Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
57bcefdb
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
57bcefdb
编写于
1月 09, 2013
作者:
M
mullan
浏览文件
操作
浏览文件
下载
差异文件
Merge
上级
1875b2c9
e6c7a20f
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
253 addition
and
237 deletion
+253
-237
src/share/classes/java/security/Principal.java
src/share/classes/java/security/Principal.java
+23
-2
src/share/classes/sun/security/provider/PolicyFile.java
src/share/classes/sun/security/provider/PolicyFile.java
+71
-174
src/share/classes/sun/security/provider/PolicyParser.java
src/share/classes/sun/security/provider/PolicyParser.java
+55
-54
src/share/classes/sun/security/tools/policytool/PolicyTool.java
...are/classes/sun/security/tools/policytool/PolicyTool.java
+2
-2
test/java/security/Principal/Implies.java
test/java/security/Principal/Implies.java
+80
-0
test/sun/security/provider/PolicyFile/Comparator.java
test/sun/security/provider/PolicyFile/Comparator.java
+22
-5
未找到文件。
src/share/classes/java/security/Principal.java
浏览文件 @
57bcefdb
/*
* Copyright (c) 1996,
1998
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996,
2012
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -25,6 +25,8 @@
package
java.security
;
import
javax.security.auth.Subject
;
/**
* This interface represents the abstract notion of a principal, which
* can be used to represent any entity, such as an individual, a
...
...
@@ -45,7 +47,6 @@ public interface Principal {
*
* @return true if the principal passed in is the same as that
* encapsulated by this principal, and false otherwise.
*/
public
boolean
equals
(
Object
another
);
...
...
@@ -69,4 +70,24 @@ public interface Principal {
* @return the name of this principal.
*/
public
String
getName
();
/**
* Returns true if the specified subject is implied by this principal.
*
* <p>The default implementation of this method returns true if
* {@code subject} is non-null and contains at least one principal that
* is equal to this principal.
*
* <p>Subclasses may override this with a different implementation, if
* necessary.
*
* @return true if {@code subject} is non-null and is
* implied by this principal, or false otherwise.
* @since 1.8
*/
public
default
boolean
implies
(
Subject
subject
)
{
if
(
subject
==
null
)
return
false
;
return
subject
.
getPrincipals
().
contains
(
this
);
}
}
src/share/classes/sun/security/provider/PolicyFile.java
浏览文件 @
57bcefdb
...
...
@@ -31,13 +31,7 @@ import java.net.MalformedURLException;
import
java.net.URL
;
import
java.net.URI
;
import
java.util.*
;
import
java.util.Enumeration
;
import
java.util.List
;
import
java.util.StringTokenizer
;
import
java.util.ArrayList
;
import
java.util.ListIterator
;
import
java.text.MessageFormat
;
import
com.sun.security.auth.PrincipalComparator
;
import
java.security.*
;
import
java.security.cert.Certificate
;
import
java.security.cert.X509Certificate
;
...
...
@@ -46,19 +40,7 @@ import javax.security.auth.x500.X500Principal;
import
java.io.FilePermission
;
import
java.net.SocketPermission
;
import
java.net.NetPermission
;
import
java.util.PropertyPermission
;
import
java.util.concurrent.atomic.AtomicReference
;
/*
import javax.security.auth.AuthPermission;
import javax.security.auth.kerberos.ServicePermission;
import javax.security.auth.kerberos.DelegationPermission;
import java.io.SerializablePermission;
import java.util.logging.LoggingPermission;
import java.sql.SQLPermission;
import java.lang.reflect.ReflectPermission;
import javax.sound.sampled.AudioPermission;
import javax.net.ssl.SSLPermission;
*/
import
sun.misc.JavaSecurityProtectionDomainAccess
;
import
static
sun
.
misc
.
JavaSecurityProtectionDomainAccess
.
ProtectionDomainCache
;
import
sun.misc.SharedSecrets
;
...
...
@@ -794,12 +776,9 @@ public class PolicyFile extends java.security.Policy {
debug
.
println
(
"Adding policy entry: "
);
debug
.
println
(
" signedBy "
+
ge
.
signedBy
);
debug
.
println
(
" codeBase "
+
ge
.
codeBase
);
if
(
ge
.
principals
!=
null
&&
ge
.
principals
.
size
()
>
0
)
{
ListIterator
<
PolicyParser
.
PrincipalEntry
>
li
=
ge
.
principals
.
listIterator
();
while
(
li
.
hasNext
())
{
PolicyParser
.
