|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectjava.security.Policy
public abstract class Policy
Policy
is an abstract class for managing the system security
policy for the Java application environment. It specifies which permissions
are available for code from various sources. The security policy is
represented through a subclass of Policy
.
Only one Policy
is in effect at any time. A
ProtectionDomain
initializes itself with information from this class
on the set of permssions to grant.
The location for the actual Policy
could be anywhere in any
form because it depends on the Policy implementation. The default system is
in a flat ASCII file or it could be in a database.
The current installed Policy
can be accessed with
getPolicy()
and changed with setPolicy(Policy)
if the code
has the correct permissions.
The refresh()
method causes the Policy
instance to
refresh/reload its configuration. The method used to refresh depends on the
Policy
implementation.
When a protection domain initializes its permissions, it uses code like the following:
policy = Policy.getPolicy();
PermissionCollection perms = policy.getPermissions(myCodeSource);
The protection domain passes the Policy
handler a
CodeSource
instance which contains the codebase URL and a public key.
The Policy
implementation then returns the proper set of
permissions for that CodeSource
.
The default Policy
implementation can be changed by setting
the "policy.provider" security provider in the "java.security" file to the
correct Policy
implementation class.
CodeSource
,
PermissionCollection
,
SecureClassLoader
Constructor Summary | |
---|---|
Policy()
Constructs a new Policy object. |
Method Summary | |
---|---|
abstract PermissionCollection |
getPermissions(CodeSource codesource)
Returns the set of Permissions allowed for a given CodeSource . |
PermissionCollection |
getPermissions(ProtectionDomain domain)
Returns the set of Permissions allowed for a given ProtectionDomain . |
static Policy |
getPolicy()
Returns the currently installed Policy handler. |
boolean |
implies(ProtectionDomain domain,
Permission permission)
Checks if the designated Permission is granted to a designated
ProtectionDomain . |
abstract void |
refresh()
Causes this Policy instance to refresh / reload its
configuration. |
static void |
setPolicy(Policy policy)
Sets the Policy handler to a new value. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public Policy()
Policy
object.
Method Detail |
---|
public static Policy getPolicy()
Policy
handler. The value
should not be cached as it can be changed any time by
setPolicy(Policy)
.
Policy
.
SecurityException
- if a SecurityManager
is installed which disallows this
operation.public static void setPolicy(Policy policy)
Policy
handler to a new value.
policy
- the new Policy
to use.
SecurityException
- if a SecurityManager
is installed which disallows this
operation.public abstract PermissionCollection getPermissions(CodeSource codesource)
CodeSource
.
codesource
- the CodeSource
for which, the caller needs to find the
set of granted permissions.
CodeSource
specified by the
current Policy
.
SecurityException
- if a SecurityManager
is installed which disallows this
operation.public PermissionCollection getPermissions(ProtectionDomain domain)
ProtectionDomain
.
domain
- the ProtectionDomain
for which, the caller needs to find
the set of granted permissions.
ProtectionDomain
specified by the
current Policy.
.ProtectionDomain
,
SecureClassLoader
public boolean implies(ProtectionDomain domain, Permission permission)
Permission
is granted to a designated
ProtectionDomain
.
domain
- the ProtectionDomain
to test.permission
- the Permission
to check.
true
if permission
is implied by a
permission granted to this ProtectionDomain
. Returns
false
otherwise.ProtectionDomain
public abstract void refresh()
Policy
instance to refresh / reload its
configuration. The method used to refresh depends on the concrete
implementation.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |