public class XMLPolicyFile extends Policy implements JAASConstants { PRivate Document doc = null; //private CodeSource noCertCodeSource=null; /* * constrUCtor * refresh() */ public XMLPolicyFile(){ refresh(); } public PermissionCollection getPermissions(CodeSource arg0) { // TODO Auto-generated method stub return null; } /* * Creates a DOM tree document from the default XML file or * from the file specified by the system property, * <code>com.ibm.resource.security.auth.policy</code>. This * DOM tree document is then used by the * <code>getPermissions()</code> in searching for permissions. * * @see javax.security.auth.Policy#refresh() */ public void refresh() { FileInputStream fis = null; try { // Set up a DOM tree to query fis = new FileInputStream(AUTH_SECURITY_POLICYXMLFILE); InputSource in = new InputSource(fis); DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance(); dfactory.setNamespaceAware(true); doc = dfactory.newDocumentBuilder().parse(in); } catch (Exception e) { e.printStackTrace(); throw new RuntimeException(e.getMessage()); } finally { if(fis != null) { try { fis.close(); } catch (IOException e) {}
} } } public PermissionCollection getPermissions(Subject subject,CodeSource codeSource) { ResourcePermissionCollection collection = new ResourcePermissionCollection(); try { // Iterate through all of the subjects principals Iterator principalIterator = subject.getPrincipals().iterator(); while(principalIterator.hasNext()){ Principal principal = (Principal)principalIterator.next(); // Set up the XPath string to retrieve all the relevant permissions // Sample xpath string: "/policy/grant[@codebase=/"sample_actions.jar/"]/principal[@classname=/"com.fonseca.security.SamplePrincipal/"][@name=/"testUser/"]/permission" StringBuffer xpath = new StringBuffer(); xpath.append("/policy/grant/principal[@classname=/""); xpath.append(principal.getClass().getName()); xpath.append("/"][@name=/""); xpath.append(principal.getName()); xpath.append("/"]/permission"); //System.out.println(xpath.toString()); NodeIterator nodeIter = XPathAPI.selectNodeIterator(doc, xpath.toString()); Node node = null; while( (node = nodeIter.nextNode()) != null ) { //here CodeSource codebase=getCodebase(node.getParentNode().getParentNode()); if (codebase!=null codebase.implies(codeSource)){ Permission permission = getPermission(node); collection.add(permission); } } } } catch (Exception e) { e.printStackTrace(); throw new RuntimeException(e.getMessage()); } if(collection != null) return collection; else { // If the permission is not found here then delegate it // to the standard java Policy class instance. Policy policy = Policy.getPolicy(); return policy.getPermissions(codeSource); } } /** * Returns a Permission instance defined by the provided * permission Node attributes. */ private Permission getPermission(Node node) throws Exception { NamedNodeMap map = node.getAttributes(); Attr attrClassname = (Attr) map.getNamedItem("classname"); Attr attrName = (Attr) map.getNamedItem("name"); Attr attrActions = (Attr) map.getNamedItem("actions"); Attr attrRelationship = (Attr) map.getNamedItem("relationship"); if(attrClassname == null) throw new RuntimeException(); Class[] types = null; Object[] args = null; // Check if the name is specified // if no name is specified then because // the types and the args variables above // are null the default constructor is used. if(attrName != null) { String name = attrName.getValue(); // Check if actions are specified // then setup the array sizes accordingly if(attrActions != null) { String actions = attrActions.getValue(); // Check if a relationship is specified // then setup the array sizes accordingly if(attrRelationship == null) { types = new Class[2]; args = new Object[2]; } else { types = new Class[3]; args = new Object[3]; String relationship = attrRelationship.getValue(); types[2] = relationship.getClass(); args[2] = relationship; } types[1] = actions.getClass(); args[1] = actions; } else {
6.继续Principal类PrincipalUser public class PrincipalUser implements Principal { private String name; /** * * @param name the name for this principal. * * @exception InvalidParameterException if the <code>name</code> * is <code>null</code>. */ public PrincipalUser(String name) { if (name == null) throw new InvalidParameterException("name cannot be null"); //search role of this name. this.name = name; } /** * Returns the name for this <code>PrincipalUser</code>. * * @return the name for this <code>PrincipalUser</code> */ public String getName() { return name; } /** * */ public int hashCode() { return name.hashCode(); } }
7.继续Permission和PermissionCollection类 public class ResourcePermission extends Permission { static final public String OWNER_RELATIONSHIP = "OWNER"; static private int READ = 0x01; static private int WRITE = 0x02; static private int EXECUTE = 0x04; static private int CREATE = 0x08; static private int DELETE = 0x10; static private int DEPLOY = 0x16; static private int CONFIRM = 0x24; static final public String READ_ACTION = "read"; static final public String WRITE_ACTION = "write"; static final public String EXECUTE_ACTION = "execute"; static final public String CREATE_ACTION = "create"; static final public String DELETE_ACTION = "delete"; static final public String DEPLOY_ACTION = "deploy"; static final public String CONFIRM_ACTION = "confirm"; protected int mask; protected Resource resource; protected Subject subject; /** * Constructor for ResourcePermission */ public ResourcePermission(String name, String actions, Resource resource, Subject subject) { super(name); this
