sshd-contrib/src/main/java/org/apache/sshd/server/subsystem/sftp/SimpleAccessControlSftpEventListener.java - mina-sshd - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements. See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership. The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied. See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 package org.apache.sshd.server.subsystem.sftp;

 import java.io.IOException;
 import java.nio.file.AccessDeniedException;
 import java.nio.file.CopyOption;
 import java.nio.file.Path;
 import java.util.Collection;
 import java.util.Map;

 import org.apache.sshd.server.session.ServerSession;

 /**
  * Provides a simple access control by making a distinction between methods
  * that provide information - including reading data - and those that modify it
  * @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
  */
 public abstract class SimpleAccessControlSftpEventListener extends AbstractSftpEventListenerAdapter {
     public static final SimpleAccessControlSftpEventListener READ_ONLY_ACCESSOR =
         new SimpleAccessControlSftpEventListener() {
             @Override
             protected boolean isAccessAllowed(ServerSession session, String remoteHandle, Path localPath)
                     throws IOException {
                 return true;
             }

             @Override
             protected boolean isModificationAllowed(ServerSession session, String remoteHandle, Path localPath)
                     throws IOException {
                 return false;
             }
     };

     protected SimpleAccessControlSftpEventListener() {
         super();
     }

     @Override
     public void read(ServerSession session, String remoteHandle, DirectoryHandle localHandle, Map<String, Path> entries)
             throws IOException {
         super.read(session, remoteHandle, localHandle, entries);
         if (!isAccessAllowed(session, remoteHandle, localHandle)) {
             throw new AccessDeniedException(remoteHandle);
         }
     }

     @Override
     public void reading(ServerSession session, String remoteHandle, FileHandle localHandle, long offset, byte[] data,
             int dataOffset, int dataLen) throws IOException {
         super.reading(session, remoteHandle, localHandle, offset, data, dataOffset, dataLen);
         if (!isAccessAllowed(session, remoteHandle, localHandle)) {
             throw new AccessDeniedException(remoteHandle);
         }
     }

     /**
      * @param session The {@link ServerSession} throw which the request was made
      * @param remoteHandle The remote handle value
      * @param localHandle The local handle
      * @return {@code true} if allowed to access the handle
      * @throws IOException If failed to handle the call
      */
     protected boolean isAccessAllowed(ServerSession session, String remoteHandle, Handle localHandle) throws IOException {
         return isAccessAllowed(session, remoteHandle, localHandle.getFile());
     }

     /**
      * @param session The {@link ServerSession} throw which the request was made
      * @param remoteHandle The remote handle value
      * @param localPath The local {@link Path}
      * @return {@code true} if allowed to access the path
      * @throws IOException If failed to handle the call
      */
     protected abstract boolean isAccessAllowed(ServerSession session, String remoteHandle, Path localPath) throws IOException;

     @Override
     public void writing(ServerSession session, String remoteHandle, FileHandle localHandle, long offset, byte[] data,
             int dataOffset, int dataLen) throws IOException {
         super.writing(session, remoteHandle, localHandle, offset, data, dataOffset, dataLen);
         if (!isModificationAllowed(session, remoteHandle, localHandle.getFile())) {
             throw new AccessDeniedException(remoteHandle);
         }
     }

     @Override
     public void blocking(ServerSession session, String remoteHandle, FileHandle localHandle, long offset, long length, int mask) throws IOException {
         super.blocking(session, remoteHandle, localHandle, offset, length, mask);
         if (!isModificationAllowed(session, remoteHandle, localHandle.getFile())) {
             throw new AccessDeniedException(remoteHandle);
         }
     }

     @Override
     public void unblocking(ServerSession session, String remoteHandle, FileHandle localHandle, long offset, long length)
             throws IOException {
         super.unblocking(session, remoteHandle, localHandle, offset, length);
         if (!isModificationAllowed(session, remoteHandle, localHandle.getFile())) {
             throw new AccessDeniedException(remoteHandle);
         }
     }

     @Override
     public void creating(ServerSession session, Path path, Map<String, ?> attrs) throws IOException {
         super.creating(session, path, attrs);
         if (!isModificationAllowed(session, path.toString(), path)) {
             throw new AccessDeniedException(path.toString());
         }
     }

     @Override
     public void moving(ServerSession session, Path srcPath, Path dstPath, Collection<CopyOption> opts)
             throws IOException {
         super.moving(session, srcPath, dstPath, opts);
         if (!isModificationAllowed(session, srcPath.toString(), srcPath)) {
             throw new AccessDeniedException(srcPath.toString());
         }
     }

     @Override
     public void removing(ServerSession session, Path path) throws IOException {
         super.removing(session, path);
         if (!isModificationAllowed(session, path.toString(), path)) {
             throw new AccessDeniedException(path.toString());
         }
     }

     @Override
     public void linking(ServerSession session, Path source, Path target, boolean symLink) throws IOException {
         super.linking(session, source, target, symLink);
         if (!isModificationAllowed(session, source.toString(), source)) {
             throw new AccessDeniedException(source.toString());
         }
     }

     @Override
     public void modifyingAttributes(ServerSession session, Path path, Map<String, ?> attrs) throws IOException {
         super.modifyingAttributes(session, path, attrs);
         if (!isModificationAllowed(session, path.toString(), path)) {
             throw new AccessDeniedException(path.toString());
         }
     }

     /**
      * @param session The {@link ServerSession} throw which the request was made
      * @param remoteHandle The remote handle value
      * @param localPath The local {@link Path}
      * @return {@code true} if allowed to modify the path
      * @throws IOException If failed to handle the call
      */
     protected abstract boolean isModificationAllowed(ServerSession session, String remoteHandle, Path localPath) throws IOException;

