public abstract class Policy extends Object
Policy
is an abstract class for managing the system security
policy for the Java application environment. It specifies which permissions
are available for code from various sources. The security policy is
represented through a subclass of Policy
.
Only one Policy
is in effect at any time. A
ProtectionDomain
initializes itself with information from this class
on the set of permssions to grant.
The location for the actual Policy
could be anywhere in any
form because it depends on the Policy implementation. The default system is
in a flat ASCII file or it could be in a database.
The current installed Policy
can be accessed with
getPolicy()
and changed with setPolicy(Policy)
if the code
has the correct permissions.
The refresh()
method causes the Policy
instance to
refresh/reload its configuration. The method used to refresh depends on the
Policy
implementation.
When a protection domain initializes its permissions, it uses code like the following:
policy = Policy.getPolicy();
PermissionCollection perms = policy.getPermissions(myCodeSource);
The protection domain passes the Policy
handler a
CodeSource
instance which contains the codebase URL and a public key.
The Policy
implementation then returns the proper set of
permissions for that CodeSource
.
The default Policy
implementation can be changed by setting
the "policy.provider" security provider in the "java.security" file to the
correct Policy
implementation class.
CodeSource
,
PermissionCollection
,
SecureClassLoader
Constructor and Description |
---|
Policy()
Constructs a new
Policy object. |
Modifier and Type | Method and Description |
---|---|
abstract PermissionCollection |
getPermissions(CodeSource codesource)
Returns the set of Permissions allowed for a given
CodeSource . |
PermissionCollection |
getPermissions(ProtectionDomain domain)
Returns the set of Permissions allowed for a given
ProtectionDomain . |
static Policy |
getPolicy()
Returns the currently installed
Policy handler. |
boolean |
implies(ProtectionDomain domain,
Permission permission)
Checks if the designated
Permission is granted to a designated
ProtectionDomain . |
abstract void |
refresh()
Causes this
Policy instance to refresh / reload its
configuration. |
static void |
setPolicy(Policy policy)
Sets the
Policy handler to a new value. |
public Policy()
Policy
object.public static Policy getPolicy()
Policy
handler. The value
should not be cached as it can be changed any time by
setPolicy(Policy)
.Policy
.SecurityException
- if a SecurityManager
is installed which disallows this
operation.public static void setPolicy(Policy policy)
Policy
handler to a new value.policy
- the new Policy
to use.SecurityException
- if a SecurityManager
is installed which disallows this
operation.public abstract PermissionCollection getPermissions(CodeSource codesource)
CodeSource
.codesource
- the CodeSource
for which, the caller needs to find the
set of granted permissions.CodeSource
specified by the
current Policy
.SecurityException
- if a SecurityManager
is installed which disallows this
operation.public PermissionCollection getPermissions(ProtectionDomain domain)
ProtectionDomain
.domain
- the ProtectionDomain
for which, the caller needs to find
the set of granted permissions.ProtectionDomain
specified by the
current Policy.
.ProtectionDomain
,
SecureClassLoader
public boolean implies(ProtectionDomain domain, Permission permission)
Permission
is granted to a designated
ProtectionDomain
.domain
- the ProtectionDomain
to test.permission
- the Permission
to check.true
if permission
is implied by a
permission granted to this ProtectionDomain
. Returns
false
otherwise.ProtectionDomain
public abstract void refresh()
Policy
instance to refresh / reload its
configuration. The method used to refresh depends on the concrete
implementation.