Java 如何将BasicPermission子类化以添加操作
我想创建BasicPermission的一个子类来添加操作,根据java文档的描述,这应该是可能的: 如果需要,子类可以在BasicPermission之上实现操作 以下是我的初步尝试:Java 如何将BasicPermission子类化以添加操作,java,security,permissions,jaas,Java,Security,Permissions,Jaas,我想创建BasicPermission的一个子类来添加操作,根据java文档的描述,这应该是可能的: 如果需要,子类可以在BasicPermission之上实现操作 以下是我的初步尝试: public class BasicPermissionWithActions extends BasicPermission { String actions; String[] actionList; String name; public BasicPermiss
public class BasicPermissionWithActions extends BasicPermission {
String actions;
String[] actionList;
String name;
public BasicPermissionWithActions(String name, String actions) {
super(name, actions);
this.actions = actions;
this.actionList = actions.split("\\,");
this.name = name;
}
private static final long serialVersionUID = 7608854273379948062L;
@Override
public boolean implies(Permission p) {
// name and class check can be done by super
if (!super.implies(p))
return false;
// now check actions
String requestedActions = p.getActions();
String[] requestedActionList = requestedActions.split("\\,");
for (String requestedAction : requestedActionList) {
if (!hasRequestedAction(requestedAction))
return false;
}
return true;
}
private boolean hasRequestedAction(String requestedAction) {
for (String action : actionList) {
if (action.equals(requestedAction))
return true;
}
return false;
}
@Override
public String getActions() {
return actions;
}
@Override
public int hashCode() {
final int prime = 31;
int result = super.hashCode();
result = prime * result + ((actions == null) ? 0 : actions.hashCode());
result = prime * result + ((name == null) ? 0 : name.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (!super.equals(obj))
return false;
if (getClass() != obj.getClass())
return false;
BasicPermissionWithActions other = (BasicPermissionWithActions) obj;
if (actions == null) {
if (other.actions != null)
return false;
} else if (!actions.equals(other.actions))
return false;
if (name == null) {
if (other.name != null)
return false;
} else if (!name.equals(other.name))
return false;
return true;
}
@Override
public String toString() {
return "(\"" + this.getClass().getName() + "\" \"" + name + "\" \"" + actions + "\")";
}
以及策略文件中的一个条目,用于使用此权限授予访问权限(在本例中,我指定的权限应不足以允许所需的操作):
以及检查权限的代码:
rep.getAccessControlContext().checkPermission(new BasicPermissionWithActions(getName(), "write"));
我预计此检查将失败,因为策略仅指定了读取操作。然而支票悄悄地通过了
问题是,每当策略文件中的权限名为“*”时,都不会检查操作。在调试模式下运行表明从未调用方法BasicPermissionWithActions.implies
如果我从策略文件中忽略了权限,我将获得预期的安全异常,但我无法使操作正常工作。问题与PermissionCollection有关。BasicPermission实现自己的PermissionCollection以获得更好的性能。不幸的是,这个实现做出了一些简化的假设,这些假设破坏了子类的语义。具体来说,它为“*”实现了一个快捷方式,该快捷方式绕过Permission.implies方法并始终返回true 解决方案是实现一个自定义PermissionCollection,它只调用其成员的Permission.implies方法:
private class CustomPermissionCollection extends PermissionCollection {
private static final long serialVersionUID = 5654758059940546018L;
Collection<Permission> perms = new ArrayList<Permission>();
@Override
public void add(Permission permission) {
perms.add(permission);
}
@Override
public boolean implies(Permission permission) {
for (Permission p : perms) {
if (p.implies(permission))
return true;
}
return false;
}
@Override
public Enumeration<Permission> elements() {
return Collections.enumeration(perms);
}
}
private class CustomPermissionCollection extends PermissionCollection {
private static final long serialVersionUID = 5654758059940546018L;
Collection<Permission> perms = new ArrayList<Permission>();
@Override
public void add(Permission permission) {
perms.add(permission);
}
@Override
public boolean implies(Permission permission) {
for (Permission p : perms) {
if (p.implies(permission))
return true;
}
return false;
}
@Override
public Enumeration<Permission> elements() {
return Collections.enumeration(perms);
}
}
@Override
public PermissionCollection newPermissionCollection() {
return new CustomPermissionCollection();
}