JavaTM 2 Platform Std. Ed. v1.4.2
java.security
Class Policy
java.lang.Object
java.security.Policy
- public abstract class Policy
- extends Object
This is an abstract class for representing the system security
policy for a Java application environment (specifying
which permissions are available for code from various sources).
That is, the security policy is represented by a Policy subclass
providing an implementation of the abstract methods
in this Policy class.
There is only one Policy object in effect at any given time.
The source location for the policy information utilized by the
Policy object is up to the Policy implementation.
The policy configuration may be stored, for example, as a
flat ASCII file, as a serialized binary file of
the Policy class, or as a database.
The currently-installed Policy object can be obtained by
calling the getPolicy method, and it can be
changed by a call to the setPolicy method (by
code with permission to reset the Policy).
The refresh method causes the policy
object to refresh/reload its current configuration.
This is implementation-dependent. For example, if the policy
object stores its policy in configuration files, calling
refresh will cause it to re-read the configuration
policy files. The refreshed policy may not have an effect on classes
in a particular ProtectionDomain. This is dependent on the Policy
provider's implementation of the
implies
method and the PermissionCollection caching strategy.
The default Policy implementation can be changed by setting the
value of the "policy.provider" security property (in the Java
security properties file) to the fully qualified name of
the desired Policy implementation class.
The Java security properties file is located in the file named
<JAVA_HOME>/lib/security/java.security, where <JAVA_HOME>
refers to the directory where the SDK was installed.
- See Also:
CodeSource ,
PermissionCollection ,
SecureClassLoader
Method Summary |
abstract PermissionCollection |
getPermissions(CodeSource codesource)
Evaluates the global policy and returns a
PermissionCollection object specifying the set of
permissions allowed for code from the specified
code source. |
PermissionCollection |
getPermissions(ProtectionDomain domain)
Evaluates the global policy and returns a
PermissionCollection object specifying the set of
permissions allowed given the characteristics of the
protection domain. |
static Policy |
getPolicy()
Returns the installed Policy object. |
boolean |
implies(ProtectionDomain domain,
Permission permission)
Evaluates the global policy for the permissions granted to
the ProtectionDomain and tests whether the permission is
granted. |
abstract void |
refresh()
Refreshes/reloads the policy configuration. |
static void |
setPolicy(Policy policy)
Sets the system-wide Policy object. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Policy
public Policy()
getPolicy
public static Policy getPolicy()
- Returns the installed Policy object. This value should not be cached,
as it may be changed by a call to
setPolicy .
This method first calls
SecurityManager.checkPermission with a
SecurityPermission("getPolicy") permission
to ensure it's ok to get the Policy object..
- Returns:
- the installed Policy.
- Throws:
SecurityException - if a security manager exists and its
checkPermission method doesn't allow
getting the Policy object.- See Also:
SecurityManager.checkPermission(Permission) ,
setPolicy(java.security.Policy)
setPolicy
public static void setPolicy(Policy policy)
- Sets the system-wide Policy object. This method first calls
SecurityManager.checkPermission with a
SecurityPermission("setPolicy")
permission to ensure it's ok to set the Policy.
- Parameters:
policy - the new system Policy object.
- Throws:
SecurityException - if a security manager exists and its
checkPermission method doesn't allow
setting the Policy.- See Also:
SecurityManager.checkPermission(Permission) ,
getPolicy()
getPermissions
public abstract PermissionCollection getPermissions(CodeSource codesource)
- Evaluates the global policy and returns a
PermissionCollection object specifying the set of
permissions allowed for code from the specified
code source.
- Parameters:
codesource - the CodeSource associated with the caller.
This encapsulates the original location of the code (where the code
came from) and the public key(s) of its signer.
- Returns:
- the set of permissions allowed for code from codesource
according to the policy.The returned set of permissions must be
a new mutable instance and it must support heterogeneous
Permission types.
getPermissions
public PermissionCollection getPermissions(ProtectionDomain domain)
- Evaluates the global policy and returns a
PermissionCollection object specifying the set of
permissions allowed given the characteristics of the
protection domain.
- Parameters:
domain - the ProtectionDomain associated with the caller.
- Returns:
- the set of permissions allowed for the domain
according to the policy.The returned set of permissions must be
a new mutable instance and it must support heterogeneous
Permission types.
- Since:
- 1.4
- See Also:
ProtectionDomain ,
SecureClassLoader
implies
public boolean implies(ProtectionDomain domain,
Permission permission)
- Evaluates the global policy for the permissions granted to
the ProtectionDomain and tests whether the permission is
granted.
- Parameters:
domain - the ProtectionDomain to testpermission - the Permission object to be tested for implication.
- Returns:
- true if "permission" is a proper subset of a permission
granted to this ProtectionDomain.
- Since:
- 1.4
- See Also:
ProtectionDomain
refresh
public abstract void refresh()
- Refreshes/reloads the policy configuration. The behavior of this method
depends on the implementation. For example, calling
refresh
on a file-based policy will cause the file to be re-read.
Copyright 2003 Sun Microsystems, Inc. All rights reserved
|