001    /*
002    GRANITE DATA SERVICES
003    Copyright (C) 2011 GRANITE DATA SERVICES S.A.S.
004    
005    This file is part of Granite Data Services.
006    
007    Granite Data Services is free software; you can redistribute it and/or modify
008    it under the terms of the GNU Library General Public License as published by
009    the Free Software Foundation; either version 2 of the License, or (at your
010    option) any later version.
011    
012    Granite Data Services is distributed in the hope that it will be useful, but
013    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
014    FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License
015    for more details.
016    
017    You should have received a copy of the GNU Library General Public License
018    along with this library; if not, see <http://www.gnu.org/licenses/>.
019    */
020    
021    package org.granite.messaging.amf.io;
022    
023    import java.util.concurrent.ConcurrentHashMap;
024    import java.util.concurrent.ConcurrentMap;
025    import java.util.regex.Pattern;
026    
027    /**
028     * A default implementation of the securizer interface that prevents arbitrary class
029     * instantiation based on a regex pattern.
030     * 
031     * @author Franck WOLFF
032     */
033    public class RegexAMF3DeserializerSecurizer implements AMF3DeserializerSecurizer {
034    
035            private Pattern allow = null;
036            private ConcurrentMap<String, Boolean> cache = new ConcurrentHashMap<String, Boolean>();
037    
038            /**
039             * Checks if the given class name isn't matched by the configured pattern. Note
040             * that null or empty class names are allowed.
041             * 
042             * @param className the class to check.
043             * @return <code>true</code> if the given class name is allowed to be
044             *              instantiated, <code>false</code> otherwise.
045             */
046            public boolean allowInstantiation(String className) {
047                    if (allow == null || className == null || className.length() == 0)
048                            return true;
049                    if (cache.containsKey(className))
050                            return true;
051                    boolean allowed = allow.matcher(className).matches();
052                    if (allowed)
053                            cache.putIfAbsent(className, Boolean.TRUE);
054                    return allowed;
055            }
056    
057            /**
058             * Set this securizer pattern. Note that you may use whitespaces in your pattern in
059             * order to improve readability: theses extra characters will be ignored.
060             * 
061             * @param param a regex containing <strong>allowed</strong> class name patterns.
062             * @throws java.util.regex.PatternSyntaxException if the given value isn't a valid
063             *              regex pattern.
064             */
065            public void setParam(String param) {
066                    if (param == null || param.length() == 0)
067                            allow = null;
068                    else {
069                            StringBuilder sb = new StringBuilder(param.length());
070                            for (String s : param.split("\\s", -1)) {
071                                    if (s.length() > 0)
072                                            sb.append(s);
073                            }
074                            allow = Pattern.compile(sb.toString());
075                    }
076                    cache = new ConcurrentHashMap<String, Boolean>();
077            }
078            
079    
080            /**
081             * Return this securizer pattern.
082             * 
083             * @return this securizer pattern.
084             */
085            public String getParam() {
086                    return (allow != null ? allow.pattern() : null);
087            }
088    }