| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| |
| package org.apache.sshd.server.subsystem.sftp; |
| |
| import java.io.IOException; |
| import java.nio.file.AccessDeniedException; |
| import java.nio.file.CopyOption; |
| import java.nio.file.Path; |
| import java.util.Collection; |
| import java.util.Map; |
| |
| import org.apache.sshd.server.session.ServerSession; |
| |
| /** |
| * Provides a simple access control by making a distinction between methods |
| * that provide information - including reading data - and those that modify it |
| * @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a> |
| */ |
| public abstract class SimpleAccessControlSftpEventListener extends AbstractSftpEventListenerAdapter { |
| public static final SimpleAccessControlSftpEventListener READ_ONLY_ACCESSOR = |
| new SimpleAccessControlSftpEventListener() { |
| @Override |
| protected boolean isAccessAllowed(ServerSession session, String remoteHandle, Path localPath) |
| throws IOException { |
| return true; |
| } |
| |
| @Override |
| protected boolean isModificationAllowed(ServerSession session, String remoteHandle, Path localPath) |
| throws IOException { |
| return false; |
| } |
| }; |
| |
| protected SimpleAccessControlSftpEventListener() { |
| super(); |
| } |
| |
| @Override |
| public void read(ServerSession session, String remoteHandle, DirectoryHandle localHandle, Map<String, Path> entries) |
| throws IOException { |
| super.read(session, remoteHandle, localHandle, entries); |
| if (!isAccessAllowed(session, remoteHandle, localHandle)) { |
| throw new AccessDeniedException(remoteHandle); |
| } |
| } |
| |
| @Override |
| public void reading(ServerSession session, String remoteHandle, FileHandle localHandle, long offset, byte[] data, |
| int dataOffset, int dataLen) throws IOException { |
| super.reading(session, remoteHandle, localHandle, offset, data, dataOffset, dataLen); |
| if (!isAccessAllowed(session, remoteHandle, localHandle)) { |
| throw new AccessDeniedException(remoteHandle); |
| } |
| } |
| |
| /** |
| * @param session The {@link ServerSession} throw which the request was made |
| * @param remoteHandle The remote handle value |
| * @param localHandle The local handle |
| * @return {@code true} if allowed to access the handle |
| * @throws IOException If failed to handle the call |
| */ |
| protected boolean isAccessAllowed(ServerSession session, String remoteHandle, Handle localHandle) throws IOException { |
| return isAccessAllowed(session, remoteHandle, localHandle.getFile()); |
| } |
| |
| /** |
| * @param session The {@link ServerSession} throw which the request was made |
| * @param remoteHandle The remote handle value |
| * @param localPath The local {@link Path} |
| * @return {@code true} if allowed to access the path |
| * @throws IOException If failed to handle the call |
| */ |
| protected abstract boolean isAccessAllowed(ServerSession session, String remoteHandle, Path localPath) throws IOException; |
| |
| @Override |
| public void writing(ServerSession session, String remoteHandle, FileHandle localHandle, long offset, byte[] data, |
| int dataOffset, int dataLen) throws IOException { |
| super.writing(session, remoteHandle, localHandle, offset, data, dataOffset, dataLen); |
| if (!isModificationAllowed(session, remoteHandle, localHandle.getFile())) { |
| throw new AccessDeniedException(remoteHandle); |
| } |
| } |
| |
| @Override |
| public void blocking(ServerSession session, String remoteHandle, FileHandle localHandle, long offset, long length, int mask) throws IOException { |
| super.blocking(session, remoteHandle, localHandle, offset, length, mask); |
| if (!isModificationAllowed(session, remoteHandle, localHandle.getFile())) { |
| throw new AccessDeniedException(remoteHandle); |
| } |
| } |
| |
| @Override |
| public void unblocking(ServerSession session, String remoteHandle, FileHandle localHandle, long offset, long length) |
| throws IOException { |
| super.unblocking(session, remoteHandle, localHandle, offset, length); |
| if (!isModificationAllowed(session, remoteHandle, localHandle.getFile())) { |
| throw new AccessDeniedException(remoteHandle); |
| } |
| } |
| |
| @Override |
| public void creating(ServerSession session, Path path, Map<String, ?> attrs) throws IOException { |
| super.creating(session, path, attrs); |
| if (!isModificationAllowed(session, path.toString(), path)) { |
| throw new AccessDeniedException(path.toString()); |
| } |
| } |
| |
| @Override |
| public void moving(ServerSession session, Path srcPath, Path dstPath, Collection<CopyOption> opts) |
| throws IOException { |
| super.moving(session, srcPath, dstPath, opts); |
| if (!isModificationAllowed(session, srcPath.toString(), srcPath)) { |
| throw new AccessDeniedException(srcPath.toString()); |
| } |
| } |
| |
| @Override |
| public void removing(ServerSession session, Path path) throws IOException { |
| super.removing(session, path); |
| if (!isModificationAllowed(session, path.toString(), path)) { |
| throw new AccessDeniedException(path.toString()); |
| } |
| } |
| |
| @Override |
| public void linking(ServerSession session, Path source, Path target, boolean symLink) throws IOException { |
| super.linking(session, source, target, symLink); |
| if (!isModificationAllowed(session, source.toString(), source)) { |
| throw new AccessDeniedException(source.toString()); |
| } |
| } |
| |
| @Override |
| public void modifyingAttributes(ServerSession session, Path path, Map<String, ?> attrs) throws IOException { |
| super.modifyingAttributes(session, path, attrs); |
| if (!isModificationAllowed(session, path.toString(), path)) { |
| throw new AccessDeniedException(path.toString()); |
| } |
| } |
| |
| /** |
| * @param session The {@link ServerSession} throw which the request was made |
| * @param remoteHandle The remote handle value |
| * @param localPath The local {@link Path} |
| * @return {@code true} if allowed to modify the path |
| * @throws IOException If failed to handle the call |
| */ |
| protected abstract boolean isModificationAllowed(ServerSession session, String remoteHandle, Path localPath) throws IOException; |
| |
| } |