diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/AuthorizableDataSet.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/AuthorizableDataSet.java
deleted file mode 100644
index ca0a406a..00000000
--- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/AuthorizableDataSet.java
+++ /dev/null
@@ -1,168 +0,0 @@
-//package com.jd.blockchain.ledger.core;
-//
-//import com.jd.blockchain.crypto.hash.HashDigest;
-//
-//import my.utils.Scratchable;
-//import my.utils.io.ByteArray;
-//import my.utils.io.BytesUtils;
-//import my.utils.io.ExistancePolicyKVStorage;
-//import my.utils.io.VersioningKVStorage;
-//
-///**
-// * 可进行授权控制的数据集合;
-// *
-// * @author huanghaiquan
-// *
-// */
-//public class AuthorizableDataSet implements Scratchable {
-//
-// public static final String DATA_PREFIX = "DATA" + LedgerConsts.KEY_SEPERATOR;
-//// public static final String PRIVILEGE_PREFIX = "PRVL" + LedgerConsts.KEY_SEPERATOR;
-//
-// private static final String DEFAULT_PRIVILEGE_KEY = "%";
-//
-// private DataAccessable accessable;
-//
-// protected MerkleDataSet data;
-//
-//// private PrivilegeDataSet privileges;
-//
-// /**
-// * Create a new Account instance;
-// *
-// * @param address
-// * @param pubKey
-// */
-// protected AuthorizableDataSet(CryptoSetting merkleTreeSetting, ExistancePolicyKVStorage simpleStorage,
-// VersioningKVStorage versioningStorage) {
-// this(null, merkleTreeSetting, null, simpleStorage, versioningStorage);
-// }
-//
-// protected AuthorizableDataSet(byte[] dataRootHash, CryptoSetting merkleTreeSetting, byte[] privilegeRootHash,
-// ExistancePolicyKVStorage simpleStorage, VersioningKVStorage versioningStorage) {
-// this(dataRootHash, merkleTreeSetting, privilegeRootHash, simpleStorage, versioningStorage, false);
-// }
-//
-// protected AuthorizableDataSet(byte[] dataRootHash, CryptoSetting merkleTreeSetting, byte[] privilegeRootHash,
-// ExistancePolicyKVStorage simpleStorage, VersioningKVStorage versioningStorage, boolean readonly) {
-// this.data = new MerkleDataSet(dataRootHash, merkleTreeSetting,
-// PrefixAppender.prefix(DATA_PREFIX, simpleStorage),
-// PrefixAppender.prefix(DATA_PREFIX, versioningStorage), readonly);
-//
-//// this.privileges = new PrivilegeDataSet(privilegeRootHash, merkleTreeSetting,
-//// PrefixAppender.prefix(PRIVILEGE_PREFIX, simpleStorage),
-//// PrefixAppender.prefix(PRIVILEGE_PREFIX, versioningStorage), readonly);
-// }
-//
-// public ByteArray getDataRootHash() {
-// return data.getRootHash();
-// }
-//
-//// public ByteArray getPrivilegeRootHash() {
-//// return privileges.getRootHash();
-//// }
-//
-// /**
-// *
-// * @param userAddress
-// * @param op
-// * @param enable
-// */
-// public void setPrivilege(String userAddress, byte op, boolean enable) {
-//
-// }
-//
-// /**
-// *
-// * @param op
-// * @param enable
-// */
-// public void setDefaultPrivilege(byte op, boolean enable) {
-// }
-//
-// public boolean checkCurrentUserPrivilege() {
-// return false;
-// }
-//
-// /**
-// * Return the latest version entry associated the specified key; If the key
-// * doesn't exist, then return -1;
-// *
-// * @param key
-// * @return
-// */
-// public long getVersion(String key) {
-// return data.getVersion(key);
-// }
-//
-// protected long setString(String key, String value, long version) {
-// checkWritting();
-// byte[] bytes = BytesUtils.toBytes(value, LedgerConsts.CHARSET);
-// return data.setValue(key, bytes, version);
-// }
-//
-// protected String getString(String key) {
-// checkReading();
-// byte[] value = data.getValue(key);
-// return BytesUtils.toString(value, LedgerConsts.CHARSET);
-// }
-//
-// protected String getString(String key, long version) {
-// checkReading();
-// byte[] value = data.getValue(key, version);
-// return BytesUtils.toString(value, LedgerConsts.CHARSET);
-// }
-//
-// protected long setValue(String key, byte[] value, long version) {
-// checkWritting();
-// return data.setValue(key, value, version);
-// }
-//
-// protected byte[] getValue(String key) {
-// checkReading();
-// return data.getValue(key);
-// }
-//
-// protected byte[] getValue(String key, long version) {
-// checkReading();
-// return data.getValue(key, version);
-// }
-//
-// private void checkWritting() {
-// // Check writting enable;
-// }
-//
-// private void checkReading() {
-// // TODO Check privilege of reading;
-// }
-//
-// // /**
-// // * 数据“读”的操作码;
-// // *
-// // * @return
-// // */
-// // protected abstract AccountPrivilege getPrivilege();
-//
-// @Override
-// public boolean isUpdated() {
-// return data.isUpdated();
-//// return data.isUpdated()|| privileges.isUpdated();
-// }
-//
-// @Override
-// public void commit() {
-// if (data.isUpdated()) {
-// data.commit();
-// }
-//// if (privileges.isUpdated()) {
-//// privileges.commit();
-//// }
-// }
-//
-// @Override
-// public void cancel() {
-// data.cancel();
-//// privileges.cancel();
-// }
-//
-//}
\ No newline at end of file
diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/Authorization.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/Authorization.java
index cba2ffe4..18f1bf70 100644
--- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/Authorization.java
+++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/Authorization.java
@@ -8,33 +8,8 @@ import com.jd.blockchain.ledger.DigitalSignature;
* @author huanghaiquan
*
*/
-public interface Authorization {
+public class Authorization {
- /**
- * 被授权用户/角色的地址;
- *
- * @return
- */
- String getAddress();
-
- /**
- * 授权码;
- *
- * @return
- */
- byte[] getCode();
-
- /**
- * 授权者的签名;
- *
- * @return
- */
- DigitalSignature getSignature();
-
- // /**
- // * 授权生成的时间戳;
- // * @return
- // */
- // long getTs();
+
}
\ No newline at end of file
diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/AuthorizationVO.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/AuthorizationVO.java
deleted file mode 100644
index 24d7f125..00000000
--- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/AuthorizationVO.java
+++ /dev/null
@@ -1,42 +0,0 @@
-package com.jd.blockchain.ledger.core;
-
-import com.jd.blockchain.ledger.DigitalSignature;
-
-public class AuthorizationVO implements Authorization {
-
- private String address;
-
- private byte[] code;
-
- private DigitalSignature signature;
-
-
- @Override
- public String getAddress() {
- return address;
- }
-
- public void setAddress(String address) {
- this.address = address;
- }
-
- @Override
- public byte[] getCode() {
- return code;
- }
-
- public void setCode(byte[] code) {
- this.code = code;
- }
-
- @Override
- public DigitalSignature getSignature() {
- return signature;
- }
-
-
- public void setSignature(DigitalSignature signature) {
- this.signature = signature;
- }
-
-}
\ No newline at end of file
diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/BaseAccount.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/BaseAccount.java
index 9a57c6d0..7f499363 100644
--- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/BaseAccount.java
+++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/BaseAccount.java
@@ -64,13 +64,13 @@ public class BaseAccount implements AccountHeader, MerkleProvable, Transactional
/**
* Create a account instance with the specified address and pubkey and load it's
- * merkle dataset with the specified root hash. which is used for storing data
+ * merkle dataset from the specified root hash. This merkle dateset is used for storing data
* of this account.
