public abstract class Policy extends Object
Policy is an abstract class for managing the system security
policy for the Java application environment. It specifies which permissions
are available for code from various sources. The security policy is
represented through a subclass of Policy.
Only one Policy is in effect at any time. A
ProtectionDomain initializes itself with information from this class
on the set of permssions to grant.
The location for the actual Policy could be anywhere in any
form because it depends on the Policy implementation. The default system is
in a flat ASCII file or it could be in a database.
The current installed Policy can be accessed with
getPolicy() and changed with setPolicy(Policy) if the code
has the correct permissions.
The refresh() method causes the Policy instance to
refresh/reload its configuration. The method used to refresh depends on the
Policy implementation.
When a protection domain initializes its permissions, it uses code like the following:
policy = Policy.getPolicy();
PermissionCollection perms = policy.getPermissions(myCodeSource);
The protection domain passes the Policy handler a
CodeSource instance which contains the codebase URL and a public key.
The Policy implementation then returns the proper set of
permissions for that CodeSource.
The default Policy implementation can be changed by setting
the "policy.provider" security provider in the "java.security" file to the
correct Policy implementation class.
CodeSource,
PermissionCollection,
SecureClassLoader| Constructor and Description |
|---|
Policy()
Constructs a new
Policy object. |
| Modifier and Type | Method and Description |
|---|---|
abstract PermissionCollection |
getPermissions(CodeSource codesource)
Returns the set of Permissions allowed for a given
CodeSource. |
PermissionCollection |
getPermissions(ProtectionDomain domain)
Returns the set of Permissions allowed for a given
ProtectionDomain. |
static Policy |
getPolicy()
Returns the currently installed
Policy handler. |
boolean |
implies(ProtectionDomain domain,
Permission permission)
Checks if the designated
Permission is granted to a designated
ProtectionDomain. |
abstract void |
refresh()
Causes this
Policy instance to refresh / reload its
configuration. |
static void |
setPolicy(Policy policy)
Sets the
Policy handler to a new value. |
public Policy()
Policy object.public static Policy getPolicy()
Policy handler. The value
should not be cached as it can be changed any time by
setPolicy(Policy).Policy.SecurityException - if a SecurityManager is installed which disallows this
operation.public static void setPolicy(Policy policy)
Policy handler to a new value.policy - the new Policy to use.SecurityException - if a SecurityManager is installed which disallows this
operation.public abstract PermissionCollection getPermissions(CodeSource codesource)
CodeSource.codesource - the CodeSource for which, the caller needs to find the
set of granted permissions.CodeSource specified by the
current Policy.SecurityException - if a SecurityManager is installed which disallows this
operation.public PermissionCollection getPermissions(ProtectionDomain domain)
ProtectionDomain.domain - the ProtectionDomain for which, the caller needs to find
the set of granted permissions.ProtectionDomain specified by the
current Policy..ProtectionDomain,
SecureClassLoaderpublic boolean implies(ProtectionDomain domain, Permission permission)
Permission is granted to a designated
ProtectionDomain.domain - the ProtectionDomain to test.permission - the Permission to check.true if permission is implied by a
permission granted to this ProtectionDomain. Returns
false otherwise.ProtectionDomainpublic abstract void refresh()
Policy instance to refresh / reload its
configuration. The method used to refresh depends on the concrete
implementation.