📄 policyservice.java
字号:
/* * Copyright (c) 2005, John Mettraux, OpenWFE.org * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * . Redistributions of source code must retain the above copyright notice, this * list of conditions and the following disclaimer. * * . Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * . Neither the name of the "OpenWFE" nor the names of its contributors may be * used to endorse or promote products derived from this software without * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * * $Id: PolicyService.java,v 1.35 2005/06/20 20:15:17 jmettraux Exp $ *///// PolicyService.java//// jmettraux@openwfe.org//// generated with // jtmpl 1.0.04 31.10.2002 John Mettraux (jmettraux@openwfe.org)//package openwfe.org.auth;import java.security.Policy;import java.security.CodeSource;import java.security.Permissions;import java.security.PermissionCollection;import java.security.ProtectionDomain;import javax.security.auth.Subject;import openwfe.org.Service;import openwfe.org.ServiceException;import openwfe.org.ApplicationContext;import openwfe.org.state.PausedState;import openwfe.org.state.RunningState;import openwfe.org.state.StoppedState;import openwfe.org.state.ServiceState;/** * Our custom policy. Should be usable out of the box. * * <p> * <b>Important note</b><br> * Log ouptut for Passwd and PolicyService has been commented out, it * induced stack overflow errors when log4j was rotating its log files (and * thus requesting this PolicyService for filepermissions).<br> * Feel free to comment in log output, but beware to comment it out for * production builds. * </p> * * <p><font size=2>CVS Info : * <br>$Author: jmettraux $ * <br>$Date: 2005/06/20 20:15:17 $ * <br>$Id: PolicyService.java,v 1.35 2005/06/20 20:15:17 jmettraux Exp $ </font> * * @author jmettraux@openwfe.org */public class PolicyService extends Policy implements Service{ private final static org.apache.log4j.Logger log = org.apache.log4j.Logger .getLogger(PolicyService.class.getName()); // // CONSTANTS and definitions public final static String POLICY_SERVICE = "policyService"; public final static String PASSWD_CODEC = "passwdCodec"; //public final static String REFRESH_EACH_TIME = "refreshEachTime"; // // FIELDS private String serviceName = null; private ApplicationContext applicationContext = null; private java.util.Map serviceParams = null; private ServiceState serviceState = null; private Policy deferredPolicy = null; private PasswdCodec passwdCodec = null; private Passwd passwd = null; //private boolean refreshEachTime = false; // // CONSTRUCTORS public void init (final String serviceName, final ApplicationContext context, final java.util.Map serviceParams) throws ServiceException { this.serviceName = serviceName; this.applicationContext = context; this.serviceParams = serviceParams; // // prepare passwdCodec String passwdCodecClassName = (String)this.serviceParams.get(PASSWD_CODEC); if (passwdCodecClassName == null) { passwdCodecClassName = openwfe.org.auth.xml.XmlPasswdCodec.class .getName(); log.info("Using default PasswdCodec"); } log.info("Using PasswdCodec '"+passwdCodecClassName+"'"); try { Class codecClass = Class.forName(passwdCodecClassName); this.passwdCodec = (PasswdCodec)codecClass.newInstance(); } catch (final Exception e) { throw new ServiceException ("Failed to load codec, service '"+this.serviceName+ "' cannot continue.", e); } this.passwdCodec.init(this.applicationContext, this.serviceParams); // // load deferredPolicy this.deferredPolicy = Policy.getPolicy(); // // load passwd loadPasswd(); log.info("Passwd successfully decoded"); // // set self as system policy ! Policy.setPolicy(this); log.info("Set self as system security Policy."); /* // // should we refresh the passwd each time ? String sRefresh = (String)serviceParams.get(REFRESH_EACH_TIME); this.refreshEachTime = (sRefresh != null && "true".equalsIgnoreCase(sRefresh.trim())); log.info("Refresh passwd each time ? "+this.refreshEachTime); */ } protected void loadPasswd () throws ServiceException { try { this.passwd = this.passwdCodec.decodePasswd(); } catch (final AuthException ae) { throw new ServiceException ("Failed to load Passwd", ae); } } // // METHODS public Principal authentify (final String userName, final Object