All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class java.security.Policy 

java.lang.Object
    |
    +----java.security.Policy
public abstract class Policy
extends Object
The policy for a Java runtime (specifying which permissions are available for code from various principals) is represented by a Policy object.

There is only one Policy object in effect at any given time. It is consulted by a ProtectionDomain when the protection domain initializes its set of permissions.

The source location for the policy information utilized by the Policy object is up to the Policy implementation. The policy configuration may be stored, for example, as a flat ASCII file, as a serialized binary file of the Policy class, or as a database.

The currently-installed Policy object can be obtained by calling getPolicy, and it can be changed by a call to the setPolicy method.

The refresh method causes the policy object to refresh/reload its current configuration. This is implementation-dependent. For example, if the policy object stores its policy in configuration files, calling refresh will cause it to re-read the configuration policy files.

The Policy object is agnostic in that it is not involved in making policy decisions. It is merely the Java runtime representation of the persistent policy configuration.

When a protection domain needs to initialize its set of permissions, it executes code such as the following to ask the currently installed Policy object to populate a Permissions object with the appropriate permissions: 

   policy = Policy.getPolicy();
   Permissions perms = policy.evaluate(MyCodeSource)

The protection domain passes in a CodeSource object, which encapsulates its codebase (URL) and public key attributes. The Policy object evaluates the global policy in light of who the principal is and returns an appropriate Permissions object.

The default Policy implementation can be changed by setting the value of the "policy.provider" security property (in the Java security properties file) to the fully qualified name of the desired Policy implementation class. The Java security properties file is located in the file named <JAVA_HOME>/lib/security/java.security, where <JAVA_HOME> refers to the directory where the JDK was installed.

See Also:
CodeSource, Permissions

Constructor Index

o Policy()

Method Index

o evaluate(CodeSource)
Evaluates the policy object with the specified CodeSource, and creates a Permissions object with the set of permissions for that principal's protection domain.
o getPolicy()
Returns the installed Policy object.
o refresh()
Refreshes the given policy object.
o setPolicy(Policy)
Sets the system-wide Policy object.

Constructors

o Policy 
public Policy()

Methods

o getPolicy 
public static Policy getPolicy()
Returns the installed Policy object. This value should not be cached, as it may be changed by a call to setPolicy. This method calls AccessController.checkPermission with the SecurityPermission("Policy.getPolicy") permission.

Returns:
the installed Policy.
Throws: AccessControlException
if the current thread does not have permission to get the Policy object.
o setPolicy 
public static void setPolicy(Policy policy)
Sets the system-wide Policy object. This method calls AccessController.checkPermission with the SecurityPermission("Policy.setPolicy") permission.

Parameters:
policy - the new system Policy object.
Throws: AccessControlException
if the current thread does not have permission to set the Policy.
o evaluate 
public abstract Permissions evaluate(CodeSource codesource)
Evaluates the policy object with the specified CodeSource, and creates a Permissions object with the set of permissions for that principal's protection domain.

Parameters:
CodeSource - the codesource associated with the caller. This encapsulates the original location of the code (where the code came from) and the public key(s) of its signer.
Returns:
the set of permissions according to the policy.
Throws: AccessControlException
if the current thread does not have permission to call evaluate on the policy object.
o refresh 
public abstract void refresh()
Refreshes the given policy object. The behavior of this method depends on the implementation. For example, calling refresh on a file-based policy will cause the file to be re-read.

Throws: AccessControlException
if the current thread does not have permission to refresh this Policy object.
All Packages  Class Hierarchy  This Package  Previous  Next  Index
Submit a bug or feature