java.security
public abstract class Policy extends Object
Policy is an abstract class for managing the system security
policy for the Java application environment. It specifies which permissions
are available for code from various sources. The security policy is
represented through a subclass of Policy.
Only one Policy is in effect at any time. A
{@link ProtectionDomain} initializes itself with information from this class
on the set of permssions to grant.
The location for the actual Policy could be anywhere in any
form because it depends on the Policy implementation. The default system is
in a flat ASCII file or it could be in a database.
The current installed Policy can be accessed with
{@link #getPolicy()} and changed with {@link #setPolicy(Policy)} if the code
has the correct permissions.
The {@link #refresh()} method causes the Policy instance to
refresh/reload its configuration. The method used to refresh depends on the
Policy implementation.
When a protection domain initializes its permissions, it uses code like the following:
policy = Policy.getPolicy();
PermissionCollection perms = policy.getPermissions(myCodeSource);
The protection domain passes the Policy handler a
{@link CodeSource} instance which contains the codebase URL and a public key.
The Policy implementation then returns the proper set of
permissions for that {@link CodeSource}.
The default Policy implementation can be changed by setting
the "policy.provider" security provider in the "java.security" file to the
correct Policy implementation class.
Since: 1.2
See Also: CodeSource PermissionCollection SecureClassLoader
| Constructor Summary | |
|---|---|
| Policy() Constructs a new Policy object. | |
| Method Summary | |
|---|---|
| abstract PermissionCollection | getPermissions(CodeSource codesource)
Returns the set of Permissions allowed for a given {@link CodeSource}.
|
| PermissionCollection | getPermissions(ProtectionDomain domain)
Returns the set of Permissions allowed for a given {@link ProtectionDomain}.
|
| static Policy | getPolicy()
Returns the currently installed Policy handler. |
| boolean | implies(ProtectionDomain domain, Permission permission)
Checks if the designated {@link Permission} is granted to a designated
{@link ProtectionDomain}.
|
| abstract void | refresh()
Causes this Policy instance to refresh / reload its
configuration. |
| static void | setPolicy(Policy policy)
Sets the Policy handler to a new value.
|
Policy object.Parameters: codesource the {@link CodeSource} for which, the caller needs to find the set of granted permissions.
Returns: a set of permissions for {@link CodeSource} specified by the
current Policy.
Throws: SecurityException if a {@link SecurityManager} is installed which disallows this operation.
Parameters: domain the {@link ProtectionDomain} for which, the caller needs to find the set of granted permissions.
Returns: a set of permissions for {@link ProtectionDomain} specified by the
current Policy..
Since: 1.4
See Also: ProtectionDomain SecureClassLoader
Policy handler. The value
should not be cached as it can be changed any time by
{@link #setPolicy(Policy)}.
Returns: the current Policy.
Throws: SecurityException if a {@link SecurityManager} is installed which disallows this operation.
Parameters: domain the {@link ProtectionDomain} to test. permission the {@link Permission} to check.
Returns: true if permission is implied by a
permission granted to this {@link ProtectionDomain}. Returns
false otherwise.
Since: 1.4
See Also: ProtectionDomain
Policy instance to refresh / reload its
configuration. The method used to refresh depends on the concrete
implementation.Policy handler to a new value.
Parameters: policy
the new Policy to use.
Throws: SecurityException if a {@link SecurityManager} is installed which disallows this operation.