PrincipalEntry
pppe
=
li
.
next
();
debug
.
println
(
" "
+
pppe
.
toString
());
if
(
ge
.
principals
!=
null
)
{
for
(
PolicyParser
.
PrincipalEntry
pppe
:
ge
.
principals
)
{
debug
.
println
(
" "
+
pppe
.
toString
());
}
}
}
...
...
@@ -955,11 +934,15 @@ public class PolicyFile extends java.security.Policy {
InvocationTargetException
{
//XXX we might want to keep a hash of created factories...
Class
<?>
pc
=
Class
.
forName
(
type
);
Class
<?>
pc
=
Class
.
forName
(
type
,
false
,
null
);
Permission
answer
=
getKnownInstance
(
pc
,
name
,
actions
);
if
(
answer
!=
null
)
{
return
answer
;
}
if
(!
Permission
.
class
.
isAssignableFrom
(
pc
))
{
// not the right subtype
throw
new
ClassCastException
(
type
+
" is not a Permission"
);
}
if
(
name
==
null
&&
actions
==
null
)
{
try
{
...
...
@@ -1001,7 +984,6 @@ public class PolicyFile extends java.security.Policy {
*/
private
static
final
Permission
getKnownInstance
(
Class
<?>
claz
,
String
name
,
String
actions
)
{
// XXX shorten list to most popular ones?
if
(
claz
.
equals
(
FilePermission
.
class
))
{
return
new
FilePermission
(
name
,
actions
);
}
else
if
(
claz
.
equals
(
SocketPermission
.
class
))
{
...
...
@@ -1014,30 +996,6 @@ public class PolicyFile extends java.security.Policy {
return
new
NetPermission
(
name
,
actions
);
}
else
if
(
claz
.
equals
(
AllPermission
.
class
))
{
return
SecurityConstants
.
ALL_PERMISSION
;
/*
} else if (claz.equals(ReflectPermission.class)) {
return new ReflectPermission(name, actions);
} else if (claz.equals(SecurityPermission.class)) {
return new SecurityPermission(name, actions);
} else if (claz.equals(PrivateCredentialPermission.class)) {
return new PrivateCredentialPermission(name, actions);
} else if (claz.equals(AuthPermission.class)) {
return new AuthPermission(name, actions);
} else if (claz.equals(ServicePermission.class)) {
return new ServicePermission(name, actions);
} else if (claz.equals(DelegationPermission.class)) {
return new DelegationPermission(name, actions);
} else if (claz.equals(SerializablePermission.class)) {
return new SerializablePermission(name, actions);
} else if (claz.equals(AudioPermission.class)) {
return new AudioPermission(name, actions);
} else if (claz.equals(SSLPermission.class)) {
return new SSLPermission(name, actions);
} else if (claz.equals(LoggingPermission.class)) {
return new LoggingPermission(name, actions);
} else if (claz.equals(SQLPermission.class)) {
return new SQLPermission(name, actions);
*/
}
else
{
return
null
;
}
...
...
@@ -1079,7 +1037,7 @@ public class PolicyFile extends java.security.Policy {
if
(
cert
!=
null
)
{
if
(
vcerts
==
null
)
vcerts
=
new
ArrayList
<
Certificate
>();
vcerts
=
new
ArrayList
<>();
vcerts
.
add
(
cert
);
}
}
...
...
@@ -1329,7 +1287,7 @@ public class PolicyFile extends java.security.Policy {
List
<
PolicyParser
.
PrincipalEntry
>
entryPs
=
entry
.
getPrincipals
();
if
(
debug
!=
null
)
{
Array
List
<
PolicyParser
.
PrincipalEntry
>
accPs
=
new
ArrayList
<>();
List
<
PolicyParser
.
PrincipalEntry
>
accPs
=
new
ArrayList
<>();
if
(
principals
!=
null
)
{
for
(
int
i
=
0
;
i
<
principals
.
length
;
i
++)
{
accPs
.
add
(
new
PolicyParser
.
PrincipalEntry
...
...
@@ -1368,79 +1326,72 @@ public class PolicyFile extends java.security.Policy {
// has principals. see if policy entry principals match
// principals in current ACC
for
(
int
i
=
0
;
i
<
entryPs
.
size
();
i
++)
{
PolicyParser
.
