| |
5. 实现xmlpolicyfile类。
public class xmlpolicyfile extends policy implements jaasconstants {
private document doc = null;
//private codesource nocertcodesource=null;
/*
* constructor
* refresh()
*/ public xmlpolicyfile(){
refresh();
} public permissioncollection getpermissions(codesource arg0) {
// todo auto-generated method stub
return null;
}
/*
* creates a dom tree document from the default xml file or
* from the file specified by the system property,
* <code>com.ibm.resource.security.auth.policy</code>. this
* dom tree document is then used by the
* <code>getpermissions()</code> in searching for permissions.
*
* @see javax.security.auth.policy#refresh()
*/ public void refresh() {
fileinputstream fis = null;
try {
// set up a dom tree to query
fis = new fileinputstream(auth_security_policyxmlfile);
inputsource in = new inputsource(fis);
documentbuilderfactory dfactory = documentbuilderfactory.newinstance();
dfactory.setnamespaceaware(true);
doc = dfactory.newdocumentbuilder().parse(in);
} catch (exception e) {
e.printstacktrace();
throw new runtimeexception(e.getmessage());
} finally {
if(fis != null) {
try { fis.close(); } catch (ioexception e) {}
}
}
} public permissioncollection getpermissions(subject subject,codesource codesource) {
resourcepermissioncollection collection = new resourcepermissioncollection();
try {
// iterate through all of the subjects principals
iterator principaliterator = subject.getprincipals().iterator();
while(principaliterator.hasnext()){
principal principal = (principal)principaliterator.next();
// set up the xpath string to retrieve all the relevant permissions
// sample xpath string: "/policy/grant[@codebase=/"sample_actions.jar/"]/principal[@classname=/"com.fonseca.security.sampleprincipal/"][@name=/"testuser/"]/permission"
stringbuffer xpath = new stringbuffer();
xpath.append("/policy/grant/principal[@classname=/"");
xpath.append(principal.getclass().getname());
xpath.append("/"][@name=/"");
xpath.append(principal.getname());
xpath.append("/"]/permission");
//system.out.println(xpath.tostring());
nodeiterator nodeiter = xpathapi.selectnodeiterator(doc, xpath.tostring());
node node = null;
while( (node = nodeiter.nextnode()) != null ) {
//here
codesource codebase=getcodebase(node.getparentnode().getparentnode());
if (codebase!=null || codebase.implies(codesource)){
permission permission = getpermission(node);
collection.add(permission);
}
}
}
} catch (exception e) {
e.printstacktrace();
throw new runtimeexception(e.getmessage());
}
if(collection != null)
return collection;
else {
// if the permission is not found here then delegate it
// to the standard java policy class instance.
policy policy = policy.getpolicy();
return policy.getpermissions(codesource);
}
}
/**
* returns a permission instance defined by the provided
* permission node attributes.
*/
private permission getpermission(node node) throws exception {
namednodemap map = node.getattributes();
attr attrclassname = (attr) map.getnameditem("classname");
attr attrname = (attr) map.getnameditem("name");
attr attractions = (attr) map.getnameditem("actions");
attr attrrelationship = (attr) map.getnameditem("relationship");
if(attrclassname == null)
throw new runtimeexception();
class[] types = null;
object[] args = null;
// check if the name is specified
// if no name is specified then because
// the types and the args variables above
// are null the default constructor is used.
if(attrname != null) {
string name = attrname.getvalue();
// check if actions are specified
// then setup the array sizes accordingly
if(attractions != null) {
string actions = attractions.getvalue();
// check if a relationship is specified
// then setup the array sizes accordingly
if(attrrelationship == null) {
types = new class[2];
args = new object[2];
} else {
types = new class[3];
args = new object[3];
string relationship = attrrelationship.getvalue();
types[2] = relationship.getclass();
args[2] = relationship;
}
types[1] = actions.getclass();
args[1] = actions;
} else {
types = new class[1];
args = new object[1];
}
types[0] = name.getclass();
args[0] = name;
} string classname = attrclassname.getvalue();
class permissionclass = class.forname(classname);
constructor constructor = permissionclass.getconstructor(types);
return (permission) constructor.newinstance(args);
}
/**
* returns a codesource object defined by the provided
* grant node attributes.
*/
private java.security.codesource getcodebase(node node) throws exception {
certificate[] certs = null;
url location;
if(node.getnodename().equalsignorecase("grant")) {
namednodemap map = node.getattributes();
attr attrcodebase = (attr) map.getnameditem("codebase");
if(attrcodebase != null) {
string codebasevalue = attrcodebase.getvalue();
location = new url(codebasevalue);
return new codesource(location,certs);
}
}
return null;
}
}
6.继承principal类principaluser
public class principaluser implements principal {
private string name;
/**
*
* @param name the name for this principal.
*
* @exception invalidparameterexception if the <code>name</code>
* is <code>null</code>.
*/ public principaluser(string name) {
if (name == null)
throw new invalidparameterexception("name cannot be null");
//search role of this name.
this.name = name;
}
/**
* returns the name for this <code>principaluser</code>.
*
* @return the name for this <code>principaluser</code>
*/
public string getname() {
return name;
}
/**
*
*/ public int hashcode() {
return name.hashcode();
}
}
7.继承permission和permissioncollection类
public class resourcepermission extends permission {
static final public string owner_relationship = "owner";
static private int read = 0x01;
static private int write = 0x02;
static private int execute = 0x04;
static private int create = 0x08;
static private int delete = 0x10;
static private int deploy = 0x16;
static private int confirm = 0x24;
static final public string read_action = "read";
static final public string write_action = "write";
static final public string execute_action = "execute";
static final public string create_action = "create";
static final public string delete_action = "delete";
static final public string deploy_action = "deploy";
static final public string confirm_action = "confirm";
protected int mask; protected resource resource;
protected subject subject;
/**
* constructor for resourcepermission
*/
public resourcepermission(string name, string actions, resource resource, subject subject) {
super(name);
this
|
|