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	package org.apache.sshd.server.subsystem.sftp;

	import java.io.IOException;
	import java.nio.file.AccessDeniedException;
	import java.nio.file.CopyOption;
	import java.nio.file.Path;
	import java.util.Collection;
	import java.util.Map;

	import org.apache.sshd.server.session.ServerSession;

	/**
	* Provides a simple access control by making a distinction between methods
	* that provide information - including reading data - and those that modify it
	* @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
	*/
	public abstract class SimpleAccessControlSftpEventListener extends AbstractSftpEventListenerAdapter {
	public static final SimpleAccessControlSftpEventListener READ_ONLY_ACCESSOR =
	new SimpleAccessControlSftpEventListener() {
	@Override
	protected boolean isAccessAllowed(ServerSession session, String remoteHandle, Path localPath)
	throws IOException {
	return true;
	}

	@Override
	protected boolean isModificationAllowed(ServerSession session, String remoteHandle, Path localPath)
	throws IOException {
	return false;
	}
	};

	protected SimpleAccessControlSftpEventListener() {
	super();
	}

	@Override
	public void read(ServerSession session, String remoteHandle, DirectoryHandle localHandle, Map<String, Path> entries)
	throws IOException {
	super.read(session, remoteHandle, localHandle, entries);
	if (!isAccessAllowed(session, remoteHandle, localHandle)) {
	throw new AccessDeniedException(remoteHandle);
	}
	}

	@Override
	public void reading(ServerSession session, String remoteHandle, FileHandle localHandle, long offset, byte[] data,
	int dataOffset, int dataLen) throws IOException {
	super.reading(session, remoteHandle, localHandle, offset, data, dataOffset, dataLen);
	if (!isAccessAllowed(session, remoteHandle, localHandle)) {
	throw new AccessDeniedException(remoteHandle);
	}
	}

	/**
	* @param session The {@link ServerSession} throw which the request was made
	* @param remoteHandle The remote handle value
	* @param localHandle The local handle
	* @return {@code true} if allowed to access the handle
	* @throws IOException If failed to handle the call
	*/
	protected boolean isAccessAllowed(ServerSession session, String remoteHandle, Handle localHandle) throws IOException {
	return isAccessAllowed(session, remoteHandle, localHandle.getFile());
	}

	/**
	* @param session The {@link ServerSession} throw which the request was made
	* @param remoteHandle The remote handle value
	* @param localPath The local {@link Path}
	* @return {@code true} if allowed to access the path
	* @throws IOException If failed to handle the call
	*/
	protected abstract boolean isAccessAllowed(ServerSession session, String remoteHandle, Path localPath) throws IOException;

	@Override
	public void writing(ServerSession session, String remoteHandle, FileHandle localHandle, long offset, byte[] data,
	int dataOffset, int dataLen) throws IOException {
	super.writing(session, remoteHandle, localHandle, offset, data, dataOffset, dataLen);
	if (!isModificationAllowed(session, remoteHandle, localHandle.getFile())) {
	throw new AccessDeniedException(remoteHandle);
	}
	}

	@Override
	public void blocking(ServerSession session, String remoteHandle, FileHandle localHandle, long offset, long length, int mask) throws IOException {
	super.blocking(session, remoteHandle, localHandle, offset, length, mask);
	if (!isModificationAllowed(session, remoteHandle, localHandle.getFile())) {
	throw new AccessDeniedException(remoteHandle);
	}
	}

	@Override
	public void unblocking(ServerSession session, String remoteHandle, FileHandle localHandle, long offset, long length)
	throws IOException {
	super.unblocking(session, remoteHandle, localHandle, offset, length);
	if (!isModificationAllowed(session, remoteHandle, localHandle.getFile())) {
	throw new AccessDeniedException(remoteHandle);
	}
	}

	@Override
	public void creating(ServerSession session, Path path, Map<String, ?> attrs) throws IOException {
	super.creating(session, path, attrs);
	if (!isModificationAllowed(session, path.toString(), path)) {
	throw new AccessDeniedException(path.toString());
	}
	}

	@Override
	public void moving(ServerSession session, Path srcPath, Path dstPath, Collection<CopyOption> opts)
	throws IOException {
	super.moving(session, srcPath, dstPath, opts);
	if (!isModificationAllowed(session, srcPath.toString(), srcPath)) {
	throw new AccessDeniedException(srcPath.toString());
	}
	}

	@Override
	public void removing(ServerSession session, Path path) throws IOException {
	super.removing(session, path);
	if (!isModificationAllowed(session, path.toString(), path)) {
	throw new AccessDeniedException(path.toString());
	}
	}

	@Override
	public void linking(ServerSession session, Path source, Path target, boolean symLink) throws IOException {
	super.linking(session, source, target, symLink);
	if (!isModificationAllowed(session, source.toString(), source)) {
	throw new AccessDeniedException(source.toString());
	}
	}

	@Override
	public void modifyingAttributes(ServerSession session, Path path, Map<String, ?> attrs) throws IOException {
	super.modifyingAttributes(session, path, attrs);
	if (!isModificationAllowed(session, path.toString(), path)) {
	throw new AccessDeniedException(path.toString());
	}
	}

	/**
	* @param session The {@link ServerSession} throw which the request was made
	* @param remoteHandle The remote handle value
	* @param localPath The local {@link Path}
	* @return {@code true} if allowed to modify the path
	* @throws IOException If failed to handle the call
	*/
	protected abstract boolean isModificationAllowed(ServerSession session, String remoteHandle, Path localPath) throws IOException;

	}