📄 securityutil.java
字号:
}
/**
* Perform work as a particular </code>Subject</code>. Here the work
* will be granted to a <code>null</code> subject.
*
* @param methodName the method to apply the security restriction
* @param targetObject the <code>Filter</code> on which the method will
* be called.
*/
public static void doAsPrivilege(final String methodName,
final Filter targetObject)
throws java.lang.Exception{
doAsPrivilege(methodName, targetObject, null, null);
}
/**
* Perform work as a particular </code>Subject</code>. Here the work
* will be granted to a <code>null</code> subject.
*
* @param methodName the method to apply the security restriction
* @param targetObject the <code>Filter</code> on which the method will
* be called.
* @param targetType <code>Class</code> array used to instanciate a
* <code>Method</code> object.
* @param targetArgumentst <code>Object</code> array contains the
* runtime parameters instance.
*/
public static void doAsPrivilege(final String methodName,
final Filter targetObject,
final Class[] targetType,
final Object[] targetArguments)
throws java.lang.Exception{
Method method = null;
Method[] methodsCache = null;
if(objectCache.containsKey(targetObject)){
methodsCache = (Method[])objectCache.get(targetObject);
method = findMethod(methodsCache, methodName);
if (method == null){
method = createMethodAndCacheIt(methodsCache,
methodName,
targetObject,
targetType);
}
} else {
method = createMethodAndCacheIt(methodsCache,
methodName,
targetObject,
targetType);
}
execute(method, targetObject, targetArguments, null);
}
/**
* Perform work as a particular </code>Subject</code>. Here the work
* will be granted to a <code>null</code> subject.
*
* @param methodName the method to apply the security restriction
* @param targetObject the <code>Servlet</code> on which the method will
* be called.
* @param targetType <code>Class</code> array used to instanciate a
* <code>Method</code> object.
* @param targetArgumentst <code>Object</code> array contains the
* runtime parameters instance.
* @param principal the <code>Principal</code> to which the security
* privilege apply..
*/
private static void execute(final Method method,
final Object targetObject,
final Object[] targetArguments,
Principal principal)
throws java.lang.Exception{
try{
Subject subject = null;
PrivilegedExceptionAction pea = new PrivilegedExceptionAction(){
public Object run() throws Exception{
method.invoke(targetObject, targetArguments);
return null;
}
};
// The first argument is always the request object
if (targetArguments != null
&& targetArguments[0] instanceof HttpServletRequest){
HttpServletRequest request =
(HttpServletRequest)targetArguments[0];
HttpSession session = request.getSession(false);
if (session != null){
subject = (Subject)session.getAttribute(Globals.SUBJECT_ATTR);
if (subject == null){
subject = new Subject();
session.setAttribute(Globals.SUBJECT_ATTR, subject);
}
}
}
Subject.doAsPrivileged(subject, pea, null);
} catch( PrivilegedActionException pe) {
Throwable e = ((InvocationTargetException)pe.getException())
.getTargetException();
if (log.isDebugEnabled()){
log.debug(sm.getString("SecurityUtil.doAsPrivilege"), e);
}
if (e instanceof UnavailableException)
throw (UnavailableException) e;
else if (e instanceof ServletException)
throw (ServletException) e;
else if (e instanceof IOException)
throw (IOException) e;
else if (e instanceof RuntimeException)
throw (RuntimeException) e;
else
throw new ServletException(e.getMessage(), e);
}
}
/**
* Find a method stored within the cache.
* @param methodsCache the cache used to store method instance
* @param methodName the method to apply the security restriction
* @return the method instance, null if not yet created.
*/
private static Method findMethod(Method[] methodsCache,
String methodName){
if (methodName.equalsIgnoreCase(INIT_METHOD)
&& methodsCache[INIT] != null){
return methodsCache[INIT];
} else if (methodName.equalsIgnoreCase(DESTROY_METHOD)
&& methodsCache[DESTROY] != null){
return methodsCache[DESTROY];
} else if (methodName.equalsIgnoreCase(SERVICE_METHOD)
&& methodsCache[SERVICE] != null){
return methodsCache[SERVICE];
} else if (methodName.equalsIgnoreCase(DOFILTER_METHOD)
&& methodsCache[DOFILTER] != null){
return methodsCache[DOFILTER];
}
return null;
}
/**
* Create the method and cache it for further re-use.
* @param methodsCache the cache used to store method instance
* @param methodName the method to apply the security restriction
* @param targetObject the <code>Servlet</code> on which the method will
* be called.
* @param targetType <code>Class</code> array used to instanciate a
* <code>Method</code> object.
* @return the method instance.
*/
private static Method createMethodAndCacheIt(Method[] methodsCache,
String methodName,
Object targetObject,
Class[] targetType)
throws Exception{
if ( methodsCache == null){
methodsCache = new Method[3];
}
Method method =
targetObject.getClass().getMethod(methodName, targetType);
if (methodName.equalsIgnoreCase(INIT_METHOD)){
methodsCache[INIT] = method;
} else if (methodName.equalsIgnoreCase(DESTROY_METHOD)){
methodsCache[DESTROY] = method;
} else if (methodName.equalsIgnoreCase(SERVICE_METHOD)){
methodsCache[SERVICE] = method;
} else if (methodName.equalsIgnoreCase(DOFILTER_METHOD)){
methodsCache[DOFILTER] = method;
}
objectCache.put(targetObject, methodsCache );
return method;
}
/**
* Remove the object from the cache.
*/
public static void remove(Object cachedObject){
objectCache.remove(cachedObject);
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -