001/** 002 * GRANITE DATA SERVICES 003 * Copyright (C) 2006-2013 GRANITE DATA SERVICES S.A.S. 004 * 005 * This file is part of the Granite Data Services Platform. 006 * 007 * Granite Data Services is free software; you can redistribute it and/or 008 * modify it under the terms of the GNU Lesser General Public 009 * License as published by the Free Software Foundation; either 010 * version 2.1 of the License, or (at your option) any later version. 011 * 012 * Granite Data Services is distributed in the hope that it will be useful, 013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser 015 * General Public License for more details. 016 * 017 * You should have received a copy of the GNU Lesser General Public 018 * License along with this library; if not, write to the Free Software 019 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, 020 * USA, or see <http://www.gnu.org/licenses/>. 021 */ 022/* 023GRANITE DATA SERVICES 024Copyright (C) 2011 GRANITE DATA SERVICES S.A.S. 025 026This file is part of Granite Data Services. 027 028Granite Data Services is free software; you can redistribute it and/or modify 029it under the terms of the GNU Library General Public License as published by 030the Free Software Foundation; either version 2 of the License, or (at your 031option) any later version. 032 033Granite Data Services is distributed in the hope that it will be useful, but 034WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 035FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License 036for more details. 037 038You should have received a copy of the GNU Library General Public License 039along with this library; if not, see <http://www.gnu.org/licenses/>. 040*/ 041 042package org.granite.messaging.amf.io; 043 044import java.util.concurrent.ConcurrentHashMap; 045import java.util.concurrent.ConcurrentMap; 046import java.util.regex.Pattern; 047 048/** 049 * A default implementation of the securizer interface that prevents arbitrary class 050 * instantiation based on a regex pattern. 051 * 052 * @author Franck WOLFF 053 */ 054public class RegexAMF3DeserializerSecurizer implements AMF3DeserializerSecurizer { 055 056 private Pattern allow = null; 057 private ConcurrentMap<String, Boolean> cache = new ConcurrentHashMap<String, Boolean>(); 058 059 /** 060 * Checks if the given class name isn't matched by the configured pattern. Note 061 * that null or empty class names are allowed. 062 * 063 * @param className the class to check. 064 * @return <code>true</code> if the given class name is allowed to be 065 * instantiated, <code>false</code> otherwise. 066 */ 067 public boolean allowInstantiation(String className) { 068 if (allow == null || className == null || className.length() == 0) 069 return true; 070 if (cache.containsKey(className)) 071 return true; 072 boolean allowed = allow.matcher(className).matches(); 073 if (allowed) 074 cache.putIfAbsent(className, Boolean.TRUE); 075 return allowed; 076 } 077 078 /** 079 * Set this securizer pattern. Note that you may use whitespaces in your pattern in 080 * order to improve readability: theses extra characters will be ignored. 081 * 082 * @param param a regex containing <strong>allowed</strong> class name patterns. 083 * @throws java.util.regex.PatternSyntaxException if the given value isn't a valid 084 * regex pattern. 085 */ 086 public void setParam(String param) { 087 if (param == null || param.length() == 0) 088 allow = null; 089 else { 090 StringBuilder sb = new StringBuilder(param.length()); 091 for (String s : param.split("\\s", -1)) { 092 if (s.length() > 0) 093 sb.append(s); 094 } 095 allow = Pattern.compile(sb.toString()); 096 } 097 cache = new ConcurrentHashMap<String, Boolean>(); 098 } 099 100 101 /** 102 * Return this securizer pattern. 103 * 104 * @return this securizer pattern. 105 */ 106 public String getParam() { 107 return (allow != null ? allow.pattern() : null); 108 } 109}