PrincipalEntry
pppe
=
entryPs
.
get
(
i
);
// see if principal entry is a PrincipalComparator
try
{
Class
<?>
pClass
=
Class
.
forName
(
pppe
.
principalClass
,
true
,
Thread
.
currentThread
().
getContextClassLoader
());
if
(!
PrincipalComparator
.
class
.
isAssignableFrom
(
pClass
))
{
// common case - dealing with regular Principal class.
// see if policy entry principal is in current ACC
for
(
PolicyParser
.
PrincipalEntry
pppe
:
entryPs
)
{
if
(!
checkEntryPs
(
principals
,
pppe
))
{
if
(
debug
!=
null
)
{
debug
.
println
(
"evaluation (principals) failed"
);
}
// Check for wildcards
if
(
pppe
.
isWildcardClass
())
{
// a wildcard class matches all principals in current ACC
continue
;
}
// policy entry principal not in current ACC -
// immediately return and go to next policy entry
return
;
if
(
pppe
.
isWildcardName
())
{
// a wildcard name matches any principal with the same class
for
(
Principal
p
:
principals
)
{
if
(
pppe
.
principalClass
.
equals
(
p
.
getClass
().
getName
()))
{
continue
;
}
}
if
(
debug
!=
null
)
{
debug
.
println
(
"evaluation (principal name wildcard) failed"
);
}
// policy entry principal not in current ACC -
// immediately return and go to next policy entry
return
;
}
}
else
{
Set
<
Principal
>
pSet
=
new
HashSet
<>(
Arrays
.
asList
(
principals
));
Subject
subject
=
new
Subject
(
true
,
pSet
,
Collections
.
EMPTY_SET
,
Collections
.
EMPTY_SET
);
try
{
ClassLoader
cl
=
Thread
.
currentThread
().
getContextClassLoader
();
Class
<?>
pClass
=
Class
.
forName
(
pppe
.
principalClass
,
false
,
cl
);
if
(!
Principal
.
class
.
isAssignableFrom
(
pClass
))
{
// not the right subtype
throw
new
ClassCastException
(
pppe
.
principalClass
+
" is not a Principal"
);
}
// dealing with a PrincipalComparator
Constructor
<?>
c
=
pClass
.
getConstructor
(
PARAMS1
);
Principal
p
=
(
Principal
)
c
.
newInstance
(
new
Object
[]
{
pppe
.
principalName
});
Constructor
<?>
c
=
pClass
.
getConstructor
(
PARAMS1
);
PrincipalComparator
pc
=
(
PrincipalComparator
)
c
.
newInstance
(
new
Object
[]
{
pppe
.
principalName
});
if
(
debug
!=
null
)
{
debug
.
println
(
"found Principal "
+
p
.
getClass
().
getName
());
}
// check if the Principal implies the current
// thread's principals
if
(!
p
.
implies
(
subject
))
{
if
(
debug
!=
null
)
{
debug
.
println
(
"found PrincipalComparator "
+
pc
.
getClass
().
getName
());
debug
.
println
(
"evaluation (principal implies) failed"
);
}
// check if the PrincipalComparator
// implies the current thread's principals
Set
<
Principal
>
pSet
=
new
HashSet
<>(
principals
.
length
);
for
(
int
j
=
0
;
j
<
principals
.
length
;
j
++)
{
pSet
.
add
(
principals
[
j
]);
}
Subject
subject
=
new
Subject
(
true
,
pSet
,
Collections
.
EMPTY_SET
,
Collections
.
EMPTY_SET
);
if
(!
pc
.
implies
(
subject
))
{
if
(
debug
!=
null
)
{
debug
.
println
(
"evaluation (principal comparator) failed"
);
}
// policy principal does not imply the current Subject -
// immediately return and go to next policy entry
return
;
}
// policy principal does not imply the current Subject -
// immediately return and go to next policy entry
return
;
}
}
catch
(
Exception
e
)
{
// fall back to
regular
principal comparison.
// fall back to
default
principal comparison.
// see if policy entry principal is in current ACC
if
(
debug
!=
null
)
{
e
.
printStackTrace
();
}
if
(!
checkEntryPs
(
principals
,
pppe
))
{
if
(!
pppe
.
implies
(
subject
))
{
if
(
debug
!=
null
)
{
debug
.
println
(
"evaluation (
principal
s) failed"
);
debug
.
println
(
"evaluation (
default principal implie
s) failed"
);
}
// policy entry principal not in current ACC -
...
...
