Interface SqlFirewallManager

All Known Implementing Classes:
CsvRulesManager, DefaultSqlFirewallManager, DenyDclManager, DenyDdlManager, DenyExecuteUpdateManager, DenyMetadataQueryManager, DenyStatementClassManager, DenyTclManager

public interface SqlFirewallManager
Interface that allows to define firewall rules for AceQL HTTP SQL calls.
Concrete implementations are defined in aceql-server.properties.

A concrete implementation should be developed on the server side in order to:
  • Define if a client user has the right to call a Statement.execute (i.e. call a raw execute).
  • Define if a client user has the right to call a Statement.executeUpdate (i.e. call a statement that updates the database).
  • Define if a client user has the right to call a raw Statement that is not a PreparedStatement.
  • Define if a client user has the right to call a the AceQL Metadata API.
  • Define a specific piece of Java code to analyze the source code of the SQL statement before allowing or not it's execution.

Multiple SqlFirewallManager may be defined and chained.

Note that the framework comes with a Default SqlFirewallManager implementation that is *not* secured and should be extended: DefaultSqlFirewallManager.

Built in and ready to use classes that don't require any coding are included. The classes may be chained. See each Javadoc for more details:

Note that the helper class StatementAnalyzer allows to do some simple tests on the SQL statement string representation.

Since:
4.1
Author:
Nicolas de Pomereu
  • Method Summary

    Modifier and Type Method Description
    boolean allowExecute​(String username, String database, Connection connection)
    Allows to define if the passed username is allowed to call a raw JDBC Statement.execute.
    boolean allowExecuteUpdate​(String username, String database, Connection connection)
    Allows to define if the passed username is allowed to call a statement that updates the database.
    boolean allowMetadataQuery​(String username, String database, Connection connection)
    Says if the username is allowed call the Metadata Query API for the passed database.
    boolean allowSqlRunAfterAnalysis​(String username, String database, Connection connection, String ipAddress, String sql, boolean isPreparedStatement, List<Object> parameterValues)
    Allows, for the passed client username and its IP address, to know if statement is a prepared statement an to analyze the string representation of the SQL statement that is received on the server.
    boolean allowStatementClass​(String username, String database, Connection connection)
    Allows to define if the passed username is allowed to create and use a Statement instance that is not a PreparedStatement
    void runIfStatementRefused​(String username, String database, Connection connection, String ipAddress, boolean isMetadataQuery, String sql, List<Object> parameterValues)
    Allows to implement specific a Java rule immediately after a SQL statement has been refused because one of the SqlFirewallManager.allowXxx method returned false.
  • Method Details

    • allowMetadataQuery

      boolean allowMetadataQuery​(String username, String database, Connection connection) throws IOException, SQLException
      Says if the username is allowed call the Metadata Query API for the passed database.
      Parameters:
      username - the client username to check the rule for.
      database - the database name as defined in the JDBC URL field
      connection - The current SQL/JDBC Connection
      Returns:
      true if the user has the right to call the Metada Query API, else false.
      Throws:
      IOException - if an IOException occurs
      SQLException - if a SQLException occurs
    • allowStatementClass

      boolean allowStatementClass​(String username, String database, Connection connection) throws IOException, SQLException
      Allows to define if the passed username is allowed to create and use a Statement instance that is not a PreparedStatement
      Parameters:
      username - the client username to check the rule for.
      database - the database name as defined in the JDBC URL field
      connection - The current SQL/JDBC Connection
      Returns:
      true if the user has the right to call a raw execute

      Throws:
      IOException - if an IOException occurs
      SQLException - if a SQLException occurs
    • allowSqlRunAfterAnalysis

      boolean allowSqlRunAfterAnalysis​(String username, String database, Connection connection, String ipAddress, String sql, boolean isPreparedStatement, List<Object> parameterValues) throws IOException, SQLException
      Allows, for the passed client username and its IP address, to know if statement is a prepared statement an to analyze the string representation of the SQL statement that is received on the server.
      If the analysis defined by the method returns false, the SQL statement won't be executed.
      Parameters:
      username - the client username to check the rule for.
      database - the database name as defined in the JDBC URL field
      connection - The current SQL/JDBC Connection
      ipAddress - the IP address of the client user
      sql - the SQL statement
      isPreparedStatement - Says if the statement is a prepared statement
      parameterValues - the parameter values of a prepared statement in the natural order, empty list for a (non prepared) statement
      Returns:
      true if the analyzed statement or prepared statement is validated and authorized to run, else false.

      Throws:
      IOException - if an IOException occurs
      SQLException - if a SQLException occurs
    • allowExecute

      boolean allowExecute​(String username, String database, Connection connection) throws IOException, SQLException
      Allows to define if the passed username is allowed to call a raw JDBC Statement.execute.
      Parameters:
      username - the client username to check the rule for.
      database - the database name as defined in the JDBC URL field
      connection - The current SQL/JDBC Connection
      Returns:
      true if the user has the right call a database update statement.
      Throws:
      IOException - if an IOException occurs
      SQLException - if a SQLException occurs
    • allowExecuteUpdate

      boolean allowExecuteUpdate​(String username, String database, Connection connection) throws IOException, SQLException
      Allows to define if the passed username is allowed to call a statement that updates the database.
      Parameters:
      username - the client username to check the rule for.
      database - the database name as defined in the JDBC URL field
      connection - The current SQL/JDBC Connection
      Returns:
      true if the user has the right call a database update statement.
      Throws:
      IOException - if an IOException occurs
      SQLException - if a SQLException occurs
    • runIfStatementRefused

      void runIfStatementRefused​(String username, String database, Connection connection, String ipAddress, boolean isMetadataQuery, String sql, List<Object> parameterValues) throws IOException, SQLException
      Allows to implement specific a Java rule immediately after a SQL statement has been refused because one of the SqlFirewallManager.allowXxx method returned false.

      Examples:
      • Delete the user from the username SQL table so that he never comes back.
      • Log the IP address.
      • Log the info.
      • Send an alert message/email to a Security Officer.
      • Etc.

      Parameters:
      username - the discarded client username
      database - the database name as defined in the JDBC URL field
      connection - The current SQL/JDBC Connection
      ipAddress - the IP address of the client user
      isMetadataQuery - Says if the client request was an AceQL specific Metadata Query API
      sql - the SQL statement
      parameterValues - the parameter values of a prepared statement in the natural order, empty list for a (non prepared) statement
      Throws:
      IOException - if an IOException occurs
      SQLException - if a SQLException occurs