Chinaunix首页 | 论坛 | 博客
  • 博客访问: 456607
  • 博文数量: 750
  • 博客积分: 40000
  • 博客等级: 大将
  • 技术积分: 4970
  • 用 户 组: 普通用户
  • 注册时间: 2008-09-09 12:36
文章分类

全部博文(750)

文章存档

2011年(1)

2008年(749)

我的朋友
最近访客

分类:

2008-09-09 15:24:38


  5. 实现XMLPolicyFile类。
  
  public class XMLPolicyFile extends Policy implements JAASConstants {
  private Document doc = null;
  //private CodeSource noCertCodeSource=null;
  /*
  * constructor
  * refresh()
  */  public XMLPolicyFile(){
  refresh();
  }  public PermissionCollection getPermissions(CodeSource arg0) {
  // TODO Auto-generated method stub
  return null;
  }
  /*
  * Creates a DOM tree document from the default XML file or
  * from the file specified by the system property,
  * com.ibm.resource.security.auth.policy. This
  * DOM tree document is then used by the
  * getPermissions() in searching for permissions.
  *
  * @see javax.security.auth.Policy#refresh()
  */  public void refresh() {
  FileInputStream fis = null;
  try {
  // Set up a DOM tree to query
  fis = new FileInputStream(AUTH_SECURITY_POLICYXMLFILE);
  InputSource in = new InputSource(fis);
  DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
  dfactory.setNamespaceAware(true);
  doc = dfactory.newDocumentBuilder().parse(in);
  } catch (Exception e) {
  e.printStackTrace();
  throw new RuntimeException(e.getMessage());
  } finally {
  if(fis != null) {
  try { fis.close(); } catch (IOException e) {}
  
  }
  }
  }  public PermissionCollection getPermissions(Subject subject,CodeSource codeSource) {
  ResourcePermissionCollection collection = new ResourcePermissionCollection();
  try {
  // Iterate through all of the subjects principals
  Iterator principalIterator = subject.getPrincipals().iterator();
  while(principalIterator.hasNext()){
  Principal principal = (Principal)principalIterator.next();
  // Set up the xpath string to retrieve all the relevant permissions
  // Sample xpath string: "/policy/grant[@codebase=\"sample_actions.jar\"]/principal[@classname=\"com.fonseca.security.SamplePrincipal\"][@name=\"testUser\"]/permission"
  StringBuffer xpath = new StringBuffer();
  xpath.append("/policy/grant/principal[@classname=\"");
  xpath.append(principal.getClass().getName());
  xpath.append("\"][@name=\"");
  xpath.append(principal.getName());
  xpath.append("\"]/permission");
  //System.out.println(xpath.toString());
  NodeIterator nodeIter = XPathAPI.selectNodeIterator(doc, xpath.toString());
  Node node = null;
  while( (node = nodeIter.nextNode()) != null ) {
  //here
  CodeSource codebase=getCodebase(node.getParentNode().getParentNode());
  if (codebase!=null || codebase.implies(codeSource)){
  Permission permission = getPermission(node);
  collection.add(permission);
  }
  }
  }
  } catch (Exception e) {
  e.printStackTrace();
  throw new RuntimeException(e.getMessage());
  }
  if(collection != null)
  return collection;
  else {
  // If the permission is not found here then delegate it
  // to the standard java Policy class instance.
  Policy policy = Policy.getPolicy();
  return policy.getPermissions(codeSource);
  }
  }
  /**
  * Returns a Permission instance defined by the provided
  * permission Node attributes.
  */
  private Permission getPermission(Node node) throws Exception {
  NamedNodeMap map = node.getAttributes();
  Attr attrClassname = (Attr) map.getNamedItem("classname");
  Attr attrName = (Attr) map.getNamedItem("name");
  Attr attrActions = (Attr) map.getNamedItem("actions");
  Attr attrRelationship = (Attr) map.getNamedItem("relationship");
  if(attrClassname == null)
  throw new RuntimeException();
  Class[] types = null;
  Object[] args = null;
  // Check if the name is specified
  // if no name is specified then because
  // the types and the args variables above
  // are null the default constructor is used.
  if(attrName != null) {
  String name = attrName.getValue();
  // Check if actions are specified
  // then setup the array sizes accordingly
  if(attrActions != null) {
  String actions = attrActions.getValue();
  // Check if a relationship is specified
  // then setup the array sizes accordingly
  if(attrRelationship == null) {
  types = new Class[2];
  args = new Object[2];
  } else {
  types = new Class[3];
  args = new Object[3];
  String relationship = attrRelationship.getValue();
  types[2] = relationship.getClass();
  args[2] = relationship;
  }
  types[1] = actions.getClass();
  args[1] = actions;
  } else {
  
  types = new Class[1];
  args = new Object[1];
  
  }
  types[0] = name.getClass();
  args[0] = name;
  }   String classname = attrClassname.getValue();
  Class permissionClass = Class.forName(classname);
  Constructor constructor = permissionClass.getConstructor(types);
  return (Permission) constructor.newInstance(args);
  }
  /**
  * Returns a CodeSource object defined by the provided
  * grant Node attributes.
  */
  private java.security.CodeSource getCodebase(Node node) throws Exception {
  Certificate[] certs = null;
  URL location;
  if(node.getNodeName().equalsIgnoreCase("grant")) {
  NamedNodeMap map = node.getAttributes();
  Attr attrCodebase = (Attr) map.getNamedItem("codebase");
  if(attrCodebase != null) {
  String codebaseValue = attrCodebase.getValue();
  location = new URL(codebaseValue);
  return new CodeSource(location,certs);
  }
  }
  return null;
  }
  }
  
  6.继承Principal类PrincipalUser
  public class PrincipalUser implements Principal {
  private String name;
  /**
  *
  * @param name the name for this principal.
  *
  * @exception InvalidParameterException if the name
  * is null.
  */  public PrincipalUser(String name) {
  if (name == null)
  throw new InvalidParameterException("name cannot be null");
  //search role of this name.
  this.name = name;
  }
  /**
  * Returns the name for this PrincipalUser.
  *
  * @return the name for this PrincipalUser
  */
  public String getName() {
  return name;
  }
  /**
  *
  */  public int hashCode() {
  return name.hashCode();
  }
  }
  
  7.继承Permission和PermissionCollection类
  public class ResourcePermission extends Permission {
  static final public String OWNER_RELATIONSHIP = "OWNER";
  static private int READ  = 0x01;
  static private int WRITE  = 0x02;
  static private int EXECUTE = 0x04;
  static private int CREATE = 0x08;
  static private int DELETE = 0x10;
  static private int DEPLOY = 0x16;
  static private int CONFIRM = 0x24;
  static final public String READ_ACTION = "read";
  static final public String WRITE_ACTION  = "write";
  static final public String EXECUTE_ACTION = "execute";
  static final public String CREATE_ACTION = "create";
  static final public String DELETE_ACTION = "delete";
  static final public String DEPLOY_ACTION = "deploy";
  static final public String CONFIRM_ACTION = "confirm";
  protected int mask;  protected Resource resource;
  protected Subject subject;
  /**
  * Constructor for ResourcePermission
  */
  public ResourcePermission(String name, String actions, Resource resource, Subject subject) {
  super(name);
  this
【责编:admin】

--------------------next---------------------

阅读(273) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~