@@ -1450,7 +1401,7 @@ public class PolicyFile extends java.security.Policy {
}
// either the principal information matched,
// or the Principal
Comparator
.implies succeeded.
// or the Principal.implies succeeded.
// continue loop and test the next policy principal
}
...
...
@@ -1484,47 +1435,6 @@ public class PolicyFile extends java.security.Policy {
}
}
/**
* This method returns, true, if the principal in the policy entry,
* pppe, is part of the current thread's principal array, pList.
* This method also returns, true, if the policy entry's principal
* is appropriately wildcarded.
*
* Note that the provided <i>pppe</i> argument may have
* wildcards (*) for both the <code>Principal</code> class and name.
*
* @param pList an array of principals from the current thread's
* AccessControlContext.
*
* @param pppe a Principal specified in a policy grant entry.
*
* @return true if the current thread's pList "contains" the
* principal in the policy entry, pppe. This method
* also returns true if the policy entry's principal
* appropriately wildcarded.
*/
private
boolean
checkEntryPs
(
Principal
[]
pList
,
PolicyParser
.
PrincipalEntry
pppe
)
{
for
(
int
i
=
0
;
i
<
pList
.
length
;
i
++)
{
if
(
pppe
.
principalClass
.
equals
(
PolicyParser
.
PrincipalEntry
.
WILDCARD_CLASS
)
||
pppe
.
principalClass
.
equals
(
pList
[
i
].
getClass
().
getName
()))
{
if
(
pppe
.
principalName
.
equals
(
PolicyParser
.
PrincipalEntry
.
WILDCARD_NAME
)
||
pppe
.
principalName
.
equals
(
pList
[
i
].
getName
()))
{
return
true
;
}
}
}
return
false
;
}
/**
* <p>
*
...
...
@@ -1568,8 +1478,7 @@ public class PolicyFile extends java.security.Policy {
sb
.
append
(
sp
.
getSelfName
().
substring
(
startIndex
,
v
));
// expand SELF
ListIterator
<
PolicyParser
.
PrincipalEntry
>
pli
=
entryPs
.
listIterator
();
Iterator
<
PolicyParser
.
PrincipalEntry
>
pli
=
entryPs
.
iterator
();
while
(
pli
.
hasNext
())
{
PolicyParser
.
PrincipalEntry
pppe
=
pli
.
next
();
String
[][]
principalInfo
=
getPrincipalInfo
(
pppe
,
pdp
);
...
...
@@ -1596,8 +1505,8 @@ public class PolicyFile extends java.security.Policy {
try
{
// first try to instantiate the permission
perms
.
add
(
getInstance
(
sp
.
getSelfType
(),
sb
.
toString
(),
sp
.
getSelfActions
()));
sb
.
toString
(),
sp
.
getSelfActions
()));
}
catch
(
ClassNotFoundException
cnfe
)
{
// ok, the permission is not in the bootclasspath.
// before we add an UnresolvedPermission, check to see
...
...
@@ -1673,10 +1582,7 @@ public class PolicyFile extends java.security.Policy {
// 2) the entry's Principal name is wildcarded only
// 3) the entry's Principal class and name are wildcarded
if
(!
pe
.
principalClass
.
equals
(
PolicyParser
.
PrincipalEntry
.
WILDCARD_CLASS
)
&&
!
pe
.
principalName
.
equals
(
PolicyParser
.
PrincipalEntry
.
WILDCARD_NAME
))
{
if
(!
pe
.
isWildcardClass
()
&&
!
pe
.
isWildcardName
())
{
// build an info array for the principal
// from the Policy entry
...
...
@@ -1685,24 +1591,19 @@ public class PolicyFile extends java.security.Policy {
info
[
0
][
1
]
=
pe
.
principalName
;
return
info
;
}
else
if
(!
pe
.
principalClass
.
equals
(
PolicyParser
.
PrincipalEntry
.
WILDCARD_CLASS
)
&&
pe
.
principalName
.
equals
(
PolicyParser
.
PrincipalEntry
.
WILDCARD_NAME
))
{
}
else
if
(!
pe
.
isWildcardClass
()
&&
pe
.
isWildcardName
())
{
// build an info array for every principal
// in the current domain which has a principal class
// that is equal to policy entry principal class name
List
<
Principal
>
plist
=
new
ArrayList
<>();
for
(
int
i
=
0
;
i
<
pdp
.
length
;
i
++)
{
if
(
pe
.
principalClass
.
equals
(
pdp
[
i
].
getClass
().
getName
()))
if
(
pe
.
principalClass
.
equals
(
pdp
[
i
].
getClass
().
getName
()))
plist
.
add
(
pdp
[
i
]);
}
String
[][]
info
=
new
String
[
plist
.
size
()][
2
];
int
i
=
0
;
java
.
util
.
