java.security
Class Policy

java.lang.Object
  extended by java.security.Policy

public abstract class Policy
extends Object

Policy is an abstract class for managing the system security policy for the Java application environment. It specifies which permissions are available for code from various sources. The security policy is represented through a subclass of Policy.

Only one Policy is in effect at any time. A ProtectionDomain initializes itself with information from this class on the set of permssions to grant.

The location for the actual Policy could be anywhere in any form because it depends on the Policy implementation. The default system is in a flat ASCII file or it could be in a database.

The current installed Policy can be accessed with getPolicy() and changed with setPolicy(Policy) if the code has the correct permissions.

The refresh() method causes the Policy instance to refresh/reload its configuration. The method used to refresh depends on the Policy implementation.

When a protection domain initializes its permissions, it uses code like the following:

policy = Policy.getPolicy(); PermissionCollection perms = policy.getPermissions(myCodeSource);

The protection domain passes the Policy handler a CodeSource instance which contains the codebase URL and a public key. The Policy implementation then returns the proper set of permissions for that CodeSource.

The default Policy implementation can be changed by setting the "policy.provider" security provider in the "java.security" file to the correct Policy implementation class.

Since:
1.2
See Also:
CodeSource, PermissionCollection, SecureClassLoader

Constructor Summary
Policy()
          Constructs a new Policy object.
 
Method Summary
abstract  PermissionCollection getPermissions(CodeSource codesource)
          Returns the set of Permissions allowed for a given CodeSource.
 PermissionCollection getPermissions(ProtectionDomain domain)
          Returns the set of Permissions allowed for a given ProtectionDomain.
static Policy getPolicy()
          Returns the currently installed Policy handler.
 boolean implies(ProtectionDomain domain, Permission permission)
          Checks if the designated Permission is granted to a designated ProtectionDomain.
abstract  void refresh()
          Causes this Policy instance to refresh / reload its configuration.
static void setPolicy(Policy policy)
          Sets the Policy handler to a new value.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

Policy

public Policy()
Constructs a new Policy object.

Method Detail

getPolicy

public static Policy getPolicy()
Returns the currently installed Policy handler. The value should not be cached as it can be changed any time by setPolicy(Policy).

Returns:
the current Policy.
Throws:
SecurityException - if a SecurityManager is installed which disallows this operation.

setPolicy

public static void setPolicy(Policy policy)
Sets the Policy handler to a new value.

Parameters:
policy - the new Policy to use.
Throws:
SecurityException - if a SecurityManager is installed which disallows this operation.

getPermissions

public abstract PermissionCollection getPermissions(CodeSource codesource)
Returns the set of Permissions allowed for a given CodeSource.

Parameters:
codesource - the CodeSource for which, the caller needs to find the set of granted permissions.
Returns:
a set of permissions for CodeSource specified by the current Policy.
Throws:
SecurityException - if a SecurityManager is installed which disallows this operation.

getPermissions

public PermissionCollection getPermissions(ProtectionDomain domain)
Returns the set of Permissions allowed for a given ProtectionDomain.

Parameters:
domain - the ProtectionDomain for which, the caller needs to find the set of granted permissions.
Returns:
a set of permissions for ProtectionDomain specified by the current Policy..
Since:
1.4
See Also:
ProtectionDomain, SecureClassLoader

implies

public boolean implies(ProtectionDomain domain,
                       Permission permission)
Checks if the designated Permission is granted to a designated ProtectionDomain.

Parameters:
domain - the ProtectionDomain to test.
permission - the Permission to check.
Returns:
true if permission is implied by a permission granted to this ProtectionDomain. Returns false otherwise.
Since:
1.4
See Also:
ProtectionDomain

refresh

public abstract void refresh()
Causes this Policy instance to refresh / reload its configuration. The method used to refresh depends on the concrete implementation.