java.security
Class Policy
java.lang.Object
|
+--java.security.Policy
public abstract class
Policyextends
ObjectPolicy is an abstract class for managing the system security
policy for the Java application environment. It specifies
which permissions are available for code from various
sources. The security policy is represented through a
subclass of Policy.
Only one Policy is in effect at any time. ProtectionDomain
initializes itself with information from this class on the
set of permssions to grant.
The location for the actual Policy could be anywhere in any
form because it depends on the Policy implementation. The
default system is in a flat ASCII file or it could be in a
database.
The current installed Policy can be accessed with getPolicy
and changed with setPolicy if the code has the correct
permissions.
The refresh method causes the Policy class to refresh/reload
its configuration. The method used to refresh depends on the
Policy implementation.
When a protection domain initializes its permissions it uses
code like:
policy = Policy.getPolicy();
permissionCollection perms = policy.getPermissions(MyCodeSource)
The protection domain passes the Policy handler a CodeSource
object which contains the codebase URL and public key. The
Policy implementation then returns the proper set of
permissions for the CodeSource.
The default Policy implementation can be changed by setting
the "policy.provider" security provider in java.security
to the correct Policy implementation class.
Since:Author:Policy
public Policy()
Constructs a new Policy class.
getPermissions
public PermissionCollection getPermissions(java.security.CodeSource codesource)
Evalutes the global policy and returns a set of Permissions
allowed for the specified CodeSource.
Parameters:
Returns:
- a set of permissions for codesource specified by
the current policy
Throws:
SecurityException
- if the current thread does not
have permission to call getPermissions
getPolicy
public static Policy getPolicy()
Gets the currently installed Policy handler. The value should
not be cached as it can be changed by setPolicy. This
function first calls SecurityManager.checkPermission
with SecurityPermission("getPolicy")
to check
if the caller has Permission to get the current Policy.
Returns:
Throws:
SecurityException
- if the security manager exists
the caller does not have permission to
getPolicy
.
refresh
public void refresh()
Refreshes and/or reloads the current Policy. The actual
behavior of this method depends on the implementation.
setPolicy
public static void setPolicy(java.security.Policy policy)
Sets the currently installed Policy handler. This
function first calls SecurityManager.checkPermission
with SecurityPermission("setPolicy")
to check
if the caller has Permission to get the current Policy.
Parameters:
Throws:
SecurityException
- if the security manager exists
the caller does not have permission to
getPolicy
.
policy = Policy.getPolicy(); permissionCollection perms = policy.getPermissions(MyCodeSource)
The protection domain passes the Policy handler a CodeSource object which contains the codebase URL and public key. The Policy implementation then returns the proper set of permissions for the CodeSource. The default Policy implementation can be changed by setting the "policy.provider" security provider in java.security to the correct Policy implementation class.