified IP address is malformed.public void dispose()
Once disposed, the isAllowed(java.lang.String, java.lang.String, java.lang.String) method should no longer be
called.
dispose in interface AccessRuleContainerpublic String toString()
type a.b.c.d/m pattern;type a.b.c.d/m patternwhere type is either
"allow" or
"deny", a.b.c.d is the base IP address, m
is the mask, and pattern is the function name simple pattern.See http://www.xins.org/.