JAAS授权

JAAS授权涉及的类和接口

公共类如前所述，包括Subject,Principal,Policy

Permission：表示对系统资源的操作，用于封装"一个权限"。

PrivilegedAction:受私有权限保护的计算逻辑。

AccessController：方法控制器，用于验证操作权限。

权限封装类PersonnelPermission

import java.security.BasicPermission;

public class PersonnelPermission extends BasicPermission {
/**
*
*/
private static final long serialVersionUID = -3907398941038069753L;
public PersonnelPermission(String name) {
super(name);

}
public PersonnelPermission(String name, String action) {
super(name);
}

}

　　自定义Principal

/*
* @(#)SamplePrincipal.java	1.4 00/01/11
*
* Copyright 2000-2002 Oracle and/or its affiliates. All rights reserved.
*
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
*
* -Redistributions of source code must retain the above copyright
* notice, this  list of conditions and the following disclaimer.
*
* -Redistribution in binary form must reproduct the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* Neither the name of Oracle and/or its affiliates. or the names of
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* This software is provided "AS IS," without a warranty of any
* kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
* WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY
* EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY
* DAMAGES OR LIABILITIES  SUFFERED BY LICENSEE AS A RESULT OF  OR
* RELATING TO USE, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR
* ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE
* FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT,
* SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
* CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF
* THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
*
* You acknowledge that Software is not designed, licensed or
* intended for use in the design, construction, operation or
* maintenance of any nuclear facility.
*/

package root.tgview;

import java.security.Principal;

/**
* <p> This class implements the <code>Principal</code> interface
* and represents a Sample user.
*
* <p> Principals such as this <code>SamplePrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity.  Refer to the <code>Subject</code> class for more information
* on how to achieve this.  Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
*
* @version 1.4, 01/11/00
* @see java.security.Principal
* @see javax.security.auth.Subject
*/
public class SamplePrincipal implements Principal, java.io.Serializable {

/**
* @serial
*/
private String name;

/**
* Create a SamplePrincipal with a Sample username.
*
* <p>
*
* @param name the Sample username for this user.
*
* @exception NullPointerException if the <code>name</code>
*			is <code>null</code>.
*/
public SamplePrincipal(String name) {
if (name == null)
throw new NullPointerException("illegal null input");

this.name = name;
}

/**
* Return the Sample username for this <code>SamplePrincipal</code>.
*
* <p>
*
* @return the Sample username for this <code>SamplePrincipal</code>
*/
public String getName() {
return name;
}

/**
* Return a string representation of this <code>SamplePrincipal</code>.
*
* <p>
*
* @return a string representation of this <code>SamplePrincipal</code>.
*/
public String toString() {
return("SamplePrincipal:  " + name);
}

/**
* Compares the specified Object with this <code>SamplePrincipal</code>
* for equality.  Returns true if the given object is also a
* <code>SamplePrincipal</code> and the two SamplePrincipals
* have the same username.
*
* <p>
*
* @param o Object to be compared for equality with this
*		<code>SamplePrincipal</code>.
*
* @return true if the specified Object is equal equal to this
*		<code>SamplePrincipal</code>.
*/
public boolean equals(Object o) {
if (o == null)
return false;

if (this == o)
return true;

if (!(o instanceof SamplePrincipal))
return false;
SamplePrincipal that = (SamplePrincipal)o;

if (this.getName().equals(that.getName()))
return true;
return false;
}

/**
* Return a hash code for this <code>SamplePrincipal</code>.
*
* <p>
*
* @return a hash code for this <code>SamplePrincipal</code>.
*/
public int hashCode() {
return name.hashCode();
}
}

　　需要进行权限验证的Action

import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;

public class TestPrivilegedAction implements PrivilegedAction{

@Override
public Object run() {
AccessController.checkPermission(new PersonnelPermission("access"));
System.out.println("\nYour user.home property value is: "
+ System.getProperty("user.home"));
return "";
}

}

　　policy配置文件

grant Principal root.tgview.SamplePrincipal "alice"{
permission java.util.PropertyPermission "user.home", "read";
permission root.tgview.PersonnelPermission "access";

};

　　

　　测试代码

LoginContext lc=null;
try {
lc= new LoginContext("MyExample",new TextCallbackHandler());
lc.login();
Subject sub = lc.getSubject();

sub.doAsPrivileged(sub, new TestPrivilegedAction(),null);
} catch (Exception e) {
// Authentication failed.
e.printStackTrace();
}

　　运行参数

-Djava.security.manager
-Djava.security.auth.login.config="D:\jass.config"
-Djava.security.policy="D:\Policy.txt"