用JAAS 实现in Struts Web App(二)

核心提示：5. 实现xmlPolicyFile类。public class XMLPolicyFile extends Policy implements JAASConstants {PRivate Document doc = null;//private CodeSource noCertCodeSource=null;/

　　5. 实现xmlPolicyFile类。
　　
　　public class XMLPolicyFile extends Policy implements JAASConstants {
　　PRivate Document doc = null;
　　//private CodeSource noCertCodeSource=null;
　　/*
　　* constrUCtor
　　* refresh()
　　*/　 public XMLPolicyFile(){
　　refresh();
　　}　 public PermissionCollection getPermissions(CodeSource arg0) {
　　// TODO Auto-generated method stub
　　return null;
　　}
　　/*
　　* Creates a DOM tree document from the default XML file or
　　* from the file specified by the system property,
　　* <code>com.ibm.resource.security.auth.policy</code>. This
　　* DOM tree document is then used by the
　　* <code>getPermissions()</code> in searching for permissions.
　　*
　　* @see javax.security.auth.Policy#refresh()
　　*/　 public void refresh() {
　　FileInputStream fis = null;
　　try {
　　// Set up a DOM tree to query
　　fis = new FileInputStream(AUTH_SECURITY_POLICYXMLFILE);
　　InputSource in = new InputSource(fis);
　　DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
　　dfactory.setNamespaceAware(true);
　　doc = dfactory.newDocumentBuilder().parse(in);
　　} catch (Exception e) {
　　e.printStackTrace();
　　throw new RuntimeException(e.getMessage());
　　} finally {
　　if(fis != null) {
　　try { fis.close(); } catch (IOException e) {}
　　
　　}
　　}
　　}　 public PermissionCollection getPermissions(Subject subject,CodeSource codeSource) {
　　ResourcePermissionCollection collection = new ResourcePermissionCollection();
　　try {
　　// Iterate through all of the subjects principals
　　Iterator principalIterator = subject.getPrincipals().iterator();
　　while(principalIterator.hasNext()){
　　Principal principal = (Principal)principalIterator.next();
　　// Set up the XPath string to retrieve all the relevant permissions
　　// Sample xpath string:　"/policy/grant[@codebase=\"sample_actions.jar\"]/principal[@classname=\"com.fonseca.security.SamplePrincipal\"][@name=\"testUser\"]/permission"
　　StringBuffer xpath = new StringBuffer();
　　xpath.append("/policy/grant/principal[@classname=\"");
　　xpath.append(principal.getClass().getName());
　　xpath.append("\"][@name=\"");
　　xpath.append(principal.getName());
　　xpath.append("\"]/permission");
　　//System.out.println(xpath.toString());
　　NodeIterator nodeIter = XPathAPI.selectNodeIterator(doc, xpath.toString());
　　Node node = null;
　　while( (node = nodeIter.nextNode()) != null ) {
　　//here
　　CodeSource codebase=getCodebase(node.getParentNode().getParentNode());
　　if (codebase!=null codebase.implies(codeSource)){
　　Permission permission = getPermission(node);
　　collection.add(permission);
　　}
　　}
　　}
　　} catch (Exception e) {
　　e.printStackTrace();
　　throw new RuntimeException(e.getMessage());
　　}
　　if(collection != null)
　　return collection;
　　else {
　　// If the permission is not found here then delegate it
　　// to the standard java Policy class instance.
　　Policy policy = Policy.getPolicy();
　　return policy.getPermissions(codeSource);
　　}
　　}
　　/**
　　* Returns a Permission instance defined by the provided
　　* permission Node attributes.
