/
TransactionalSecurityConfiguration.java
185 lines (163 loc) · 6.19 KB
/
TransactionalSecurityConfiguration.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
/*
* Copyright (C) 2012-2018 52°North Initiative for Geospatial Open Source
* Software GmbH
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 as published
* by the Free Software Foundation.
*
* If the program is linked with libraries which are licensed under one of
* the following licenses, the combination of the program with the linked
* library is not considered a "derivative work" of the program:
*
* - Apache License, version 2.0
* - Apache Software License, version 1.0
* - GNU Lesser General Public License, version 3
* - Mozilla Public License, versions 1.0, 1.1 and 2.0
* - Common Development and Distribution License (CDDL), version 1.0
*
* Therefore the distribution of the program linked with libraries licensed
* under the aforementioned licenses, is permitted by the copyright holders
* if the distribution is compliant with both the GNU General Public
* License version 2 and the aforementioned licenses.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
* Public License for more details.
*/
package org.n52.sos.service;
import static org.n52.sos.service.TransactionalSecuritySettings.ALLOWED_PROXIES;
import static org.n52.sos.service.TransactionalSecuritySettings.TRANSACTIONAL_ACTIVE;
import static org.n52.sos.service.TransactionalSecuritySettings.TRANSACTIONAL_ALLOWED_IPS;
import static org.n52.sos.service.TransactionalSecuritySettings.TRANSACTIONAL_TOKEN;
import org.n52.faroe.ConfigurationError;
import org.n52.faroe.annotation.Configurable;
import org.n52.faroe.annotation.Setting;
import org.n52.janmayen.lifecycle.Constructable;
import org.n52.janmayen.net.IPAddress;
import org.n52.janmayen.net.IPAddressRange;
import org.n52.shetland.util.CollectionHelper;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.ImmutableSet.Builder;
/**
* @author <a href="mailto:shane@axiomalaska.com">Shane StClair</a>
*
* @since 4.0.0
*/
@Configurable
public class TransactionalSecurityConfiguration implements Constructable {
@Deprecated
private static TransactionalSecurityConfiguration instance;
private boolean transactionalActive;
/**
* List of CIDR encoded or raw IP ranges allowed to make transactional
* requests
*/
private ImmutableSet<IPAddressRange> transactionalAllowedIps = ImmutableSet.of();
/**
* Authorization token required for transactional requests
*/
private String transactionalToken;
private ImmutableSet<IPAddress> allowedProxies = ImmutableSet.of();
@Override
public void init() {
TransactionalSecurityConfiguration.instance = this;
}
/**
* @return Returns a singleton instance of the
* TransactionalSecurityConfiguration.
*/
@Deprecated
public static TransactionalSecurityConfiguration getInstance() {
return instance;
}
/**
* @return the transactionalActive
*/
public boolean isTransactionalActive() {
return transactionalActive;
}
/**
* @param transactionalActive
* the transactionalActive to set
*/
@Setting(TRANSACTIONAL_ACTIVE)
public void setTransactionalActive(final boolean transactionalActive) {
this.transactionalActive = transactionalActive;
}
/**
* @return List of CIDR encoded or raw IP ranges allowed to make
* transactional requests
*/
public ImmutableSet<IPAddressRange> getAllowedAddresses() {
return transactionalAllowedIps;
}
@Setting(TRANSACTIONAL_ALLOWED_IPS)
public void setTransactionalAllowedIps(final String txAllowedIps) throws ConfigurationError {
if (!Strings.isNullOrEmpty(txAllowedIps)) {
Builder<IPAddressRange> builder = ImmutableSet.builder();
for (final String splitted : txAllowedIps.split(",")) {
String trimmed = splitted.trim();
try {
builder.add(new IPAddressRange(trimmed));
} catch (final IllegalArgumentException e) {
throw new ConfigurationError(
"Transactional allowed address is not a valid CIDR range or IP address", e);
}
}
transactionalAllowedIps = builder.build();
} else {
transactionalAllowedIps = ImmutableSet.of();
}
}
@Setting(ALLOWED_PROXIES)
public void setAllowedProxies(final String proxies) {
if (!Strings.isNullOrEmpty(proxies)) {
final Builder<IPAddress> builder = ImmutableSet.builder();;
for (final String splitted : proxies.split(",")) {
try {
builder.add(new IPAddress(splitted.trim()));
} catch (final IllegalArgumentException e) {
throw new ConfigurationError(
"Allowed proxy address is not a valid IP address", e);
}
}
allowedProxies = builder.build();
} else {
allowedProxies = ImmutableSet.of(new IPAddress("127.0.0.1"));
}
}
public ImmutableSet<IPAddress> getAllowedProxies() {
return allowedProxies;
}
/**
* @return Authorization token for transactional requests
*/
public String getTransactionalToken() {
return transactionalToken;
}
@Setting(TRANSACTIONAL_TOKEN)
public void setTransactionalToken(final String txToken) {
transactionalToken = txToken;
}
/**
* @return true if allowed IPs or token is defined
*/
public boolean isSetTransactionalSecurityActive() {
return transactionalActive;
}
/**
* @return true if allowed IPs defined
*/
public boolean isSetTransactionalAllowedIps() {
return CollectionHelper.isNotEmpty(getAllowedAddresses());
}
/**
* @return true if token is defined
*/
public boolean isSetTransactionalToken() {
return !Strings.isNullOrEmpty(getTransactionalToken());
}
}