📄 simpleaclaccessservice.java
字号:
throw new IllegalArgumentException( "Unusable ID in advertisement: " + elem.getTextValue() ); } catch ( ClassCastException badID ) { throw new IllegalArgumentException( "Id is not a group id: " + elem.getTextValue() ); } return true; } if( elem.getName().equals("Operation")) { op = elem.getTextValue(); return true; } if( elem.getName().equals("Offerer")) { try { offerer = source.getPeerGroup().getMembershipService().makeCredential( elem ); } catch( Throwable failed ) { throw new IllegalArgumentException( "Offerer credential could not be constructed" + failed ); } return true; } // element was not handled return false; } /** * Intialize from a portion of a structured document. **/ protected void initialize( Element root ) { if( !TextElement.class.isInstance( root ) ) { throw new IllegalArgumentException( getClass().getName() + " only supports TextElement" ); } TextElement doc = (TextElement) root; String typedoctype = ""; if( root instanceof Attributable ) { Attribute itsType = ((Attributable)root).getAttribute( "type" ); if( null != itsType ) { typedoctype = itsType.getValue(); } } String doctype = doc.getName(); if( !doctype.equals("jxta:SimpleACLOp") && !typedoctype.equals("jxta:SimpleACLOp") ) { throw new IllegalArgumentException( "Could not construct : " + getClass().getName() + "from doc containing a " + doc.getName() ); } Enumeration elements = doc.getChildren(); while (elements.hasMoreElements()) { TextElement elem = (TextElement) elements.nextElement(); if( !handleElement( elem ) ) { if (LOG.isEnabledFor(Level.WARN)) { LOG.warn("Unhandleded element '" + elem.getName() + "' in " + doc.getName() ); } }; } // sanity check time! if( null == op ) { throw new IllegalArgumentException( "operation was never initialized." ); } if( null == offerer ) { throw new IllegalArgumentException( "offerer was never initialized." ); } } } /** * The peer group we are working for. **/ PeerGroup group; /** * Implementation advertisement for this instance. **/ ModuleImplAdvertisement implAdvertisement; /** * The ACLs we are supporting. **/ private final Map<String,Set<String>> ACLs = new HashMap<String,Set<String>>(); /** * The default constructor **/ public SimpleACLAccessService() { } /** * {@inheritDoc} **/ public void init( PeerGroup group, ID assignedID, Advertisement implAdv ) throws PeerGroupException { this.group = group; implAdvertisement = (ModuleImplAdvertisement) implAdv; if (LOG.isEnabledFor(Level.INFO)) { StringBuffer configInfo = new StringBuffer( "Configuring Access Service : " + assignedID ); configInfo.append( "\n\tImplementation:" ); configInfo.append( "\n\t\tImpl Description: " + implAdvertisement.getDescription() ); configInfo.append( "\n\t\tImpl URI : " + implAdvertisement.getUri() ); configInfo.append( "\n\t\tImpl Code : " + implAdvertisement.getCode() ); configInfo.append( "\n\tGroup Params:" ); configInfo.append( "\n\t\tGroup: " + group.getPeerGroupName() ); configInfo.append( "\n\t\tGroup ID: " + group.getPeerGroupID() ); configInfo.append( "\n\t\tPeer ID: " + group.getPeerID() ); LOG.info( configInfo ); } PeerGroupAdvertisement configAdv = (PeerGroupAdvertisement) group.getPeerGroupAdvertisement(); TextElement myParam = (TextElement) configAdv.getServiceParam(assignedID); if( null == myParam ) { throw new PeerGroupException( "parameters for group access controls missing." ); } Enumeration allACLS = myParam.getChildren(); while( allACLS.hasMoreElements() ) { TextElement anACL = (TextElement) allACLS.nextElement(); if( !anACL.getName().equals( "perm" ) ) { continue; } String etcPasswd = (String) anACL.getTextValue( ); int nextDelim = etcPasswd.indexOf( ':' ); if( -1 == nextDelim ) { continue; } String operation = etcPasswd.substring( 0, nextDelim ).trim(); if( "<<DEFAULT>>".equals( operation ) ) { operation = null; } String identities = etcPasswd.substring( nextDelim + 1 ); Set allowed = new HashSet(); StringTokenizer eachIdentity = new StringTokenizer(identities, "," ); while ( eachIdentity.hasMoreTokens() ) { String anIdentity = eachIdentity.nextToken().trim(); if( "<<ALL>>".equals( anIdentity ) ) { anIdentity = null; } allowed.add( anIdentity ); } if (LOG.isEnabledFor(Level.DEBUG)) { LOG.debug( "Adding operation : '" + ((null == operation) ? "<<DEFAULT>>" : operation ) + "' with " + allowed.size() + " identities." ); } ACLs.put( operation, allowed ); } } /** * {@inheritDoc} **/ public int startApp(String[] args) { return 0; } /** * {@inheritDoc} **/ public void stopApp() { } /** * {@inheritDoc} **/ public Advertisement getImplAdvertisement() { return implAdvertisement; } /** * {@inheritDoc} **/ public Service getInterface() { return this; } /** * {@inheritDoc} **/ public AccessResult doAccessCheck( PrivilegedOperation op, Credential cred ) { if( (null != cred) && !cred.isValid() ) { return AccessResult.DISALLOWED; } if( (null != op) && !op.isValid() ) { return AccessResult.DISALLOWED; } Set<String> allowed = ACLs.get( (null != op) ? op.getSubject() : null ); // do we know this operation? if( null == allowed ) { // try the default permission allowed = ACLs.get( null ); if( null == allowed ) { return AccessResult.DISALLOWED; } } String credSubject = (null != cred) ? cred.getSubject().toString() : null; return (allowed.contains( credSubject ) || allowed.contains( null )) ? AccessResult.PERMITTED : AccessResult.DISALLOWED; } /** * {@inheritDoc} **/ public PrivilegedOperation newPrivilegedOperation(Object subject, Credential offerer) { if( !(subject instanceof String) ) { throw new IllegalArgumentException( getClass().getName() + " only supports String subjects." ); } if( !offerer.isValid() ) { throw new IllegalArgumentException( "offerer is not a valid credential" ); } return new SimpleACLOperation( this, (String) subject, offerer ); } /** * {@inheritDoc} **/ public PrivilegedOperation newPrivilegedOperation(Element source) { return new SimpleACLOperation( this, source ); } /** * {@inheritDoc} **/ PeerGroup getPeerGroup() { return group; }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -