001 /**
002 * GRANITE DATA SERVICES
003 * Copyright (C) 2006-2013 GRANITE DATA SERVICES S.A.S.
004 *
005 * This file is part of the Granite Data Services Platform.
006 *
007 * Granite Data Services is free software; you can redistribute it and/or
008 * modify it under the terms of the GNU Lesser General Public
009 * License as published by the Free Software Foundation; either
010 * version 2.1 of the License, or (at your option) any later version.
011 *
012 * Granite Data Services is distributed in the hope that it will be useful,
013 * but WITHOUT ANY WARRANTY; without even the implied warranty of
014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
015 * General Public License for more details.
016 *
017 * You should have received a copy of the GNU Lesser General Public
018 * License along with this library; if not, write to the Free Software
019 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
020 * USA, or see <http://www.gnu.org/licenses/>.
021 */
022 /*
023 GRANITE DATA SERVICES
024 Copyright (C) 2011 GRANITE DATA SERVICES S.A.S.
025
026 This file is part of Granite Data Services.
027
028 Granite Data Services is free software; you can redistribute it and/or modify
029 it under the terms of the GNU Library General Public License as published by
030 the Free Software Foundation; either version 2 of the License, or (at your
031 option) any later version.
032
033 Granite Data Services is distributed in the hope that it will be useful, but
034 WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
035 FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License
036 for more details.
037
038 You should have received a copy of the GNU Library General Public License
039 along with this library; if not, see <http://www.gnu.org/licenses/>.
040 */
041
042 package org.granite.messaging.amf.io;
043
044 import java.util.concurrent.ConcurrentHashMap;
045 import java.util.concurrent.ConcurrentMap;
046 import java.util.regex.Pattern;
047
048 /**
049 * A default implementation of the securizer interface that prevents arbitrary class
050 * instantiation based on a regex pattern.
051 *
052 * @author Franck WOLFF
053 */
054 public class RegexAMF3DeserializerSecurizer implements AMF3DeserializerSecurizer {
055
056 private Pattern allow = null;
057 private ConcurrentMap<String, Boolean> cache = new ConcurrentHashMap<String, Boolean>();
058
059 /**
060 * Checks if the given class name isn't matched by the configured pattern. Note
061 * that null or empty class names are allowed.
062 *
063 * @param className the class to check.
064 * @return <code>true</code> if the given class name is allowed to be
065 * instantiated, <code>false</code> otherwise.
066 */
067 public boolean allowInstantiation(String className) {
068 if (allow == null || className == null || className.length() == 0)
069 return true;
070 if (cache.containsKey(className))
071 return true;
072 boolean allowed = allow.matcher(className).matches();
073 if (allowed)
074 cache.putIfAbsent(className, Boolean.TRUE);
075 return allowed;
076 }
077
078 /**
079 * Set this securizer pattern. Note that you may use whitespaces in your pattern in
080 * order to improve readability: theses extra characters will be ignored.
081 *
082 * @param param a regex containing <strong>allowed</strong> class name patterns.
083 * @throws java.util.regex.PatternSyntaxException if the given value isn't a valid
084 * regex pattern.
085 */
086 public void setParam(String param) {
087 if (param == null || param.length() == 0)
088 allow = null;
089 else {
090 StringBuilder sb = new StringBuilder(param.length());
091 for (String s : param.split("\\s", -1)) {
092 if (s.length() > 0)
093 sb.append(s);
094 }
095 allow = Pattern.compile(sb.toString());
096 }
097 cache = new ConcurrentHashMap<String, Boolean>();
098 }
099
100
101 /**
102 * Return this securizer pattern.
103 *
104 * @return this securizer pattern.
105 */
106 public String getParam() {
107 return (allow != null ? allow.pattern() : null);
108 }
109 }