5. 实现xmlpolicyfile类。
　　
　　public class xmlpolicyfile extends policy implements jaasconstants {
　　private document doc = null;
　　//private codesource nocertcodesource=null;
　　/*
　　* constructor
　　* refresh()
　　*/　 public xmlpolicyfile(){
　　refresh();
　　}　 public permissioncollection getpermissions(codesource arg0) {
　　// todo auto-generated method stub
　　return null;
　　}
　　/*
　　* creates a dom tree document from the default xml file or
　　* from the file specified by the system property,
　　* <code>com.ibm.resource.security.auth.policy</code>. this
　　* dom tree document is then used by the
　　* <code>getpermissions()</code> in searching for permissions.
　　*
　　* @see javax.security.auth.policy#refresh()
　　*/　 public void refresh() {
　　fileinputstream fis = null;
　　try {
　　// set up a dom tree to query
　　fis = new fileinputstream(auth_security_policyxmlfile);
　　inputsource in = new inputsource(fis);
　　documentbuilderfactory dfactory = documentbuilderfactory.newinstance();
　　dfactory.setnamespaceaware(true);
　　doc = dfactory.newdocumentbuilder().parse(in);
　　} catch (exception e) {
　　e.printstacktrace();
　　throw new runtimeexception(e.getmessage());
　　} finally {
　　if(fis != null) {
　　try { fis.close(); } catch (ioexception e) {}
　　
　　}
　　}
　　}　 public permissioncollection getpermissions(subject subject,codesource codesource) {
　　resourcepermissioncollection collection = new resourcepermissioncollection();
　　try {
　　// iterate through all of the subjects principals
　　iterator principaliterator = subject.getprincipals().iterator();
　　while(principaliterator.hasnext()){
　　principal principal = (principal)principaliterator.next();
　　// set up the xpath string to retrieve all the relevant permissions
　　// sample xpath string:　"/policy/grant[@codebase=/"sample_actions.jar/"]/principal[@classname=/"com.fonseca.security.sampleprincipal/"][@name=/"testuser/"]/permission"
　　stringbuffer xpath = new stringbuffer();
　　xpath.append("/policy/grant/principal[@classname=/"");
　　xpath.append(principal.getclass().getname());
　　xpath.append("/"][@name=/"");
　　xpath.append(principal.getname());
　　xpath.append("/"]/permission");
　　//system.out.println(xpath.tostring());
　　nodeiterator nodeiter = xpathapi.selectnodeiterator(doc, xpath.tostring());
　　node node = null;
　　while( (node = nodeiter.nextnode()) != null ) {
　　//here
　　codesource codebase=getcodebase(node.getparentnode().getparentnode());
　　if (codebase!=null || codebase.implies(codesource)){
　　permission permission = getpermission(node);
　　collection.add(permission);
　　}
　　}
　　}
　　} catch (exception e) {
　　e.printstacktrace();
　　throw new runtimeexception(e.getmessage());
　　}
　　if(collection != null)
　　return collection;
　　else {
　　// if the permission is not found here then delegate it
　　// to the standard java policy class instance.
　　policy policy = policy.getpolicy();
　　return policy.getpermissions(codesource);
　　}
　　}
　　/**
　　* returns a permission instance defined by the provided
　　* permission node attributes.
　　*/
　　private permission getpermission(node node) throws exception {
　　namednodemap map = node.getattributes();
　　attr attrclassname = (attr) map.getnameditem("classname");
　　attr attrname = (attr) map.getnameditem("name");
　　attr attractions = (attr) map.getnameditem("actions");
　　attr attrrelationship = (attr) map.getnameditem("relationship");
　　if(attrclassname == null)
　　throw new runtimeexception();
　　class[] types = null;
　　object[] args = null;
　　// check if the name is specified
　　// if no name is specified then because
　　// the types and the args variables above
　　// are null the default constructor is used.
　　if(attrname != null) {
　　string name = attrname.getvalue();
　　// check if actions are specified
　　// then setup the array sizes accordingly
　　if(attractions != null) {
　　string actions = attractions.getvalue();
　　// check if a relationship is specified
　　// then setup the array sizes accordingly
　　if(attrrelationship == null) {
　　types = new class[2];
　　args = new object[2];
　　} else {
　　types = new class[3];
　　args = new object[3];
　　string relationship = attrrelationship.getvalue();
　　types[2] = relationship.getclass();
　　args[2] = relationship;
　　}
　　types[1] = actions.getclass();
　　args[1] = actions;
　　} else {
　　
　　types = new class[1];
　　args = new object[1];
　　
　　}
　　types[0] = name.getclass();
　　args[0] = name;
　　}　　　string classname = attrclassname.getvalue();
　　class permissionclass = class.forname(classname);
　　constructor constructor = permissionclass.getconstructor(types);
　　return (permission) constructor.newinstance(args);
　　}
　　/**
　　* returns a codesource object defined by the provided
　　* grant node attributes.
　　*/
　　private java.security.codesource getcodebase(node node) throws exception {
　　certificate[] certs = null;
　　url location;
　　if(node.getnodename().equalsignorecase("grant")) {
　　namednodemap map = node.getattributes();
　　attr attrcodebase = (attr) map.getnameditem("codebase");
　　if(attrcodebase != null) {
　　string codebasevalue = attrcodebase.getvalue();
　　location = new url(codebasevalue);
　　return new codesource(location,certs);
　　}
　　}
　　return null;
　　}
　　}
　　
　　6.继承principal类principaluser
　　public class principaluser implements principal {
　　private string name;
　　/**
　　*
　　* @param name the name for this principal.
　　*
　　* @exception invalidparameterexception if the <code>name</code>
　　* is <code>null</code>.
　　*/　　public principaluser(string name) {
　　if (name == null)
　　throw new invalidparameterexception("name cannot be null");
　　//search role of this name.
　　this.name = name;
　　}
　　/**
　　* returns the name for this <code>principaluser</code>.
　　*
　　* @return the name for this <code>principaluser</code>
　　*/
　　public string getname() {
　　return name;
　　}
　　/**
　　*
　　*/　　public int hashcode() {
　　return name.hashcode();
　　}
　　}
　　
　　7．继承permission和permissioncollection类
　　public class resourcepermission extends permission {
　　static final public string owner_relationship = "owner";
　　static private int read　　= 0x01;
　　static private int write　 = 0x02;
　　static private int execute = 0x04;
　　static private int create　= 0x08;
　　static private int delete　= 0x10;
　　static private int deploy　= 0x16;
　　static private int confirm = 0x24;
　　static final public string read_action = "read";
　　static final public string write_action　 = "write";
　　static final public string execute_action = "execute";
　　static final public string create_action　= "create";
　　static final public string delete_action　= "delete";
　　static final public string deploy_action　= "deploy";
　　static final public string confirm_action = "confirm";
　　protected int mask;　 protected resource resource;
　　protected subject subject;
　　/**
　　* constructor for resourcepermission
　　*/
　　public resourcepermission(string name, string actions, resource resource, subject subject) {
　　super(name);
　　this