用JAAS实现inStrutsWebApp(二)
5. 实现XMLPolicyFile类。
public class XMLPolicyFile extends Policy implements JAASConstants {
private Document doc = null;
//private CodeSource noCertCodeSource=null;
/*
* constructor
* refresh()
*/
public XMLPolicyFile(){
refresh();
}
public PermissionCollection getPermissions(CodeSource arg0) {
// TODO Auto-generated method stub
return null;
}
/*
* Creates a DOM tree document from the default XML file or
* from the file specified by the system property,
* <codecom.ibm.resource.security.auth.policy</code. This
* DOM tree document is then used by the
* <codegetPermissions()</code in searching for permissions.
*
* @see javax.security.auth.Policy#refresh()
*/
public void refresh() {
FileInputStream fis = null;
try {
// Set up a DOM tree to query
fis = new FileInputStream(AUTH_SECURITY_POLICYXMLFILE);
InputSource in = new InputSource(fis);
DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
dfactory.setNamespaceAware(true);
doc = dfactory.newDocumentBuilder().parse(in);
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException(e.getMessage());
} finally {
if(fis != null) {
try { fis.close(); } catch (IOException e) {}
}
}
}
public PermissionCollection getPermissions(Subject subject,CodeSource codeSource) {
ResourcePermissionCollection collection = new ResourcePermissionCollection();
try {
// Iterate through all of the subjects principals
Iterator principalIterator = subject.getPrincipals().iterator();
while(principalIterator.hasNext()){
Principal principal = (Principal)principalIterator.next();
// Set up the xpath string to retrieve all the relevant permissions
// Sample xpath string:
"/policy/grant[@codebase=\"sample_actions.jar\"]/principal[@classname=\"com.fonseca.security.SamplePrincipal\"][@name=\"testUser\"]/permission"
StringBuffer xpath = new StringBuffer();
xpath.append("/policy/grant/principal[@classname=\"");
xpath.append(principal.getClass().getName());
xpath.append("\"][@name=\"");
xpath.append(principal.getName());
xpath.append("\"]/permission");
//System.out.println(xpath.toString());
NodeIterator nodeIter = XPathAPI.selectNodeIterator(doc, xpath.toString());
Node node = null;
while( (node = nodeIter.nextNode()) != null ) {
//here
CodeSource codebase=getCodebase(node.getParentNode().getParentNode());
if (codebase!=null || codebase.implies(codeSource)){
Permission permission = getPermission(node);
collection.add(permission);
}
}
}
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException(e.getMessage());
}
if(collection != null)
return collection;
else {
// If the permission is not found here then delegate it
// to the standard java Policy class instance.
Policy policy = Policy.getPolicy();
return policy.getPermissions(codeSource);
}
}
/**
* Returns a Permission instance defined by the provided
* permission Node attributes.
*/
private Permission getPermission(Node node) throws Exception {
NamedNodeMap map = node.getAttributes();
Attr attrClassname = (Attr) map.getNamedItem("classname");
Attr attrName = (Attr) map.getNamedItem("name");
Attr attrActions = (Attr) map.getNamedItem("actions");
Attr attrRelationship = (Attr) map.getNamedItem("relationship");
if(attrClassname == null)
throw new RuntimeException();
Class[] types = null;
Object[] args = null;
// Check if the name is specified
// if no name is specified then because
// the types and the args variables above
// are null the default constructor is used.
if(attrName != null) {
String name = attrName.getValue();
// Check if actions are specified
// then setup the array sizes accordingly
if(attrActions != null) {
String actions = attrActions.getValue();
// Check if a relationship is specified
// then setup the array sizes accordingly
if(attrRelationship == null) {
types = new Class[2];
args = new Object[2];
} else {
types = new Class[3];
args = new Object[3];
String relationship = attrRelationship.getValue();
types[2] = relationship.getClass();
args[2] = relationship;
}
types[1] = actions.getClass();
args[1] = actions;
} else {
types = new Class[1];
args = new Object[1];
}
types[0] = name.getClass();
args[0] = name;
}
String classname = attrClassname.getValue();
Class permissionClass = Class.forName(classname);
Constructor constructor = permissionClass.getConstructor(types);
return (Permission) constructor.newInstance(args);
}
/**
* Returns a CodeSource object defined by the provided
* grant Node attributes.
*/
private java.security.CodeSource getCodebase(Node node) throws Exception {
Certificate[] certs = null;
URL location;
if(node.getNodeName().equalsIgnoreCase("grant")) {
NamedNodeMap map = node.getAttributes();
Attr attrCodebase = (Attr) map.getNamedItem("codebase");
if(attrCodebase != null) {
String codebaseValue = attrCodebase.getValue();
location = new URL(codebaseValue);
return new CodeSource(location,certs);
}
}
return null;
}
}
6.继承Principal类PrincipalUser
public class PrincipalUser implements Principal {
private String name;
/**
*
* @param name the name for this principal.
*
* @exception InvalidParameterException if the <codename</code
* is <codenull</code.
*/
public PrincipalUser(String name) {
if (name == null)
throw new InvalidParameterException("name cannot be null");
//search role of this name.
this.name = name;
}
/**
* Returns the name for this <codePrincipalUser</code.
*
* @return the name for this <codePrincipalUser</code
*/
public String getName() {
return name;
}
/**
*
*/
public int hashCode() {
return name.hashCode();
}
}
7.继承Permission和PermissionCollection类
public class ResourcePermission extends Permission {
static final public String OWNER_RELATIONSHIP = "OWNER";
static private int READ
= 0x01;
static private int WRITE
= 0x02;
static private int EXECUTE = 0x04;
static private int CREATE
= 0x08;
static private int DELETE
= 0x10;
static private int DEPLOY
= 0x16;
static private int CONFIRM = 0x24;
static final public String READ_ACTION = "read";
static final public String WRITE_ACTION
= "write";
static final public String EXECUTE_ACTION = "execute";
static final public String CREATE_ACTION
= "create";
static final public String DELETE_ACTION
= "delete";
static final public String DEPLOY_ACTION
= "deploy";
static final public String CONFIRM_ACTION = "confirm";
protected int mask;
protected Resource resource;
protected Subject subject;
/**
* Constructor for ResourcePermission
*/
public ResourcePermission(String name, String actions, Resource resource, Subject subject) {
super(name);
this