Iterator
<
Principal
>
pIterator
=
plist
.
iterator
();
while
(
pIterator
.
hasNext
())
{
Principal
p
=
pIterator
.
next
();
for
(
Principal
p
:
plist
)
{
info
[
i
][
0
]
=
p
.
getClass
().
getName
();
info
[
i
][
1
]
=
p
.
getName
();
i
++;
...
...
@@ -1763,7 +1664,7 @@ public class PolicyFile extends java.security.Policy {
// Done
return
certs
;
Array
List
<
Certificate
>
userCertList
=
new
ArrayList
<>();
List
<
Certificate
>
userCertList
=
new
ArrayList
<>();
i
=
0
;
while
(
i
<
certs
.
length
)
{
userCertList
.
add
(
certs
[
i
]);
...
...
@@ -1889,10 +1790,8 @@ public class PolicyFile extends java.security.Policy {
if
(
principals
==
null
||
principals
.
isEmpty
()
||
keystore
==
null
)
return
true
;
ListIterator
<
PolicyParser
.
PrincipalEntry
>
i
=
principals
.
listIterator
();
while
(
i
.
hasNext
())
{
PolicyParser
.
PrincipalEntry
pppe
=
i
.
next
();
if
(
pppe
.
principalClass
.
equals
(
PolicyParser
.
REPLACE_NAME
))
{
for
(
PolicyParser
.
PrincipalEntry
pppe
:
principals
)
{
if
(
pppe
.
isReplaceName
())
{
// perform replacement
// (only X509 replacement is possible now)
...
...
@@ -2241,8 +2140,7 @@ public class PolicyFile extends java.security.Policy {
if
(
this
.
certs
==
null
)
{
// extract the signer certs
ArrayList
<
Certificate
>
signerCerts
=
new
ArrayList
<>();
List
<
Certificate
>
signerCerts
=
new
ArrayList
<>();
i
=
0
;
while
(
i
<
certs
.
length
)
{
signerCerts
.
add
(
certs
[
i
]);
...
...
@@ -2406,11 +2304,10 @@ public class PolicyFile extends java.security.Policy {
private
java
.
util
.
Random
random
;
PolicyInfo
(
int
numCaches
)
{
policyEntries
=
new
ArrayList
<
PolicyEntry
>();
policyEntries
=
new
ArrayList
<>();
identityPolicyEntries
=
Collections
.
synchronizedList
(
new
ArrayList
<
PolicyEntry
>(
2
));
aliasMapping
=
Collections
.
synchronizedMap
(
new
HashMap
<
Object
,
Object
>(
11
));
aliasMapping
=
Collections
.
synchronizedMap
(
new
HashMap
<>(
11
));
pdMapping
=
new
ProtectionDomainCache
[
numCaches
];
JavaSecurityProtectionDomainAccess
jspda
...
...
src/share/classes/sun/security/provider/PolicyParser.java
浏览文件 @
57bcefdb
/*
* Copyright (c) 1997, 201
0
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 201
2
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -29,16 +29,17 @@ import java.io.*;
import
java.lang.RuntimePermission
;
import
java.net.SocketPermission
;
import
java.net.URL
;
import
java.security.GeneralSecurityException
;
import
java.security.Principal
;
import
java.text.MessageFormat
;
import
java.util.Enumeration
;
import
java.util.Hashtable
;
import
java.util.Iterator
;
import
java.util.LinkedList
;
import
java.util.ListIterator
;
import
java.util.Vector
;
import
java.util.StringTokenizer
;
import
java.text.MessageFormat
;
import
javax.security.auth.x500.X500Principal
;
import
java.security.GeneralSecurityException
;
import
sun.security.util.Debug
;
import
sun.security.util.PropertyExpander
;
import
sun.security.util.ResourcesMgr
;
...
...
@@ -72,7 +73,7 @@ import sun.security.util.ResourcesMgr;
* Permissions perms = policy.getPermissions(protectiondomain)
* </pre>
*
* <p>The protection domain contains CodeSource
* <p>The protection domain contains
a
CodeSource
* object, which encapsulates its codebase (URL) and public key attributes.
* It also contains the principals associated with the domain.
