Overview Package Class Use Source Tree Index Deprecated About
Prev Class | Next ClassFrames | No Frames
Summary: Nested | Field | Method | ConstrDetail: Nested | Field | Method | Constr

java.security

Class Policy

Known Direct Subclasses:
DefaultPolicy, PolicyFile
public abstract class Policy
extends Object
Policy is an abstract class for managing the system security policy for the Java application environment. It specifies which permissions are available for code from various sources. The security policy is represented through a subclass of Policy.

Only one Policy is in effect at any time. A ProtectionDomain initializes itself with information from this class on the set of permssions to grant.

The location for the actual Policy could be anywhere in any form because it depends on the Policy implementation. The default system is in a flat ASCII file or it could be in a database.

The current installed Policy can be accessed with getPolicy() and changed with setPolicy(Policy) if the code has the correct permissions.

The refresh() method causes the Policy instance to refresh/reload its configuration. The method used to refresh depends on the Policy implementation.

When a protection domain initializes its permissions, it uses code like the following: policy = Policy.getPolicy(); PermissionCollection perms = policy.getPermissions(myCodeSource);

The protection domain passes the Policy handler a CodeSource instance which contains the codebase URL and a public key. The Policy implementation then returns the proper set of permissions for that CodeSource.

The default Policy implementation can be changed by setting the "policy.provider" security provider in the "java.security" file to the correct Policy implementation class.

Since:
1.2
See Also:
CodeSource, PermissionCollection, SecureClassLoader

Constructor Summary

Policy()
Constructs a new Policy object.

Method Summary

abstract PermissionCollection
getPermissions(CodeSource codesource)
Returns the set of Permissions allowed for a given CodeSource.
PermissionCollection
getPermissions(ProtectionDomain domain)
Returns the set of Permissions allowed for a given ProtectionDomain.
static Policy
getPolicy()
Returns the currently installed Policy handler.
boolean
implies(ProtectionDomain domain, Permission permission)
Checks if the designated Permission is granted to a designated ProtectionDomain.
abstract void
refresh()
Causes this Policy instance to refresh / reload its configuration.
static void
setPolicy(Policy policy)
Sets the Policy handler to a new value.

Methods inherited from class java.lang.Object

clone, equals, extends Object> getClass, finalize, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

Policy

public Policy()
Constructs a new Policy object.

Method Details

getPermissions

public abstract PermissionCollection getPermissions(CodeSource codesource)
Returns the set of Permissions allowed for a given CodeSource.
Parameters:
codesource - the CodeSource for which, the caller needs to find the set of granted permissions.
Returns:
a set of permissions for CodeSource specified by the current Policy.
Throws:
SecurityException - if a SecurityManager is installed which disallows this operation.

getPermissions

public PermissionCollection getPermissions(ProtectionDomain domain)
Returns the set of Permissions allowed for a given ProtectionDomain.
Parameters:
domain - the ProtectionDomain for which, the caller needs to find the set of granted permissions.
Returns:
a set of permissions for ProtectionDomain specified by the current Policy..
Since:
1.4
See Also:
ProtectionDomain, SecureClassLoader

getPolicy

public static Policy getPolicy()
Returns the currently installed Policy handler. The value should not be cached as it can be changed any time by setPolicy(Policy).
Returns:
the current Policy.
Throws:
SecurityException - if a SecurityManager is installed which disallows this operation.

implies

public boolean implies(ProtectionDomain domain,
                       Permission permission)
Checks if the designated Permission is granted to a designated ProtectionDomain.
Parameters:
domain - the ProtectionDomain to test.
permission - the Permission to check.
Returns:
true if permission is implied by a permission granted to this ProtectionDomain. Returns false otherwise.
Since:
1.4
See Also:
ProtectionDomain

refresh

public abstract void refresh()
Causes this Policy instance to refresh / reload its configuration. The method used to refresh depends on the concrete implementation.

setPolicy

public static void setPolicy(Policy policy)
Sets the Policy handler to a new value.
Parameters:
policy - the new Policy to use.
Throws:
SecurityException - if a SecurityManager is installed which disallows this operation.
Policy.java --- Policy Manager Class Copyright (C) 1999, 2003, 2004 Free Software Foundation, Inc. This file is part of GNU Classpath. GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GNU Classpath; see the file COPYING. If not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version.

Overview Package Class Use Source Tree Index Deprecated About