实现XMLPolicyFile类
public class XMLPolicyFile extends Policy implements JAASConstants {
private Document doc = null;
//private CodeSource noCertCodeSource=null;
/*
* constructor
* refresh()
*/ public XMLPolicyFile(){
refresh();
} public PermissionCollection getPermissions(CodeSource arg) {
// TODO Autogenerated method stub
return null;
}
/*
* Creates a DOM tree document from the default XML file or
* from the file specified by the system property
* <code>comibmresourcesecurityauthpolicy</code> This
* DOM tree document is then used by the
* <code>getPermissions()</code> in searching for permissions
*
* @see javaxsecurityauthPolicy#refresh()
*/ public void refresh() {
FileInputStream fis = null;
try {
// Set up a DOM tree to query
fis = new FileInputStream(AUTH_SECURITY_POLICYXMLFILE);
InputSource in = new InputSource(fis);
DocumentBuilderFactory dfactory = DocumentBuilderFactorynewInstance();
dfactorysetNamespaceAware(true);
doc = dfactorynewDocumentBuilder()parse(in);
} catch (Exception e) {
eprintStackTrace();
throw new RuntimeException(egetMessage());
} finally {
if(fis != null) {
try { fisclose(); } catch (IOException e) {}
}
}
} public PermissionCollection getPermissions(Subject subjectCodeSource codeSource) {
ResourcePermissionCollection collection = new ResourcePermissionCollection();
try {
// Iterate through all of the subjects principals
Iterator principalIterator = subjectgetPrincipals(erator();
while(principalIteratorhasNext()){
Principal principal = (Principal)principalIteratornext();
// Set up the xpath string to retrieve all the relevant permissions
// Sample xpath string:/policy/grant[@codebase=\sample_actionsjar\]/principal[@classname=\comfonsecasecuritySamplePrincipal\][@name=\testUser\]/permission
StringBuffer xpath = new StringBuffer();
xpathappend(/policy/grant/principal[@classname=\);
xpathappend(principalgetClass()getName());
xpathappend(\][@name=\);
xpathappend(principalgetName());
xpathappend(\]/permission);
//Systemoutprintln(xpathtoString());
NodeIterator nodeIter = XPathAPIselectNodeIterator(doc xpathtoString());
Node node = null;
while( (node = nodeIternextNode()) != null ) {
//here
CodeSource codebase=getCodebase(nodegetParentNode()getParentNode());
if (codebase!=null || codebaseimplies(codeSource)){
Permission permission = getPermission(node);
collectionadd(permission);
}
}
}
} catch (Exception e) {
eprintStackTrace();
throw new RuntimeException(egetMessage());
}
if(collection != null)
return collection;
else {
// If the permission is not found here then delegate it
// to the standard java Policy class instance
Policy policy = PolicygetPolicy();
return policygetPermissions(codeSource);
}
}
/**
* Returns a Permission instance defined by the provided
* permission Node attributes
*/
private Permission getPermission(Node node) throws Exception {
NamedNodeMap map = nodegetAttributes();
Attr attrClassname = (Attr) mapgetNamedItem(classname);
Attr attrName = (Attr) mapgetNamedItem(name);
Attr attrActions = (Attr) mapgetNamedItem(actions);
Attr attrRelationship = (Attr) mapgetNamedItem(relationship);
if(attrClassname == null)
throw new RuntimeException();
Class[] types = null;
Object[] args = null;
// Check if the name is specified
// if no name is specified then because
// the types and the args variables above
// are null the default constructor is used
if(attrName != null) {
String name = attrNamegetValue();
// Check if actions are specified
// then setup the array sizes accordingly
if(attrActions != null) {
String actions = attrActionsgetValue();
// Check if a relationship is specified
// then setup the array sizes accordingly
if(attrRelationship == null) {
types = new Class[];
args = new Object[];
} else {
types = new Class[];
args = new Object[];
String relationship = attrRelationshipgetValue();
types[] = relationshipgetClass();
args[] = relationship;
}
types[] = actionsgetClass();
args[] = actions;
} else {
types = new Class[];
args = new Object[];
}
types[] = namegetClass();
args[] = name;
}String classname = attrClassnamegetValue();
Class permissionClass = ClassforName(classname);
Constructor constructor = permissionClassgetConstructor(types);
return (Permission) constructornewInstance(args);
}
/**
* Returns a CodeSource object defined by the provided
* grant Node attributes
*/
private javasecurityCodeSource getCodebase(Node node) throws Exception {
Certificate[] certs = null;
URL location;
if(nodegetNodeName()equalsIgnoreCase(grant)) {
NamedNodeMap map = nodegetAttributes();
Attr attrCodebase = (Attr) mapgetNamedItem(codebase);
if(attrCodebase != null) {
String codebaseValue = attrCodebasegetValue();
location = new URL(codebaseValue);
return new CodeSource(locationcerts);
}
}
return null;
}
}
继承Principal类PrincipalUser
public class PrincipalUser implements Principal {
private String name;
/**
*
* @param name the name for this principal
*
* @exception InvalidParameterException if the <code>name</code>
* is <code>null</code>
*/public PrincipalUser(String name) {
if (name == null)
throw new InvalidParameterException(name cannot be null);
//search role of this name
thisname = name;
}
/**
* Returns the name for this <code>PrincipalUser</code>
*
* @return the name for this <code>PrincipalUser</code>
*/
public String getName() {
return name;
}
/**
*
*/public int hashCode() {
return namehashCode();
}
}
.继承Permission和PermissionCollection类
public class ResourcePermission extends Permission {
static final public String OWNER_RELATIONSHIP = OWNER;
static private int READ= x;
static private int WRITE = x;
static private int EXECUTE = x;
static private int CREATE= x;
static private int DELETE= x;
static private int DEPLOY= x;
static private int CONFIRM = x;
static final public String READ_ACTION = read;
static final public String WRITE_ACTION = write;
static final public String EXECUTE_ACTION = execute;
static final public String CREATE_ACTION= create;
static final public String DELETE_ACTION= delete;
static final public String DEPLOY_ACTION= deploy;
static final public String CONFIRM_ACTION = confirm;
protected int mask; protected Resource resource;
protected Subject subject;
/**
* Constructor for ResourcePermission
*/
public ResourcePermission(String name String actions Resource resource Subject subject) {
super(name);
this
