diff --git a/src/main/java/com/actiontech/dble/config/ServerPrivileges.java b/src/main/java/com/actiontech/dble/config/ServerPrivileges.java index b67e63fb2a..349834807a 100644 --- a/src/main/java/com/actiontech/dble/config/ServerPrivileges.java +++ b/src/main/java/com/actiontech/dble/config/ServerPrivileges.java @@ -99,23 +99,19 @@ public int getBenchmark(String user) { } protected boolean checkManagerPrivilege(String user) { - // normal user don't neet manager privilege + // normal user don't need manager privilege return true; } @Override public boolean checkFirewallWhiteHostPolicy(String user, String host) { - - ServerConfig config = DbleServer.getInstance().getConfig(); - FirewallConfig firewallConfig = config.getFirewall(); - if (!checkManagerPrivilege(user)) { - // return and don't trigger firewall alarm + // normal user try to login by manager port return false; } - boolean isPassed = false; - + ServerConfig config = DbleServer.getInstance().getConfig(); + FirewallConfig firewallConfig = config.getFirewall(); Map> whitehost = firewallConfig.getWhitehost(); if (whitehost == null || whitehost.size() == 0) { Map users = config.getUsers(); @@ -143,17 +139,21 @@ public boolean checkFirewallWhiteHostPolicy(String user, String host) { /** - * @see https://github.com/alibaba/druid/wiki/%E9%85%8D%E7%BD%AE-wallfilter + * + * @see wallfilter config guide */ @Override public boolean checkFirewallSQLPolicy(String user, String sql) { - + if (isManagerUser(user)) { + // manager User will ignore firewall blacklist + return true; + } boolean isPassed = true; if (CONTEXT_LOCAL.get() == null) { FirewallConfig firewallConfig = DbleServer.getInstance().getConfig().getFirewall(); if (firewallConfig != null) { - if (firewallConfig.isCheck()) { + if (firewallConfig.isBlackListCheck()) { CONTEXT_LOCAL.set(firewallConfig.getProvider()); check = true; } @@ -171,6 +171,12 @@ public boolean checkFirewallSQLPolicy(String user, String sql) { return isPassed; } + protected boolean isManagerUser(String user) { + ServerConfig conf = DbleServer.getInstance().getConfig(); + UserConfig uc = conf.getUsers().get(user); + return uc != null && uc.isManager(); + } + public enum Checktype { INSERT, UPDATE, SELECT, DELETE } diff --git a/src/main/java/com/actiontech/dble/config/loader/xml/XMLServerLoader.java b/src/main/java/com/actiontech/dble/config/loader/xml/XMLServerLoader.java index 9f9f61127c..90f5f81651 100644 --- a/src/main/java/com/actiontech/dble/config/loader/xml/XMLServerLoader.java +++ b/src/main/java/com/actiontech/dble/config/loader/xml/XMLServerLoader.java @@ -129,7 +129,7 @@ private void loadFirewall(Element root) throws IllegalAccessException, Invocatio Element e = (Element) node; String check = e.getAttribute("check"); if (null != check) { - firewall.setCheck(Boolean.parseBoolean(check)); + firewall.setBlackListCheck(Boolean.parseBoolean(check)); } Map props = ConfigUtil.loadElements((Element) node); diff --git a/src/main/java/com/actiontech/dble/config/model/FirewallConfig.java b/src/main/java/com/actiontech/dble/config/model/FirewallConfig.java index c860a1f4c8..5936217565 100644 --- a/src/main/java/com/actiontech/dble/config/model/FirewallConfig.java +++ b/src/main/java/com/actiontech/dble/config/model/FirewallConfig.java @@ -25,7 +25,7 @@ public final class FirewallConfig { private static final Logger LOGGER = LoggerFactory.getLogger(FirewallConfig.class); private Map> whitehost; - private boolean check = false; + private boolean blackListCheck = false; private WallConfig wallConfig = new WallConfig(); @@ -35,7 +35,7 @@ public FirewallConfig() { } public void init() { - if (check) { + if (blackListCheck) { provider = new MySqlWallProvider(wallConfig); provider.setBlackListEnable(true); } @@ -71,12 +71,12 @@ public void setWallConfig(WallConfig wallConfig) { } - public boolean isCheck() { - return this.check; + public boolean isBlackListCheck() { + return this.blackListCheck; } - public void setCheck(boolean check) { - this.check = check; + public void setBlackListCheck(boolean blackListCheck) { + this.blackListCheck = blackListCheck; } } diff --git a/src/main/java/com/actiontech/dble/manager/ManagerPrivileges.java b/src/main/java/com/actiontech/dble/manager/ManagerPrivileges.java index ba1ca63eb4..d4d2ae766a 100644 --- a/src/main/java/com/actiontech/dble/manager/ManagerPrivileges.java +++ b/src/main/java/com/actiontech/dble/manager/ManagerPrivileges.java @@ -5,10 +5,7 @@ */ package com.actiontech.dble.manager; -import com.actiontech.dble.DbleServer; -import com.actiontech.dble.config.ServerConfig; import com.actiontech.dble.config.ServerPrivileges; -import com.actiontech.dble.config.model.UserConfig; /** * @author mycat @@ -25,9 +22,7 @@ private ManagerPrivileges() { } protected boolean checkManagerPrivilege(String user) { - ServerConfig config = DbleServer.getInstance().getConfig(); - UserConfig rUser = config.getUsers().get(user); // Manager privilege must be assign explicitly - return rUser != null && rUser.isManager(); + return isManagerUser(user); } } diff --git a/src/main/java/com/actiontech/dble/net/handler/FrontendPrivileges.java b/src/main/java/com/actiontech/dble/net/handler/FrontendPrivileges.java index 8fd6186b2d..45177bf03f 100644 --- a/src/main/java/com/actiontech/dble/net/handler/FrontendPrivileges.java +++ b/src/main/java/com/actiontech/dble/net/handler/FrontendPrivileges.java @@ -62,5 +62,4 @@ public interface FrontendPrivileges { * @return */ boolean checkFirewallSQLPolicy(String user, String sql); - }