　　*/
　　private Permission getPermission(Node node) throws Exception {
　　NamedNodeMap map = node.getAttributes();
　　Attr attrClassname = (Attr) map.getNamedItem("classname");
　　Attr attrName = (Attr) map.getNamedItem("name");
　　Attr attrActions = (Attr) map.getNamedItem("actions");
　　Attr attrRelationship = (Attr) map.getNamedItem("relationship");
　　if(attrClassname == null)
　　throw new RuntimeException();
　　Class[] types = null;
　　Object[] args = null;
　　// Check if the name is specified
　　// if no name is specified then because
　　// the types and the args variables above
　　// are null the default constructor is used.
　　if(attrName != null) {
　　String name = attrName.getValue();
　　// Check if actions are specified
　　// then setup the array sizes accordingly
　　if(attrActions != null) {
　　String actions = attrActions.getValue();
　　// Check if a relationship is specified
　　// then setup the array sizes accordingly
　　if(attrRelationship == null) {
　　types = new Class[2];
　　args = new Object[2];
　　} else {
　　types = new Class[3];
　　args = new Object[3];
　　String relationship = attrRelationship.getValue();
　　types[2] = relationship.getClass();
　　args[2] = relationship;
　　}
　　types[1] = actions.getClass();
　　args[1] = actions;
　　} else {
　　
　　types = new Class[1];
　　args = new Object[1];
　　
　　}
　　types[0] = name.getClass();
　　args[0] = name;
　　}　　　String classname = attrClassname.getValue();
　　Class permissionClass = Class.forName(classname);
　　Constructor constructor = permissionClass.getConstructor(types);
　　return (Permission) constructor.newInstance(args);
　　}
　　/**
　　* Returns a CodeSource object defined by the provided
　　* grant Node attributes.
　　*/
　　private java.security.CodeSource getCodebase(Node node) throws Exception {
　　Certificate[] certs = null;
　　URL location;
　　if(node.getNodeName().equalsIgnoreCase("grant")) {
　　NamedNodeMap map = node.getAttributes();
　　Attr attrCodebase = (Attr) map.getNamedItem("codebase");
　　if(attrCodebase != null) {
　　String codebaseValue = attrCodebase.getValue();
　　location = new URL(codebaseValue);
　　return new CodeSource(location,certs);
　　}
　　}
　　return null;
　　}
　　}
　　
　　6.继续Principal类PrincipalUser
　　public class PrincipalUser implements Principal {
　　private String name;
　　/**
　　*
　　* @param name the name for this principal.
　　*
　　* @exception InvalidParameterException if the <code>name</code>
　　* is <code>null</code>.
　　*/　　public PrincipalUser(String name) {
　　if (name == null)
　　throw new InvalidParameterException("name cannot be null");
　　//search role of this name.
　　this.name = name;
　　}
　　/**
　　* Returns the name for this <code>PrincipalUser</code>.
　　*
　　* @return the name for this <code>PrincipalUser</code>
　　*/
　　public String getName() {
　　return name;
　　}
　　/**
　　*
　　*/　　public int hashCode() {
　　return name.hashCode();
　　}
　　}
　　
　　7．继续Permission和PermissionCollection类
　　public class ResourcePermission extends Permission {
　　static final public String OWNER_RELATIONSHIP = "OWNER";
　　static private int READ　　= 0x01;
　　static private int WRITE　 = 0x02;
　　static private int EXECUTE = 0x04;
　　static private int CREATE　= 0x08;
　　static private int DELETE　= 0x10;
　　static private int DEPLOY　= 0x16;
　　static private int CONFIRM = 0x24;
　　static final public String READ_ACTION = "read";
　　static final public String WRITE_ACTION　 = "write";
　　static final public String EXECUTE_ACTION = "execute";
　　static final public String CREATE_ACTION　= "create";
　　static final public String DELETE_ACTION　= "delete";
　　static final public String DEPLOY_ACTION　= "deploy";
　　static final public String CONFIRM_ACTION = "confirm";
　　protected int mask;　 protected Resource resource;
　　protected Subject subject;
　　/**
　　* Constructor for ResourcePermission
　　*/
　　public ResourcePermission(String name, String actions, Resource resource, Subject subject) {
　　super(name);
　　this