服务热线:13616026886

技术文档 欢迎使用技术文档,我们为你提供从新手到专业开发者的所有资源,你也可以通过它日益精进

位置:首页 > 技术文档 > JAVA > 新手入门 > 基础入门 > 查看文档

用jaas 实现in struts web app(二)


  5. 实现xmlpolicyfile类。
  
  public class xmlpolicyfile extends policy implements jaasconstants {
  private document doc = null;
  //private codesource nocertcodesource=null;
  /*
  * constructor
  * refresh()
  */  public xmlpolicyfile(){
  refresh();
  }  public permissioncollection getpermissions(codesource arg0) {
  // todo auto-generated method stub
  return null;
  }
  /*
  * creates a dom tree document from the default xml file or
  * from the file specified by the system property,
  * <code>com.ibm.resource.security.auth.policy</code>. this
  * dom tree document is then used by the
  * <code>getpermissions()</code> in searching for permissions.
  *
  * @see javax.security.auth.policy#refresh()
  */  public void refresh() {
  fileinputstream fis = null;
  try {
  // set up a dom tree to query
  fis = new fileinputstream(auth_security_policyxmlfile);
  inputsource in = new inputsource(fis);
  documentbuilderfactory dfactory = documentbuilderfactory.newinstance();
  dfactory.setnamespaceaware(true);
  doc = dfactory.newdocumentbuilder().parse(in);
  } catch (exception e) {
  e.printstacktrace();
  throw new runtimeexception(e.getmessage());
  } finally {
  if(fis != null) {
  try { fis.close(); } catch (ioexception e) {}
  
  }
  }
  }  public permissioncollection getpermissions(subject subject,codesource codesource) {
  resourcepermissioncollection collection = new resourcepermissioncollection();
  try {
  // iterate through all of the subjects principals
  iterator principaliterator = subject.getprincipals().iterator();
  while(principaliterator.hasnext()){
  principal principal = (principal)principaliterator.next();
  // set up the xpath string to retrieve all the relevant permissions
  // sample xpath string: "/policy/grant[@codebase=/"sample_actions.jar/"]/principal[@classname=/"com.fonseca.security.sampleprincipal/"][@name=/"testuser/"]/permission"
  stringbuffer xpath = new stringbuffer();
  xpath.append("/policy/grant/principal[@classname=/"");
  xpath.append(principal.getclass().getname());
  xpath.append("/"][@name=/"");
  xpath.append(principal.getname());
  xpath.append("/"]/permission");
  //system.out.println(xpath.tostring());
  nodeiterator nodeiter = xpathapi.selectnodeiterator(doc, xpath.tostring());
  node node = null;
  while( (node = nodeiter.nextnode()) != null ) {
  //here
  codesource codebase=getcodebase(node.getparentnode().getparentnode());
  if (codebase!=null || codebase.implies(codesource)){
  permission permission = getpermission(node);
  collection.add(permission);
  }
  }
  }
  } catch (exception e) {
  e.printstacktrace();
  throw new runtimeexception(e.getmessage());
  }
  if(collection != null)
  return collection;
  else {
  // if the permission is not found here then delegate it
  // to the standard java policy class instance.
  policy policy = policy.getpolicy();
  return policy.getpermissions(codesource);
  }
  }
  /**
  * returns a permission instance defined by the provided
  * permission node attributes.
  */
  private permission getpermission(node node) throws exception {
  namednodemap map = node.getattributes();
  attr attrclassname = (attr) map.getnameditem("classname");
  attr attrname = (attr) map.getnameditem("name");
  attr attractions = (attr) map.getnameditem("actions");
  attr attrrelationship = (attr) map.getnameditem("relationship");
  if(attrclassname == null)
  throw new runtimeexception();
  class[] types = null;
  object[] args = null;
  // check if the name is specified
  // if no name is specified then because
  // the types and the args variables above
  // are null the default constructor is used.
  if(attrname != null) {
  string name = attrname.getvalue();
  // check if actions are specified
  // then setup the array sizes accordingly
  if(attractions != null) {
  string actions = attractions.getvalue();
  // check if a relationship is specified
  // then setup the array sizes accordingly
  if(attrrelationship == null) {
  types = new class[2];
  args = new object[2];
  } else {
  types = new class[3];
  args = new object[3];
  string relationship = attrrelationship.getvalue();
  types[2] = relationship.getclass();
  args[2] = relationship;
  }
  types[1] = actions.getclass();
  args[1] = actions;
  } else {
  
  types = new class[1];
  args = new object[1];
  
  }
  types[0] = name.getclass();
  args[0] = name;
  }   string classname = attrclassname.getvalue();
  class permissionclass = class.forname(classname);
  constructor constructor = permissionclass.getconstructor(types);
  return (permission) constructor.newinstance(args);
  }
  /**
  * returns a codesource object defined by the provided
  * grant node attributes.
  */
  private java.security.codesource getcodebase(node node) throws exception {
  certificate[] certs = null;
  url location;
  if(node.getnodename().equalsignorecase("grant")) {
  namednodemap map = node.getattributes();
  attr attrcodebase = (attr) map.getnameditem("codebase");
  if(attrcodebase != null) {
  string codebasevalue = attrcodebase.getvalue();
  location = new url(codebasevalue);
  return new codesource(location,certs);
  }
  }
  return null;
  }
  }
  
  6.继承principal类principaluser
  public class principaluser implements principal {
  private string name;
  /**
  *
  * @param name the name for this principal.
  *
  * @exception invalidparameterexception if the <code>name</code>
  * is <code>null</code>.
  */  public principaluser(string name) {
  if (name == null)
  throw new invalidparameterexception("name cannot be null");
  //search role of this name.
  this.name = name;
  }
  /**
  * returns the name for this <code>principaluser</code>.
  *
  * @return the name for this <code>principaluser</code>
  */
  public string getname() {
  return name;
  }
  /**
  *
  */  public int hashcode() {
  return name.hashcode();
  }
  }
  
  7.继承permission和permissioncollection类
  public class resourcepermission extends permission {
  static final public string owner_relationship = "owner";
  static private int read  = 0x01;
  static private int write  = 0x02;
  static private int execute = 0x04;
  static private int create = 0x08;
  static private int delete = 0x10;
  static private int deploy = 0x16;
  static private int confirm = 0x24;
  static final public string read_action = "read";
  static final public string write_action  = "write";
  static final public string execute_action = "execute";
  static final public string create_action = "create";
  static final public string delete_action = "delete";
  static final public string deploy_action = "deploy";
  static final public string confirm_action = "confirm";
  protected int mask;  protected resource resource;
  protected subject subject;
  /**
  * constructor for resourcepermission
  */
  public resourcepermission(string name, string actions, resource resource, subject subject) {
  super(name);
  this

扫描关注微信公众号