Re: Policy File Syntax & Security Architecture

Charlie Lai (charlie@angeles.eng.sun.com)
Thu, 3 Dec 1998 16:28:02 -0800 (PST)

> Q1: I can create my own set of application permissions embed them in the
> policy file and then perform an application check via
> PermissionCollection.implies(Permission permission) to see if the applet or
> application has permission? Yes or No?
>
> I believe the answer is yes but I would like confirmation.

YES

> Q2: Without changing the default Policy object supplied by Sun, I would
> like to know if the implementation supports adding additional items to the
> Domain (signedBy - certificates & codeBase - URL) item? Yes or No?
>
> For instance:
>
> grant signedBy "SunKey", codeBase "http://www.abc.com", newItem "value" {
> ...
> };
>
> I believe the answer is no but I would like confirmation.

NO

> Q3: If the answer to Q2 is no does the architecture support the possibility
> to achieve the above results by replacing the default Policy object with my
> own? Yes or No?
>
> I believe the answer is Yes but I would like confirmation.

YES

> If yes then doesn't this also imply I must subclass CodeSource and place my
> new data in this class?

YES -- you'd also have to implement your own ClassLoader which
uses your own CodeSource. i have to warn you -- although your
proposed task is possible, it's not exactly trivial and straightfoward.

> Btw can I subclass from a class without the source code - only byte code?

YES

thanks,
charlie