Matcher
and Action
implementations based on
the servlet API and firewall API.
TODO: Don't like the idea of xml files declaring stuff away from where is used. TODO: How to get the blocked-unless-enabled approach, and the servlet path spaces? TODO: Set of annotations for servlets? What would it mean? TODO: Impossible to annotate JSP files, set of JSP tags? Why there? TODO: Is this blowing-up beyond what is needed by thinking too broadly of matchers and actions?
TODO: Capture groups for regular expression-based matches, useful somehow in actions or further matchers?
TODO: Could/should CSRF be built into the firewall? Or is that a separate concept?
Implementation Note:
Defensive copying of collections is not performed, intentionally allowing callers to provided mutable collections.
Although this should be used sparingly, it may be appropriate for rules that call-out to other APIs,
such as ACLs inside of a database.
Implementation Note:
Arrays are not necessarily defensively copied, but the elements of the arrays might also be extracted. Mutation of
arrays is not supported.
Implementation Note:
This is admittedly overload-heavy. We are paying the price here in order to have the absolutely
cleanest possible rule definitions. Perhaps a future version of Java will introduce optional parameters
and this can be cleaned-up some.
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic final class
SeeFilterChain
.static final class
SeeServletRequest
andHttpServletRequest
.static final class
SeeServletResponse
andHttpServletResponse
.static final class
SeeServletContext
. -
Field Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic Matcher
Always matches and calls all rules.static Matcher
Always matches and calls all rules.static Matcher
Always matches and calls all rules.static Matcher
Always matches and calls all rules.static Matcher
Matches when all matchers match.static Matcher
Matches when all matchers match.static Matcher
Matches when all matchers match.static Matcher
Matches when all matchers match.static Matcher
Never matches.static Matcher
Never matches.static Matcher
Never matches.static Matcher
Never matches.static Matcher
Negates a match.static Matcher
Matches when any matchers match.static Matcher
Matches when any matchers match.static Matcher
Matches when any matchers match.static Matcher
Matches when any matchers match.
-
Field Details
-
none
Never matches.Returns:
ReturnsMatcher.Result.NO_MATCH
always- See Also:
-
all
Always matches.Returns:
ReturnsMatcher.Result.MATCH
always -
CONTINUE
Performs no action.Returns:
ReturnsAction.Result.CONTINUE
always -
TERMINATE
Performs no action and terminates request processing.Returns:
ReturnsAction.Result.TERMINATE
always
-
-
Method Details
-
none
Never matches. This is useful to replace another rule with a non-matching rule, without having to comment-out the set of rules.- Parameters:
rules
- The rules are never called.- Returns:
- Returns
none
always - See Also:
-
none
Never matches. This is useful to replace another rule with a non-matching rule, without having to comment-out the sets of rules.- Parameters:
rules
- The rules are never called.otherwise
- The rules are never called.- Returns:
- Returns
none
always - See Also:
-
none
Never matches. This is useful to replace another rule with a non-matching rule, without having to comment-out the set of rules.- Parameters:
rules
- The rules are never called.- Returns:
- Returns
none
always - See Also:
-
none
Never matches. This is useful to replace another rule with a non-matching rule, without having to comment-out the sets of rules.- Parameters:
rules
- The rules are never called.otherwise
- The rules are never called.- Returns:
- Returns
none
always - See Also:
-
all
Always matches and calls all rules.- Parameters:
rules
- All rules are called, up to any terminating action.- Returns:
- Returns
Matcher.Result.TERMINATE
if a terminating action has occurred. Otherwise returnsMatcher.Result.MATCH
.
-
all
Always matches and calls all rules. This is useful for replacing a conditional rule with an always-matching rule, without having to comment-out the "otherwise" set of rules.- Parameters:
rules
- All rules are called, up to any terminating action.otherwise
- The rules are never called.- Returns:
- Returns
all(java.lang.Iterable)
always - See Also:
-
all
Always matches and calls all rules.- Parameters:
rules
- All rules are called, up to any terminating action.- Returns:
- Returns
Matcher.Result.TERMINATE
if a terminating action has occurred. Otherwise returnsMatcher.Result.MATCH
.
-
all
Always matches and calls all rules. This is useful for replacing a conditional rule with an always-matching rule, without having to comment-out the "otherwise" set of rules.- Parameters:
rules
- All rules are called, up to any terminating action.otherwise
- The rules are never called.- Returns:
- Returns
all(com.aoapps.servlet.firewall.api.Rule...)
always - See Also:
-
and
Matches when all matchers match. Stops processingrules
(both matchers and actions) when the first matcher does not match. Performs any actions while processing rules, up to the point stopped on first non-matching matcher.- Returns:
Matcher.Result.MATCH
when rules is empty
-
and
Matches when all matchers match. Stops processingrules
(both matchers and actions) when the first matcher does not match. Performs any actions while processing rules, up to the point stopped on first non-matching matcher.- Parameters:
otherwise
- Performs allotherwise
rules only when a matcher inrules
does not match.- Returns:
Matcher.Result.MATCH
when rules is empty
-
and
Matches when all matchers match. Stops processingrules
(both matchers and actions) when the first matcher does not match. Performs any actions while processing rules, up to the point stopped on first non-matching matcher.- Returns:
Matcher.Result.MATCH
when rules is empty
-
and
Matches when all matchers match. Stops processingrules
(both matchers and actions) when the first matcher does not match. Performs any actions while processing rules, up to the point stopped on first non-matching matcher.- Parameters:
otherwise
- Performs allotherwise
rules only when a matcher inrules
does not match.- Returns:
Matcher.Result.MATCH
when rules is empty
-
or
Matches when any matchers match. Stops processing matchers once the first match is found. Begins processing actions once the first match is found.- Returns:
Matcher.Result.NO_MATCH
when rules is empty- See Also:
-
or
Matches when any matchers match. Stops processing matchers once the first match is found. Begins processing actions once the first match is found.- Parameters:
otherwise
- Performs allotherwise
rules only when no matcher inrules
matches.- Returns:
Matcher.Result.NO_MATCH
when rules is empty- See Also:
-
or
Matches when any matchers match. Stops processing matchers once the first match is found. Begins processing actions once the first match is found.- Returns:
Matcher.Result.NO_MATCH
when rules is empty- See Also:
-
or
Matches when any matchers match. Stops processing matchers once the first match is found. Begins processing actions once the first match is found.- Parameters:
otherwise
- Performs allotherwise
rules only when no matcher inrules
matches.- Returns:
Matcher.Result.NO_MATCH
when rules is empty- See Also:
-
not
Negates a match.TODO: What would it mean to handle multiple rules? Or best used with "not/any" "not/all"? TODO: Should the negation be passed on to them regarding their invocation of any nested actions? TODO: What would "otherwise" be?
-