>> The use case is beforeany file operations I need to check whether the
user in session is having permissions to carry on the operations,
This involves registering your own SftpFileSystemAccessor via:
SftpSubsystemFactory factory =
new SftpSubsystemFactory.Builder()
.withFileSystemAccessor(new MySftpFileSystemAccessor())
.with...
.with...
.build()
sshd.shd.setSubsystemFactories(Collections.singletonList(factory));
class MySftpFileSystemAccessor implements SftpFileSystemAccessor {
...override whatever methods you need and check access
permissions...
}
If instead you want to override the actual raw SFTP command then
you need to sub-class SftpSubsystem - which I cannot guarantee to
satisfy all your needs.
As far as SCP goes, you could register an ScpTransferEventListener and
examine each upload/download request and throw an exception if user does
not have the right permissions for the source/target.
If more fine-grained control is required, then I'm afraid you will have to
provide your own FileSystem implementation. If you do that you could use it
not only for SCP but also for SFTP (you can see
our RootedFileSystemProvider as an example)
>> along with that we have a logic to check whether the command is valid or
not
I don't understand what "valid command" means - if it is valid SCP/SFTP
command the server will execute it, otherwise it will reject it.
|