我想创建 BasicPermission 的子类来添加操作,根据 java 文档,这应该是可能的:
Subclasses may implement actions on top of BasicPermission, if desired.
这是我的初步尝试:
public class BasicPermissionWithActions extends BasicPermission {
String actions;
String[] actionList;
String name;
public BasicPermissionWithActions(String name, String actions) {
super(name, actions);
this.actions = actions;
this.actionList = actions.split("\\,");
this.name = name;
}
private static final long serialVersionUID = 7608854273379948062L;
@Override
public boolean implies(Permission p) {
// name and class check can be done by super
if (!super.implies(p))
return false;
// now check actions
String requestedActions = p.getActions();
String[] requestedActionList = requestedActions.split("\\,");
for (String requestedAction : requestedActionList) {
if (!hasRequestedAction(requestedAction))
return false;
}
return true;
}
private boolean hasRequestedAction(String requestedAction) {
for (String action : actionList) {
if (action.equals(requestedAction))
return true;
}
return false;
}
@Override
public String getActions() {
return actions;
}
@Override
public int hashCode() {
final int prime = 31;
int result = super.hashCode();
result = prime * result + ((actions == null) ? 0 : actions.hashCode());
result = prime * result + ((name == null) ? 0 : name.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (!super.equals(obj))
return false;
if (getClass() != obj.getClass())
return false;
BasicPermissionWithActions other = (BasicPermissionWithActions) obj;
if (actions == null) {
if (other.actions != null)
return false;
} else if (!actions.equals(other.actions))
return false;
if (name == null) {
if (other.name != null)
return false;
} else if (!name.equals(other.name))
return false;
return true;
}
@Override
public String toString() {
return "(\"" + this.getClass().getName() + "\" \"" + name + "\" \"" + actions + "\")";
}
策略文件中的一个条目用于使用此权限授予访问权限(在本例中,我指定了一个不足以允许所需操作的权限):
grant principal sample.principal.SampleGroup "TestGroup" {
permission BasicPermissionWithActions "*", "read";
};
以及检查权限的代码:
rep.getAccessControlContext().checkPermission(new BasicPermissionWithActions(getName(), "write"));
我预计此检查会失败,因为该策略仅指定了读取操作。然而检查却悄然通过。
问题是,每当策略文件中的权限具有名称“*”时,就不会检查操作。在 Debug模式下运行显示BasicPermissionWithActions.implies 方法从未被调用。
如果我忽略策略文件中的权限,我会按预期收到安全异常,但无法执行操作。
最佳答案
该问题与 PermissionCollection 有关。 BasicPermission 实现了自己的 PermissionCollection 以提高性能。不幸的是,这个实现做了一些简化的假设,破坏了子类的语义。具体来说,它实现了“*”的快捷方式,绕过 Permission.implies 方法并始终返回 true。
解决方案是实现一个自定义 PermissionCollection,它只需调用其成员的 Permission.implies 方法:
private class CustomPermissionCollection extends PermissionCollection {
private static final long serialVersionUID = 5654758059940546018L;
Collection<Permission> perms = new ArrayList<Permission>();
@Override
public void add(Permission permission) {
perms.add(permission);
}
@Override
public boolean implies(Permission permission) {
for (Permission p : perms) {
if (p.implies(permission))
return true;
}
return false;
}
@Override
public Enumeration<Permission> elements() {
return Collections.enumeration(perms);
}
}
并在 BasicPermissionWithActions 的 newPermissionCollection 方法中返回此值
@Override
public PermissionCollection newPermissionCollection() {
return new CustomPermissionCollection();
}
关于java - 如何子类化 BasicPermission 以添加操作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29292676/