Hi,
I want to create a method to authorize a role for accessing forms in a desktop application.Method name is authorize(
String actions).i need to check the permissions for the actions that i'm getting from other class. i have to compare the role and actions against that in the policy file. i need to make sure that the role has the necessary permissions to access those forms.
Also i'm stuck up in the folowing code.
permissionColection.implies(new PropertyPermission("name","action"));
What does name and action denotes ? Can i assign jar name or class name to "action" ??
Attaching the code:
import java.io.File;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.CodeSource;
import java.security.PermissionCollection;
import java.security.Policy;
import java.util.PropertyPermission;
public class ClientSecurityManager extends Policy
{
static String userRole;
public ClientSecurityManager()
{
}
/*
* Authenticate the user and stores the role in memory.
*/
public boolean authenticate(String userName,String password)
{
//Calls method of Jazn for doing authentication.
//return the boolean value as the result of authentication and role.
//userRole = role;
return true;
}
public boolean authorize(String action)
{
String action1 = " ";
URL codebase = null;
try {
//Get permissions for a directory
codebase = new File("action1").toURL();
} catch(MalformedURLException e) {
}
// Construct a code source with the code base
CodeSource cs = new CodeSource(codebase,null);
PermissionCollection pcoll = Policy.getPolicy().getPermissions(cs);
boolean permissionStatus = pcoll.implies(new PropertyPermission("name","action") );
return true;
}
public void refresh() {
}
public PermissionCollection getPermissions(CodeSource cs) {
PermissionCollection permissionCollection = null;
permissionCollection.add(new PropertyPermission("name","action"));
return permissionCollection;
}
}
I hope i could get some idea from you javaranchers....