Policy JDK 1.6)

Description

publicabstract abstract class Policy

A Policy object is responsible for determining whether code executing in the Java runtime environment has permission to perform a security-sensitive operation.

There is only one Policy object installed in the runtime at any given time. A Policy object can be installed by calling the setPolicy method. The installed Policy object can be obtained by calling the getPolicy method.

If no Policy object has been installed in the runtime, a call to getPolicy installs an instance of the default Policy implementation (a default subclass implementation of this abstract class). The default Policy implementation can be changed by setting the value of the "policy.provider" security property (in the Java security properties file) to the fully qualified name of the desired Policy subclass implementation. The Java security properties file is located in the file named <JAVA_HOME>/lib/security/java.security. <JAVA_HOME> refers to the value of the java.home system property, and specifies the directory where the JRE is installed.

Application code can directly subclass Policy to provide a custom implementation. In addition, an instance of a Policy object can be constructed by invoking one of the getInstance factory methods with a standard type. The default policy type is "JavaPolicy". See Appendix A in the Java Cryptography Architecture API Specification & Reference for a list of standard Policy types.

Once a Policy instance has been installed (either by default, or by calling setPolicy), the Java runtime invokes its implies when it needs to determine whether executing code (encapsulated in a ProtectionDomain) can perform SecurityManager-protected operations. How a Policy object retrieves its policy data is up to the Policy implementation itself. The policy data may be stored, for example, in a flat ASCII file, in a serialized binary file of the Policy class, or in a database.

The refresh method causes the policy object to refresh/reload its data. This operation is implementation-dependent. For example, if the policy object stores its data in configuration files, calling refresh will cause it to re-read the configuration policy files. If a refresh operation is not supported, this method does nothing. Note that refreshed policy may not have an effect on classes in a particular ProtectionDomain. This is dependent on the Policy provider's implementation of the implies method and its PermissionCollection caching strategy.

See also: Provider ProtectionDomain Permission

Methods

Hide/Show inherited methods

publicstatic Policy getInstance (String type, Parameters params) throws NoSuchAlgorithmException

Returns a Policy object of the specified type.

publicstatic Policy getInstance (String type, Parameters params, Provider provider) throws NoSuchAlgorithmException

Returns a Policy object of the specified type.

publicstatic Policy getInstance (String type, Parameters params, String provider) throws NoSuchProviderException NoSuchAlgorithmException

Returns a Policy object of the specified type.

public Parameters getParameters ()

Return Policy parameters.

public PermissionCollection getPermissions (CodeSource codesource)

Return a PermissionCollection object containing the set of permissions granted to the specified CodeSource.

public PermissionCollection getPermissions (ProtectionDomain domain)

Return a PermissionCollection object containing the set of permissions granted to the specified ProtectionDomain.

publicstatic Policy getPolicy ()

Returns the installed Policy object.

Returns the installed Policy object. This value should not be cached,
as it may be changed by a call to setPolicy.
This method first calls
SecurityManager.checkPermission with a
SecurityPermission("getPolicy") permission
to ensure it's ok to get the Policy object..
Returns: the installed Policy.
Throws:
- SecurityException - if a security manager exists and its checkPermission method doesn't allow getting the Policy object.
See Also: SecurityManager.checkPermission(Permission), Policy.setPolicy(java.security.Policy),

pack-privatestaticsynchronized Policy getPolicyNoCheck ()

Returns the installed Policy object, skipping the security check.

public Provider getProvider ()

Return the Provider of this Policy.

public String getType ()

Return the type of this Policy.

public boolean implies (ProtectionDomain domain, Permission permission)

Evaluates the global policy for the permissions granted to the ProtectionDomain and tests whether the permission is granted.

pack-privatestatic boolean isSet ()

package private for AccessControlContext

public void refresh ()

Refreshes/reloads the policy configuration.

Refreshes/reloads the policy configuration. The behavior of this method depends on the implementation. For example, calling refresh on a file-based policy will cause the file to be re-read.

The default implementation of this method does nothing. This method should be overridden if a refresh operation is supported by the policy implementation.

publicstatic void setPolicy (Policy p)

Sets the system-wide Policy object.

Sets the system-wide Policy object. This method first calls
SecurityManager.checkPermission with a
SecurityPermission("setPolicy")
permission to ensure it's ok to set the Policy.
Parameters:
- p - the new system Policy object.
Throws:
- SecurityException - if a security manager exists and its checkPermission method doesn't allow setting the Policy.
See Also: SecurityManager.checkPermission(Permission), Policy.getPolicy(),