* The Policy object evaluates the global policy in light of who the
...
...
@@ -87,9 +88,6 @@ import sun.security.util.ResourcesMgr;
public
class
PolicyParser
{
// needs to be public for PolicyTool
public
static
final
String
REPLACE_NAME
=
"PolicyParser.REPLACE_NAME"
;
private
static
final
String
EXTDIRS_PROPERTY
=
"java.ext.dirs"
;
private
static
final
String
OLD_EXTDIRS_EXPANSION
=
"${"
+
EXTDIRS_PROPERTY
+
"}"
;
...
...
@@ -452,7 +450,7 @@ public class PolicyParser {
peekAndMatch
(
","
);
}
else
if
(
peekAndMatch
(
"Principal"
))
{
if
(
principals
==
null
)
{
principals
=
new
LinkedList
<
PrincipalEntry
>();
principals
=
new
LinkedList
<>();
}
String
principalClass
;
...
...
@@ -461,7 +459,7 @@ public class PolicyParser {
if
(
peek
(
"\""
))
{
// both the principalClass and principalName
// will be replaced later
principalClass
=
REPLACE_NAME
;
principalClass
=
PrincipalEntry
.
REPLACE_NAME
;
principalName
=
match
(
"principal type"
);
}
else
{
// check for principalClass wildcard
...
...
@@ -916,7 +914,7 @@ public class PolicyParser {
out
.
print
(
",\n"
);
}
if
(
principals
!=
null
&&
principals
.
size
()
>
0
)
{
ListIterator
<
PrincipalEntry
>
pli
=
principals
.
listI
terator
();
Iterator
<
PrincipalEntry
>
pli
=
principals
.
i
terator
();
while
(
pli
.
hasNext
())
{
out
.
print
(
" "
);
PrincipalEntry
pe
=
pli
.
next
();
...
...
@@ -949,23 +947,22 @@ public class PolicyParser {
/**
* Principal info (class and name) in a grant entry
*/
public
static
class
PrincipalEntry
{
public
static
class
PrincipalEntry
implements
Principal
{
public
static
final
String
WILDCARD_CLASS
=
"WILDCARD_PRINCIPAL_CLASS"
;
public
static
final
String
WILDCARD_NAME
=
"WILDCARD_PRINCIPAL_NAME"
;
public
static
final
String
REPLACE_NAME
=
"PolicyParser.REPLACE_NAME"
;
String
principalClass
;
String
principalName
;
/**
* A PrincipalEntry consists of the <code>Principal</code>
* class and <code>Principal</code> name.
*
* <p>
*
* @param principalClass the <code>Principal</code> class. <p>
* A PrincipalEntry consists of the Principal class and Principal name.
*
* @param principalName the <code>Principal</code> name. <p>
* @param principalClass the Principal class
* @param principalName the Principal name
* @throws NullPointerException if principalClass or principalName
* are null
*/
public
PrincipalEntry
(
String
principalClass
,
String
principalName
)
{
if
(
principalClass
==
null
||
principalName
==
null
)
...
...
@@ -975,6 +972,18 @@ public class PolicyParser {
this
.
principalName
=
principalName
;
}
boolean
isWildcardName
()
{
return
principalName
.
equals
(
WILDCARD_NAME
);
}
boolean
isWildcardClass
()
{
return
principalClass
.
equals
(
WILDCARD_CLASS
);
}
boolean
isReplaceName
()
{
return
principalClass
.
equals
(
REPLACE_NAME
);
}
public
String
getPrincipalClass
()
{
return
principalClass
;
}
...
...
@@ -984,9 +993,9 @@ public class PolicyParser {
}
public
String
getDisplayClass
()
{
if
(
principalClass
.
equals
(
WILDCARD_CLASS
))
{
if
(
isWildcardClass
(
))
{
return
"*"
;
}
else
if
(
principalClass
.
equals
(
REPLACE_NAME
))
{
}
else
if
(
isReplaceName
(
))
{
return
""
;
}
else
return
principalClass
;
...
...
@@ -997,7 +1006,7 @@ public class PolicyParser {
}
public
String
getDisplayName
(
boolean
addQuote
)
{
if
(
principalName
.
equals
(
WILDCARD_NAME
))
{
if
(
isWildcardName
(
))
{
return
"*"
;
}
else
{
...
...
@@ -1006,8 +1015,14 @@ public class PolicyParser {
}
}
@Override
public
String
getName
()
{
return
principalName
;
}
@Override
public
String
toString
()
{
if
(!
principalClass
.
equals
(
REPLACE_NAME
))
{
if
(!
isReplaceName
(
))
{
return
getDisplayClass
()
+
"/"
+
getDisplayName
();
}
else
{
return
getDisplayName
();
...
...
@@ -1016,15 +1031,13 @@ public class PolicyParser {
/**
* Test for equality between the specified object and this object.
* Two PrincipalEntries are equal if their PrincipalClass and
* PrincipalName values are equal.
*
* <p>
*
* @param obj the object to test for equality with this object.
* Two PrincipalEntries are equal if their class and name values
* are equal.
*
* @return true if the objects are equal, false otherwise.
* @param obj the object to test for equality with this object
* @return true if the objects are equal, false otherwise
*/
@Override
public
boolean
equals
(
Object
obj
)
{
if
(
this
==
obj
)
return
true
;
...
...
@@ -1033,27 +1046,23 @@ public class PolicyParser {
return
false
;
PrincipalEntry
that
=
(
PrincipalEntry
)
obj
;
if
(
this
.
principalClass
.
equals
(
that
.
principalClass
)
&&
this
.
principalName
.
equals
(
that
.
principalName
))
{
return
true
;
}
return
false
;
return
(
principalClass
.
equals
(
that
.
principalClass
)
&&
principalName
.
equals
(
that
.
principalName
));
}
/**
* Return a hashcode for this <code>PrincipalEntry</code>.
*
* <p>
* Return a hashcode for this PrincipalEntry.
*
* @return a hashcode for this
<code>PrincipalEntry</code>.
* @return a hashcode for this
PrincipalEntry
*/
@Override
public
int
hashCode
()
{
return
principalClass
.
hashCode
();
}
public
void
write
(
PrintWriter
out
)
{
out
.
print
(
"principal "
+
getDisplayClass
()
+
" "
+
getDisplayName
(
true
));
getDisplayName
(
true
));
}
}
...
...
@@ -1101,6 +1110,7 @@ public class PolicyParser {
* Calculates a hash code value for the object. Objects
* which are equal will also have the same hashcode.
*/
@Override
public
int
hashCode
()
{
int
retval
=
permission
.
hashCode
();
if
(
name
!=
null
)
retval
^=
name
.
hashCode
();
...
...
@@ -1108,6 +1118,7 @@ public class PolicyParser {
return
retval
;
}
@Override
public
boolean
equals
(
Object
obj
)
{
if
(
obj
==
this
)
return
true
;
...
...
@@ -1210,28 +1221,18 @@ public class PolicyParser {
i18nMessage
=
form
.
format
(
source
);
}
@Override
public
String
getLocalizedMessage
()
{
return
i18nMessage
;
}
}
public
static
void
main
(
String
arg
[])
throws
Exception
{
FileReader
fr
=
null
;
FileWriter
fw
=
null
;
try
{
try
(
FileReader
fr
=
new
FileReader
(
arg
[
0
]);
FileWriter
fw
=
new
FileWriter
(
arg
[
1
]))
{
PolicyParser
pp
=
new
PolicyParser
(
true
);
fr
=
new
FileReader
(
arg
[
0
]);
pp
.
read
(
fr
);
fw
=
new
FileWriter
(
arg
[
1
]);
pp
.
write
(
fw
);
}
finally
{
if
(
fr
!=
null
)
{
fr
.
close
();
}
if
(
fw
!=
null
)
{
fw
.
close
();
}
}
}
}
src/share/classes/sun/security/tools/policytool/PolicyTool.java
浏览文件 @
57bcefdb
...
...
@@ -604,7 +604,7 @@ public class PolicyTool {
InstantiationException
{
if
(
type
.
equals
(
PolicyParser
.
PrincipalEntry
.
WILDCARD_CLASS
)
||
type
.
equals
(
PolicyParser
.
REPLACE_NAME
))
{
type
.
equals
(
PolicyParser
.
PrincipalEntry
.
REPLACE_NAME
))
{
return
;
}
Class
<?>
PRIN
=
Class
.
forName
(
"java.security.Principal"
);
...
...
@@ -2094,7 +2094,7 @@ class ToolDialog extends Dialog {
}
else
if
(
pclass
.
equals
(
""
))
{
// make this consistent with what PolicyParser does
// when it sees an empty principal class
pclass
=
PolicyParser
.
REPLACE_NAME
;
pclass
=
PolicyParser
.
PrincipalEntry
.
REPLACE_NAME
;
tool
.
warnings
.
addElement
(
"Warning: Principal name '"
+
pname
+
"' specified without a Principal class.\n"
+
...
...
test/java/security/Principal/Implies.java
0 → 100644
浏览文件 @
57bcefdb
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 7019834
* @summary test default implementation of Principal.implies
*/
import
java.security.Principal
;
import
java.util.Collections
;
import
java.util.HashSet
;
import
java.util.Set
;
import
javax.security.auth.Subject
;
import
javax.security.auth.kerberos.KerberosPrincipal
;
import
javax.security.auth.x500.X500Principal
;
public
class
Implies
{
public
static
void
main
(
String
[]
args
)
throws
Exception
{
X500Principal
duke
=
new
X500Principal
(
"CN=Duke"
);
// should not throw NullPointerException
testImplies
(
duke
,
(
Subject
)
null
,
false
);
Set
<
Principal
>
principals
=
new
HashSet
<>();
principals
.
add
(
duke
);
testImplies
(
duke
,
principals
,
true
);
X500Principal
tux
=
new
X500Principal
(
"CN=Tux"
);
principals
.
add
(
tux
);
testImplies
(
duke
,
principals
,
true
);
principals
.
add
(
new
KerberosPrincipal
(
"duke@java.com"
));
testImplies
(
duke
,
principals
,
true
);
principals
.
clear
();
principals
.
add
(
tux
);
testImplies
(
duke
,
principals
,
false
);
System
.
out
.
println
(
"test passed"
);
}
private
static
void
testImplies
(
Principal
principal
,
Set
<?
extends
Principal
>
principals
,
boolean
result
)
throws
SecurityException
{
Subject
subject
=
new
Subject
(
true
,
principals
,
Collections
.
emptySet
(),
Collections
.
emptySet
());
testImplies
(
principal
,
subject
,
result
);
}
private
static
void
testImplies
(
Principal
principal
,
Subject
subject
,
boolean
result
)
throws
SecurityException
{
if
(
principal
.
implies
(
subject
)
!=
result
)
{
throw
new
SecurityException
(
"test failed"
);
}
}
}
test/sun/security/provider/PolicyFile/Comparator.java
浏览文件 @
57bcefdb
/*
* Copyright (c) 2004, 201
1
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2004, 201
2
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -39,7 +39,6 @@ import javax.security.auth.Subject;
import
javax.security.auth.x500.X500Principal
;
import
sun.security.provider.PolicyFile
;
import
com.sun.security.auth.PrincipalComparator
;
import
com.sun.security.auth.UnixPrincipal
;
import
com.sun.security.auth.NTUserPrincipal
;
import
com.sun.security.auth.SolarisPrincipal
;
...
...
@@ -90,7 +89,7 @@ public class Comparator {
private
static
final
Principal
[]
badP
=
new
Principal
[]
{
new
SolarisPrincipal
(
"bad"
)
};
public
static
class
PCompare1
implements
Principal
Comparator
{
public
static
class
PCompare1
implements
Principal
{
private
String
name
;
...
...
@@ -98,6 +97,12 @@ public class Comparator {
this
.
name
=
name
;
}
@Override
public
String
getName
()
{
return
name
;
}
@Override
public
boolean
implies
(
Subject
subject
)
{
if
(
subject
.
getPrincipals
().
contains
(
p1
[
0
]))
{
return
true
;
...
...
@@ -106,13 +111,19 @@ public class Comparator {
}
}
public
static
class
PCompare2
implements
Principal
Comparator
{
public
static
class
PCompare2
implements
Principal
{
private
String
name
;
public
PCompare2
(
String
name
)
{
this
.
name
=
name
;
}
@Override
public
String
getName
()
{
return
name
;
}
@Override
public
boolean
implies
(
Subject
subject
)
{
if
(
subject
.
getPrincipals
().
contains
(
p2
[
0
])
&&
subject
.
getPrincipals
().
contains
(
p2
[
1
]))
{
...
...
@@ -122,13 +133,19 @@ public class Comparator {
}
}
public
static
class
PCompare3
implements
Principal
Comparator
{
public
static
class
PCompare3
implements
Principal
{
private
String
name
;
public
PCompare3
(
String
name
)
{
this
.
name
=
name
;
}
@Override
public
String
getName
()
{
return
name
;
}
@Override
public
boolean
implies
(
Subject
subject
)
{
return
false
;
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录