credentials) throws AuthException { //if (this.refreshEachTime) this.refresh(); this.refresh(); return this.passwd.authentify(userName, credentials); } // // METHODS from Service public void play () { log.info("play() requested for service '"+getName()+"'"); if ( ! this.isRunning()) this.serviceState = new RunningState(); } public void pause () { log.info("pause() requested for service '"+getName()+"'"); if (this.isRunning()) this.serviceState = new PausedState(); } public void stop () throws ServiceException { log.info("stop() requested for service '"+getName()+"'"); this.serviceState = new StoppedState(); } public ServiceState getState () { return this.serviceState; } protected void setState (ServiceState state) { this.serviceState = state; } public String getName () { return this.serviceName; } public ApplicationContext getContext () { return this.applicationContext; } public java.util.Map getParams () { return java.util.Collections.unmodifiableMap(this.serviceParams); } public org.jdom.Element getStatus () { return new org.jdom.Element(getName()); } public boolean isRunning () { return getState() instanceof RunningState; } // // METHODS from Policy public PermissionCollection getPermissions (final CodeSource cs) { final PermissionCollection permissions = this.deferredPolicy.getPermissions(cs); // debug //final StringBuffer sb = new StringBuffer(); //final java.util.Enumeration en = permissions.elements(); //int i = 0; //while (en.hasMoreElements()) //{ // java.security.Permission p = // (java.security.Permission)en.nextElement(); // sb.append("\n - "+(i++)+": "+p); //} //log.debug("getPermissions(cs) returning"+sb.toString()); return permissions; } public PermissionCollection getPermissions (final ProtectionDomain pd) { //log.debug("getPermissions()"); PermissionCollection permissions = this.deferredPolicy.getPermissions(pd); PermissionCollection passwdPermissions = null; try { passwdPermissions = this.passwd.getPermissions(pd); } catch (final Exception e) { //log.warn // ("getPermissions() "+ // "Failed to use 'passwd' to determine permissions, "+ // "falling back to system permissions\nCaused by : "+e); passwdPermissions = new Permissions(); } java.util.Enumeration en = passwdPermissions.elements(); while (en.hasMoreElements()) { java.security.Permission p = (java.security.Permission)en.nextElement(); permissions.add(p); } // debug //StringBuffer sb = new StringBuffer(); //en = permissions.elements(); //int i = 0; //while (en.hasMoreElements()) //{ // java.security.Permission p = // (java.security.Permission)en.nextElement(); // sb.append("\n - "+(i++)+": "+p); //} //log.debug("getPermissions(pd) returning"+sb.toString()); return permissions; } public PermissionCollection getPermissions (Subject subject) throws AuthException { return this.passwd.getPermissions(subject); } public void refresh () { //log.info("Refreshing PolicyService '"+this.serviceName+"'"); try { loadPasswd(); } catch (ServiceException se) { //log.warn("Passwd reload failed", se); } this.deferredPolicy.refresh(); } // // UMAN METHODS // (restricted access) public java.util.Map getPrincipals () { checkAccess(); return this.passwd.getPrincipals(); } public java.util.Map getGrants () { checkAccess(); return this.passwd.getGrants(); } public void updatePrincipals (java.util.Map principals) { checkAccess(); this.passwd.updatePrincipals(principals); } public void updateGrants (java.util.Map grants) { checkAccess(); this.passwd.updateGrants(grants); } public void savePasswd () throws AuthException { checkAccess(); this.passwdCodec.encodePasswd(this.passwd); } // // METHODS protected void checkAccess () { final java.util.Map params = new java.util.HashMap(1); params.put(Permission.NAME, this.passwd.getName()); java.security.AccessController.checkPermission (new UmanPermission(params)); } // // STATIC METHODS public static PolicyService lookupPolicyService (final ApplicationContext context) { //log.debug // ("lookupPolicyService() in context '"+ // context.getApplicationName()+"'"); final PolicyService ps = (PolicyService)context.lookup(POLICY_SERVICE); if (ps != null) return ps; if (context.getParentContext() == null) return null; return lookupPolicyService(context.getParentContext()); }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -