用JAAS 實現in Struts Web App(二)

　　 實現XMLPolicyFile類
　　
　　public class XMLPolicyFile extends Policy implements JAASConstants {
　　private Document doc = null;
　　//private CodeSource noCertCodeSource=null;
　　/*
　　* constructor
　　* refresh()
　　*/　 public XMLPolicyFile(){
　　refresh();
　　}　 public PermissionCollection getPermissions(CodeSource arg) {
　　// TODO Autogenerated method stub
　　return null;
　　}
　　/*
　　* Creates a DOM tree document from the default XML file or
　　* from the file specified by the system property
　　* <code>comibmresourcesecurityauthpolicy</code> This
　　* DOM tree document is then used by the
　　* <code>getPermissions()</code> in searching for permissions
　　*
　　* @see javaxsecurityauthPolicy#refresh()
　　*/　 public void refresh() {
　　FileInputStream fis = null;
　　try {
　　// Set up a DOM tree to query
　　fis = new FileInputStream(AUTH_SECURITY_POLICYXMLFILE);
　　InputSource in = new InputSource(fis);
　　DocumentBuilderFactory dfactory = DocumentBuilderFactorynewInstance();
　　dfactorysetNamespaceAware(true);
　　doc = dfactorynewDocumentBuilder()parse(in);
　　} catch (Exception e) {
　　eprintStackTrace();
　　throw new RuntimeException(egetMessage());
　　} finally {
　　if(fis != null) {
　　try { fisclose(); } catch (IOException e) {}
　　
　　}
　　}
　　}　 public PermissionCollection getPermissions(Subject subjectCodeSource codeSource) {
　　ResourcePermissionCollection collection = new ResourcePermissionCollection();
　　try {
　　// Iterate through all of the subjects principals
　　Iterator principalIterator = subjectgetPrincipals(erator();
　　while(principalIteratorhasNext()){
　　Principal principal = (Principal)principalIteratornext();
　　// Set up the xpath string to retrieve all the relevant permissions
　　// Sample xpath string:　/policy/grant[@codebase=\sample_actionsjar\]/principal[@classname=\comfonsecasecuritySamplePrincipal\][@name=\testUser\]/permission
　　StringBuffer xpath = new StringBuffer();
　　xpathappend(/policy/grant/principal[@classname=\);
　　xpathappend(principalgetClass()getName());
　　xpathappend(\][@name=\);
　　xpathappend(principalgetName());
　　xpathappend(\]/permission);
　　//Systemoutprintln(xpathtoString());
　　NodeIterator nodeIter = XPathAPIselectNodeIterator(doc xpathtoString());
　　Node node = null;
　　while( (node = nodeIternextNode()) != null ) {
　　//here
　　CodeSource codebase=getCodebase(nodegetParentNode()getParentNode());
　　if (codebase!=null || codebaseimplies(codeSource)){
　　Permission permission = getPermission(node);
　　collectionadd(permission);
　　}
　　}
　　}
　　} catch (Exception e) {
　　eprintStackTrace();
　　throw new RuntimeException(egetMessage());
　　}
　　if(collection != null)
　　return collection;
　　else {
　　// If the permission is not found here then delegate it
　　// to the standard java Policy class instance
　　Policy policy = PolicygetPolicy();
　　return policygetPermissions(codeSource);
　　}
　　}
　　/**
　　* Returns a Permission instance defined by the provided
　　* permission Node attributes
　　*/
　　private Permission getPermission(Node node) throws Exception {
　　NamedNodeMap map = nodegetAttributes();
　　Attr attrClassname = (Attr) mapgetNamedItem(classname);
　　Attr attrName = (Attr) mapgetNamedItem(name);
　　Attr attrActions = (Attr) mapgetNamedItem(actions);
　　Attr attrRelationship = (Attr) mapgetNamedItem(relationship);
　　if(attrClassname == null)
　　throw new RuntimeException();
　　Class[] types = null;
　　Object[] args = null;
　　// Check if the name is specified
　　// if no name is specified then because
　　// the types and the args variables above
　　// are null the default constructor is used
　　if(attrName != null) {
　　String name = attrNamegetValue();
　　// Check if actions are specified
　　// then setup the array sizes accordingly
　　if(attrActions != null) {
　　String actions = attrActionsgetValue();
　　// Check if a relationship is specified
　　// then setup the array sizes accordingly
　　if(attrRelationship == null) {
　　types = new Class[];
　　args = new Object[];
　　} else {
　　types = new Class[];
　　args = new Object[];
　　String relationship = attrRelationshipgetValue();
　　types[] = relationshipgetClass();
　　args[] = relationship;
　　}
　　types[] = actionsgetClass();
　　args[] = actions;
　　} else {
　　
　　types = new Class[];
　　args = new Object[];
　　
　　}
　　types[] = namegetClass();
　　args[] = name;
　　}　　　String classname = attrClassnamegetValue();
　　Class permissionClass = ClassforName(classname);
　　Constructor constructor = permissionClassgetConstructor(types);
　　return (Permission) constructornewInstance(args);
　　}
　　/**
　　* Returns a CodeSource object defined by the provided
　　* grant Node attributes
　　*/
　　private javasecurityCodeSource getCodebase(Node node) throws Exception {
　　Certificate[] certs = null;
　　URL location;
　　if(nodegetNodeName()equalsIgnoreCase(grant)) {
　　NamedNodeMap map = nodegetAttributes();
　　Attr attrCodebase = (Attr) mapgetNamedItem(codebase);
　　if(attrCodebase != null) {
　　String codebaseValue = attrCodebasegetValue();
　　location = new URL(codebaseValue);
　　return new CodeSource(locationcerts);
　　}
　　}
　　return null;
　　}
　　}
　　
　　繼承Principal類PrincipalUser
　　public class PrincipalUser implements Principal {
　　private String name;
　　/**
　　*
　　* @param name the name for this principal
　　*
　　* @exception InvalidParameterException if the <code>name</code>
　　* is <code>null</code>
　　*/　　public PrincipalUser(String name) {
　　if (name == null)
　　throw new InvalidParameterException(name cannot be null);
　　//search role of this name
　　thisname = name;
　　}
　　/**
　　* Returns the name for this <code>PrincipalUser</code>
　　*
　　* @return the name for this <code>PrincipalUser</code>
　　*/
　　public String getName() {
　　return name;
　　}
　　/**
　　*
　　*/　　public int hashCode() {
　　return namehashCode();
　　}
　　}
　　
　　．繼承Permission和PermissionCollection類
　　public class ResourcePermission extends Permission {
　　static final public String OWNER_RELATIONSHIP = OWNER;
　　static private int READ　　= x;
　　static private int WRITE　 = x;
　　static private int EXECUTE = x;
　　static private int CREATE　= x;
　　static private int DELETE　= x;
　　static private int DEPLOY　= x;
　　static private int CONFIRM = x;
　　static final public String READ_ACTION = read;
　　static final public String WRITE_ACTION　 = write;
　　static final public String EXECUTE_ACTION = execute;
　　static final public String CREATE_ACTION　= create;
　　static final public String DELETE_ACTION　= delete;
　　static final public String DEPLOY_ACTION　= deploy;
　　static final public String CONFIRM_ACTION = confirm;
　　protected int mask;　 protected Resource resource;
　　protected Subject subject;
　　/**
　　* Constructor for ResourcePermission
　　*/
　　public ResourcePermission(String name String actions Resource resource Subject subject) {
　　super(name);
　　this
From:http://tw.wingwit.com/Article/program/Java/ky/201311/27893.html