JAAS授权
JAAS授权涉及的类和接口
公共类如前所述,包括Subject,Principal,Policy
Permission:表示对系统资源的操作,用于封装"一个权限"。
PrivilegedAction:受私有权限保护的计算逻辑。
AccessController:方法控制器,用于验证操作权限。
权限封装类PersonnelPermission
import java.security.BasicPermission;
public class PersonnelPermission extends BasicPermission {
/**
*
*/
private static final long serialVersionUID = -3907398941038069753L;
public PersonnelPermission(String name) {
super(name);
}
public PersonnelPermission(String name, String action) {
super(name);
}
}
自定义Principal
/*
* @(#)SamplePrincipal.java 1.4 00/01/11
*
* Copyright 2000-2002 Oracle and/or its affiliates. All rights reserved.
*
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
*
* -Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* -Redistribution in binary form must reproduct the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* Neither the name of Oracle and/or its affiliates. or the names of
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* This software is provided "AS IS," without a warranty of any
* kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
* WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY
* EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY
* DAMAGES OR LIABILITIES SUFFERED BY LICENSEE AS A RESULT OF OR
* RELATING TO USE, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR
* ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE
* FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT,
* SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
* CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF
* THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
*
* You acknowledge that Software is not designed, licensed or
* intended for use in the design, construction, operation or
* maintenance of any nuclear facility.
*/
package root.tgview;
import java.security.Principal;
/**
* <p> This class implements the <code>Principal</code> interface
* and represents a Sample user.
*
* <p> Principals such as this <code>SamplePrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
*
* @version 1.4, 01/11/00
* @see java.security.Principal
* @see javax.security.auth.Subject
*/
public class SamplePrincipal implements Principal, java.io.Serializable {
/**
* @serial
*/
private String name;
/**
* Create a SamplePrincipal with a Sample username.
*
* <p>
*
* @param name the Sample username for this user.
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
*/
public SamplePrincipal(String name) {
if (name == null)
throw new NullPointerException("illegal null input");
this.name = name;
}
/**
* Return the Sample username for this <code>SamplePrincipal</code>.
*
* <p>
*
* @return the Sample username for this <code>SamplePrincipal</code>
*/
public String getName() {
return name;
}
/**
* Return a string representation of this <code>SamplePrincipal</code>.
*
* <p>
*
* @return a string representation of this <code>SamplePrincipal</code>.
*/
public String toString() {
return("SamplePrincipal: " + name);
}
/**
* Compares the specified Object with this <code>SamplePrincipal</code>
* for equality. Returns true if the given object is also a
* <code>SamplePrincipal</code> and the two SamplePrincipals
* have the same username.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>SamplePrincipal</code>.
*
* @return true if the specified Object is equal equal to this
* <code>SamplePrincipal</code>.
*/
public boolean equals(Object o) {
if (o == null)
return false;
if (this == o)
return true;
if (!(o instanceof SamplePrincipal))
return false;
SamplePrincipal that = (SamplePrincipal)o;
if (this.getName().equals(that.getName()))
return true;
return false;
}
/**
* Return a hash code for this <code>SamplePrincipal</code>.
*
* <p>
*
* @return a hash code for this <code>SamplePrincipal</code>.
*/
public int hashCode() {
return name.hashCode();
}
}
需要进行权限验证的Action
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
public class TestPrivilegedAction implements PrivilegedAction{
@Override
public Object run() {
AccessController.checkPermission(new PersonnelPermission("access"));
System.out.println("\nYour user.home property value is: "
+ System.getProperty("user.home"));
return "";
}
}
policy配置文件
grant Principal root.tgview.SamplePrincipal "alice"{
permission java.util.PropertyPermission "user.home", "read";
permission root.tgview.PersonnelPermission "access";
};
测试代码
LoginContext lc=null;
try {
lc= new LoginContext("MyExample",new TextCallbackHandler());
lc.login();
Subject sub = lc.getSubject();
sub.doAsPrivileged(sub, new TestPrivilegedAction(),null);
} catch (Exception e) {
// Authentication failed.
e.printStackTrace();
}
运行参数
-Djava.security.manager -Djava.security.auth.login.config="D:\jass.config" -Djava.security.policy="D:\Policy.txt"