*
* @param address
* @param pubKey
- * @param dataRootHash merkle root hash of account's data; if null be set,
- * create a new empty merkle dataset;
+ * @param dataRootHash merkle root hash of account's data; if set to a null value,
+ * an empty merkle dataset is created;
* @param cryptoSetting
* @param exStorage
* @param verStorage
diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerPermission.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerPermission.java
new file mode 100644
index 00000000..99f6b907
--- /dev/null
+++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerPermission.java
@@ -0,0 +1,13 @@
+package com.jd.blockchain.ledger.core;
+
+public enum LedgerPermission {
+
+ SET_ROLE((byte) 0);
+
+ public final byte CODE;
+
+ private LedgerPermission(byte code) {
+ this.CODE = code;
+ }
+
+}
diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerSecurityManager.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerSecurityManager.java
new file mode 100644
index 00000000..11c99c9e
--- /dev/null
+++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerSecurityManager.java
@@ -0,0 +1,35 @@
+package com.jd.blockchain.ledger.core;
+
+import java.util.Set;
+
+/**
+ *
+ * {@link LedgerSecurityManager} implements the functions of security
+ * management, including authentication, authorization, data confidentiality,
+ * etc.
+ *
+ * @author huanghaiquan
+ *
+ */
+public class LedgerSecurityManager {
+
+ public static final String ANONYMOUS_ROLE = "_ANONYMOUS";
+
+ public static final String DEFAULT_ROLE = "_DEFAULT";
+
+
+ public Set getRoleNames(){
+ throw new IllegalStateException("Not implemented!");
+ }
+
+ public Role setRole(String role, Privilege privilege) {
+ throw new IllegalStateException("Not implemented!");
+ }
+
+ public Role getRole(String role) {
+ throw new IllegalStateException("Not implemented!");
+ }
+
+
+
+}
diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/Privilege.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/Privilege.java
new file mode 100644
index 00000000..95443f45
--- /dev/null
+++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/Privilege.java
@@ -0,0 +1,54 @@
+package com.jd.blockchain.ledger.core;
+
+import java.util.Arrays;
+import java.util.BitSet;
+import java.util.Comparator;
+
+public class Privilege {
+
+ private BitSet permissions;
+
+ public Privilege(byte[] codeBytes) {
+ permissions = BitSet.valueOf(codeBytes);
+ }
+
+ public boolean isEnable(LedgerPermission permission) {
+ return permissions.get(getCodeIndex(permission));
+ }
+
+ public void enable(LedgerPermission permission) {
+ permissions.set(getCodeIndex(permission));
+ }
+
+ public void disable(LedgerPermission permission) {
+ permissions.clear(getCodeIndex(permission));
+ }
+
+ public static int getCodeIndex(LedgerPermission permission) {
+ return permission.CODE & 0xFF;
+ }
+
+ public byte[] toCodeBytes() {
+ return permissions.toByteArray();
+ }
+
+ public boolean[] getPermissionStates() {
+ LedgerPermission[] PMs = LedgerPermission.values();
+
+ LedgerPermission maxPermission = Arrays.stream(PMs).max(new Comparator() {
+ @Override
+ public int compare(LedgerPermission o1, LedgerPermission o2) {
+ return getCodeIndex(o1) - getCodeIndex(o2);
+ }
+ }).get();
+
+ boolean[] states = new boolean[getCodeIndex(maxPermission) + 1];
+ int idx = -1;
+ for (LedgerPermission pm : PMs) {
+ idx = getCodeIndex(pm);
+ states[idx] = permissions.get(idx);
+ }
+
+ return states;
+ }
+}
diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/Role.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/Role.java
new file mode 100644
index 00000000..23149745
--- /dev/null
+++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/Role.java
@@ -0,0 +1,27 @@
+package com.jd.blockchain.ledger.core;
+
+public class Role {
+
+ private String name;
+
+ private long version;
+
+ private Privilege privilege;
+
+
+
+ public String getName() {
+ return name;
+ }
+
+ public long getVersion() {
+ return version;
+ }
+
+ public Privilege getPrivilege() {
+ return privilege;
+ }
+
+
+
+}