hi, maybe the below code is helpful to you.
final SecurityManager sm;
if (System.getSecurityManager() == null) {
sm = new SecurityManager();
} else {
sm = System.getSecurityManager();
}
Subject subject = ....;
Subject.doAsPrivileged(subject, new PrivilegedExceptionAction() {
public Object run() throws Exception {
// TODO Auto-generated method stub
Permission p = new URLPermission("/demo/soft/query.jsp");
sm.checkPermission(p);
return true;
}
}, null);
you can put this code into a javax.servlet.Filter or ActionServlet and get the request url, and then construct a Permission. of course you need a URLPermission.
if the subject has access to the url "/demo/soft/query.jsp", the above code will give you a return, or throw an exception otherwise.
your security policy file should like this.
grant Principal org.xfree.jaas.exam.SimplePrincipal "manager"{
permission org.xfree.jaas.exam.URLPermission "/demo/soft/*";
permission org.xfree.jaas.exam.URLPermission "/demo/jsf/*";
};
grant Principal org.xfree.jaas.exam.SimplePrincipal "admin"{
permission org.xfree.jaas.exam.URLPermission "/demo/soft/*";
permission org.xfree.jaas.exam.URLPermission "/demo/jsf/*";
};
grant Principal org.xfree.jaas.exam.SimplePrincipal "tom"{
permission org.xfree.jaas.exam.URLPermission "/demo/soft/*";
permission org.xfree.jaas.exam.URLPermission "/demo/jsf/*";
};
grant Principal org.xfree.jaas.exam.SimplePrincipal "jerry"{
permission org.xfree.jaas.exam.URLPermission "/demo/soft/*";
permission org.xfree.jaas.exam.URLPermission "/demo/jsf/*";
};
grant Principal org.xfree.jaas.exam.SimplePrincipal *{
permission org.xfree.jaas.exam.URLPermission "/demo/login.jsp";
permission org.xfree.jaas.exam.URLPermission "/demo/error.jsp";
};
the above configuration represent permission collection of two roles and two users respectively.
you can get your configuration information from database. what you need is a policy class extending javax.security.auth.Policy.java, the default policy class is FilePolicy which extends class Policy and reads file %java_home%\jre\lib\security\java.policy.
reference:
http://www.mooreds.com/jaas.html