AccessManager.java

//========================================================================
// Original Authors : Van den Broeke Iris, Deville Daniel, Dubois Roger, Greg Wilkins
// Revision Author : Ryan Chute
// Copyright (c) 2001 Deville Daniel. All rights reserved.
// Permission to use, copy, modify and distribute this software
// for non-commercial or commercial purposes and without fee is
// hereby granted provided that this copyright notice appears in
// all copies.
//========================================================================

package gov.lanl.util;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.StringTokenizer;

import org.apache.log4j.Logger;

/**
 * Handler to filter remote content by Apache .htaccess format
 * 
 * @author Ryan Chute
 * 
 * Parts of code from HTAccessHandler in Jetty 6:
 * http://www.mortbay.org/jetty/jetty-6/xref/org/mortbay/jetty/security/
 * HTAccessHandler.html
 */
public class AccessManager {
	static Logger logger = Logger.getLogger(AccessManager.class);
	private ArrayList<String> _allowList = new ArrayList<String>();
	private ArrayList<String> _denyList = new ArrayList<String>();
	int _order;
	
	public AccessManager(String resource) {
		this(new File(resource));
	}
	
	public AccessManager(File resource) {
		BufferedReader htin = null;
		try {
			htin = new BufferedReader(new InputStreamReader(
					new FileInputStream(resource)));
			parse(htin);
		} catch (IOException e) {
			logger.warn(e, e);
		}
	}
	
	public boolean checkAccess(String host) {
		// Figure out if it's a host or ip
		boolean isIP = false;
		char a = host.charAt(0);
		if (a >= '0' && a <= '9')
			isIP = true;
		
		String elm;
		boolean alp = false;
		boolean dep = false;

		// if no allows and no deny defined, then return true
		if (_allowList.size() == 0 && _denyList.size() == 0)
			return (true);

		// looping for allows
		for (int i = 0; i < _allowList.size(); i++) {
			elm = _allowList.get(i);
			if (elm.equals("all")) {
				alp = true;
				break;
			} else {
				char c = elm.charAt(0);
				if (c >= '0' && c <= '9') {
					// ip
					if (isIP && host.startsWith(elm)) {
						alp = true;
						break;
					}
				} else {
					// hostname
					if (!isIP && host.endsWith(elm)) {
						alp = true;
						break;
					}
				}
			}
		}

		// looping for denies
		for (int i = 0; i < _denyList.size(); i++) {
			elm = _denyList.get(i);
			if (elm.equals("all")) {
				dep = true;
				break;
			} else {
				char c = elm.charAt(0);
				if (c >= '0' && c <= '9') { // ip
					if (isIP && host.startsWith(elm)) {
						dep = true;
						break;
					}
				} else { // hostname
					if (!isIP && host.endsWith(elm)) {
						dep = true;
						break;
					}
				}
			}
		}

		if (_order < 0) // deny,allow
			return !dep || alp;

		return alp && !dep;
	}

	public boolean isAccessLimited() {
		if (_allowList.size() > 0 || _denyList.size() > 0)
			return true;
		else
			return false;
	}

	private void parse(BufferedReader htin) throws IOException {
		String line;
		int limit = 0;
		while ((line = htin.readLine()) != null) {
			line = line.trim();
			if (line.startsWith("#"))
				continue;
			if (line.startsWith("order")) {
				if (logger.isDebugEnabled())
					logger.debug("orderline=" + line + "order=" + _order);
				if (line.indexOf("allow,deny") > 0) {
					logger.debug("==>allow+deny");
					_order = 1;
				} else if (line.indexOf("deny,allow") > 0) {
					logger.debug("==>deny,allow");
					_order = -1;
				}
			} else if (line.startsWith("allow from")) {
				int pos1 = 10;
				limit = line.length();
				while ((pos1 < limit) && (line.charAt(pos1) <= ' '))
					pos1++;
				if (logger.isDebugEnabled())
					logger.debug("allow from:" + line.substring(pos1));
				StringTokenizer tkns = new StringTokenizer(line.substring(pos1));
				while (tkns.hasMoreTokens()) {
					_allowList.add(tkns.nextToken());
				}
			} else if (line.startsWith("deny from")) {
				int pos1 = 9;
				limit = line.length();
				while ((pos1 < limit) && (line.charAt(pos1) <= ' '))
					pos1++;
				if (logger.isDebugEnabled())
					logger.debug("deny from:" + line.substring(pos1));

				StringTokenizer tkns = new StringTokenizer(line.substring(pos1));
				while (tkns.hasMoreTokens()) {
					_denyList.add(tkns.nextToken());
				}
			}
		}
	}
	
	public static void main(String[] args) throws Exception {
		AccessManager am = new AccessManager(new File(args[0]));
		System.out.println("157.193.199.44:" + am.checkAccess("157.193.199.44"));
		System.out.println("157.193.199.43:" + am.checkAccess("157.193.199.43"));
		System.out.println("128.84.103.:" + am.checkAccess("128.84.103."));
		System.out.println("68.224.187.40:" + am.checkAccess("68.224.187.40"));
		System.out.println("68.224.187.:" + am.checkAccess("68.224.187."));
		java.net.URL url = new java.net.URL("http://java.sun.com/j2se/1.4.2/docs/api/java/net/InetAddress.html");
		System.out.println("sun.com:" + am.checkAccess(url.getHost()));
	}
}