java.lang.Object
com.aoapps.servlet.firewall.rules.Rules

public final class Rules extends Object
A set of base Matcher and Action implementations based on the servlet API and firewall API.

TODO: Don't like the idea of xml files declaring stuff away from where is used. TODO: How to get the blocked-unless-enabled approach, and the servlet path spaces? TODO: Set of annotations for servlets? What would it mean? TODO: Impossible to annotate JSP files, set of JSP tags? Why there? TODO: Is this blowing-up beyond what is needed by thinking too broadly of matchers and actions?

TODO: Capture groups for regular expression-based matches, useful somehow in actions or further matchers?

TODO: Could/should CSRF be built into the firewall? Or is that a separate concept?

Implementation Note:
Defensive copying of collections is not performed, intentionally allowing callers to provided mutable collections. Although this should be used sparingly, it may be appropriate for rules that call-out to other APIs, such as ACLs inside of a database.

Implementation Note:
Arrays are not necessarily defensively copied, but the elements of the arrays might also be extracted. Mutation of arrays is not supported.

Implementation Note:
This is admittedly overload-heavy. We are paying the price here in order to have the absolutely cleanest possible rule definitions. Perhaps a future version of Java will introduce optional parameters and this can be cleaned-up some.

  • Field Details

  • Method Details

    • none

      public static Matcher none(Iterable<? extends Rule> rules)
      Never matches. This is useful to replace another rule with a non-matching rule, without having to comment-out the set of rules.
      Parameters:
      rules - The rules are never called.
      Returns:
      Returns none always
      See Also:
    • none

      public static Matcher none(Iterable<? extends Rule> rules, Iterable<? extends Rule> otherwise)
      Never matches. This is useful to replace another rule with a non-matching rule, without having to comment-out the sets of rules.
      Parameters:
      rules - The rules are never called.
      otherwise - The rules are never called.
      Returns:
      Returns none always
      See Also:
    • none

      public static Matcher none(Rule... rules)
      Never matches. This is useful to replace another rule with a non-matching rule, without having to comment-out the set of rules.
      Parameters:
      rules - The rules are never called.
      Returns:
      Returns none always
      See Also:
    • none

      public static Matcher none(Rule[] rules, Rule... otherwise)
      Never matches. This is useful to replace another rule with a non-matching rule, without having to comment-out the sets of rules.
      Parameters:
      rules - The rules are never called.
      otherwise - The rules are never called.
      Returns:
      Returns none always
      See Also:
    • all

      public static Matcher all(Iterable<? extends Rule> rules)
      Always matches and calls all rules.
      Parameters:
      rules - All rules are called, up to any terminating action.
      Returns:
      Returns Matcher.Result.TERMINATE if a terminating action has occurred. Otherwise returns Matcher.Result.MATCH.
    • all

      public static Matcher all(Iterable<? extends Rule> rules, Iterable<? extends Rule> otherwise)
      Always matches and calls all rules. This is useful for replacing a conditional rule with an always-matching rule, without having to comment-out the "otherwise" set of rules.
      Parameters:
      rules - All rules are called, up to any terminating action.
      otherwise - The rules are never called.
      Returns:
      Returns all(java.lang.Iterable) always
      See Also:
    • all

      public static Matcher all(Rule... rules)
      Always matches and calls all rules.
      Parameters:
      rules - All rules are called, up to any terminating action.
      Returns:
      Returns Matcher.Result.TERMINATE if a terminating action has occurred. Otherwise returns Matcher.Result.MATCH.
    • all

      public static Matcher all(Rule[] rules, Rule... otherwise)
      Always matches and calls all rules. This is useful for replacing a conditional rule with an always-matching rule, without having to comment-out the "otherwise" set of rules.
      Parameters:
      rules - All rules are called, up to any terminating action.
      otherwise - The rules are never called.
      Returns:
      Returns all(com.aoapps.servlet.firewall.api.Rule...) always
      See Also:
    • and

      public static Matcher and(Iterable<? extends Rule> rules)
      Matches when all matchers match. Stops processing rules (both matchers and actions) when the first matcher does not match. Performs any actions while processing rules, up to the point stopped on first non-matching matcher.
      Returns:
      Matcher.Result.MATCH when rules is empty
    • and

      public static Matcher and(Iterable<? extends Rule> rules, Iterable<? extends Rule> otherwise)
      Matches when all matchers match. Stops processing rules (both matchers and actions) when the first matcher does not match. Performs any actions while processing rules, up to the point stopped on first non-matching matcher.
      Parameters:
      otherwise - Performs all otherwise rules only when a matcher in rules does not match.
      Returns:
      Matcher.Result.MATCH when rules is empty
    • and

      public static Matcher and(Rule... rules)
      Matches when all matchers match. Stops processing rules (both matchers and actions) when the first matcher does not match. Performs any actions while processing rules, up to the point stopped on first non-matching matcher.
      Returns:
      Matcher.Result.MATCH when rules is empty
    • and

      public static Matcher and(Rule[] rules, Rule... otherwise)
      Matches when all matchers match. Stops processing rules (both matchers and actions) when the first matcher does not match. Performs any actions while processing rules, up to the point stopped on first non-matching matcher.
      Parameters:
      otherwise - Performs all otherwise rules only when a matcher in rules does not match.
      Returns:
      Matcher.Result.MATCH when rules is empty
    • or

      public static Matcher or(Iterable<? extends Rule> rules)
      Matches when any matchers match. Stops processing matchers once the first match is found. Begins processing actions once the first match is found.
      Returns:
      Matcher.Result.NO_MATCH when rules is empty
      See Also:
    • or

      public static Matcher or(Iterable<? extends Rule> rules, Iterable<? extends Rule> otherwise)
      Matches when any matchers match. Stops processing matchers once the first match is found. Begins processing actions once the first match is found.
      Parameters:
      otherwise - Performs all otherwise rules only when no matcher in rules matches.
      Returns:
      Matcher.Result.NO_MATCH when rules is empty
      See Also:
    • or

      public static Matcher or(Rule... rules)
      Matches when any matchers match. Stops processing matchers once the first match is found. Begins processing actions once the first match is found.
      Returns:
      Matcher.Result.NO_MATCH when rules is empty
      See Also:
    • or

      public static Matcher or(Rule[] rules, Rule... otherwise)
      Matches when any matchers match. Stops processing matchers once the first match is found. Begins processing actions once the first match is found.
      Parameters:
      otherwise - Performs all otherwise rules only when no matcher in rules matches.
      Returns:
      Matcher.Result.NO_MATCH when rules is empty
      See Also:
    • not

      public static Matcher not(Matcher matcher)
      Negates a match.

      TODO: What would it mean to handle multiple rules? Or best used with "not/any" "not/all"? TODO: Should the negation be passed on to them regarding their invocation of any nested actions? TODO: What would "otherwise" be?