java.lang.Objectjava.security.Policy
public abstract class Policy
A Policy object is responsible for determining whether code executing in the Java runtime environment has permission to perform a security-sensitive operation.
This is an abstract class for representing the system security policy for a Java application environment (specifying which permissions are available for code from various sources). That is, the security policy is represented by a Policy subclass providing an implementation of the abstract methods in this Policy class.
There is only one Policy object installed in the runtime at any given time. A Policy object can be installed by calling the setPolicy method. The installed Policy object can be obtained by calling the getPolicy method.
There is only one Policy object in effect at any given time.
If no Policy object has been installed in the runtime, a call to getPolicy installs an instance of the default Policy implementation (a default subclass implementation of this abstract class). The default Policy implementation can be changed by setting the value of the "policy.provider" security property (in the Java security properties file) to the fully qualified name of the desired Policy subclass implementation. The Java security properties file is located in the file named <JAVA_HOME>/lib/security/java.security. <JAVA_HOME> refers to the value of the java.home system property, and specifies the directory where the JRE is installed.
The source location for the policy information utilized by the Policy object is up to the Policy implementation. The policy configuration may be stored, for example, as a flat ASCII file, as a serialized binary file of the Policy class, or as a database.
Application code can directly subclass Policy to provide a custom implementation. In addition, an instance of a Policy object can be constructed by invoking one of the getInstance factory methods with a standard type. The default policy type is "JavaPolicy". See Appendix A in the
Java Cryptography Architecture API Specification & Reference
for a list of standard Policy types.
The currently-installed Policy object can be obtained by calling the getPolicy method, and it can be changed by a call to the setPolicy method (by code with permission to reset the Policy).
Once a Policy instance has been installed (either by default, or by calling setPolicy), the Java runtime invokes its implies when it needs to determine whether executing code (encapsulated in a ProtectionDomain) can perform SecurityManager-protected operations. How a Policy object retrieves its policy data is up to the Policy implementation itself. The policy data may be stored, for example, in a flat ASCII file, in a serialized binary file of the Policy class, or in a database.
The refresh method causes the policy object to refresh/reload its current configuration.
The refresh method causes the policy object to refresh/reload its data.
This
operation
is implementation-dependent. For example, if the policy object stores its
data
policy
in configuration files, calling refresh will cause it to re-read the configuration policy files.
If a refresh operation is not supported, this method does nothing. Note that
The
refreshed policy may not have an effect on classes in a particular ProtectionDomain. This is dependent on the Policy provider's implementation of the
implies
implies
method and
its
the
PermissionCollection caching strategy.
The default Policy implementation can be changed by setting the value of the "policy.provider" security property (in the Java security properties file) to the fully qualified name of the desired Policy implementation class. The Java security properties file is located in the file named <JAVA_HOME>/lib/security/java.security, where <JAVA_HOME> refers to the directory where the JDK was installed.
![]() |
|
---|---|
![]() |
![]() ![]() |
![]() |
|
---|---|
![]() ![]() |
![]() ![]() |
Constructor Summary | |
---|---|
Policy
() |
Method Summary | |
---|---|
![]() ![]() ![]() ![]() |
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
![]() ![]() |
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
![]() ![]() |
![]() ![]() ![]() ![]() |
![]() ![]() |
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
![]() ![]() |
![]() ![]() ![]() |
![]() ![]() |
![]() ![]() ![]() ![]() |
![]() ![]() |
![]() ![]() ![]() ![]() |
static Policy |
getPolicy
() Returns the installed Policy object. |
![]() ![]() |
![]() ![]() ![]() |
![]() ![]() |
![]() ![]() ![]() |
boolean |
implies
(
ProtectionDomain
domain,
Permission
permission) Evaluates the global policy for the permissions granted to the ProtectionDomain and tests whether the permission is granted. |
![]() |
refresh
() Refreshes/reloads the policy configuration. |
static void |
setPolicy
(
Policy
p) Sets the system-wide Policy object. |
Methods inherited from class java.lang. Object |
---|
clone , equals , finalize , getClass , hashCode , notify , notifyAll , toString , wait , wait , wait |
![]() |
---|
public static final
PermissionCollection
UNSUPPORTED_EMPTY_COLLECTION
Constructor Detail |
---|
public Policy()
Method Detail |
---|
public static Policy getPolicy()
public static void setPolicy(Policy p)
public static
Policy
getInstance
(
String
type,
Policy.Parameters
params) throws
NoSuchAlgorithmException
This method traverses the list of registered security providers, starting with the most preferred Provider. A new Policy object encapsulating the PolicySpi implementation from the first Provider that supports the specified type is returned.
Note that the list of registered providers may be retrieved via the
Security.getProviders()
method.
public static
Policy
getInstance
(
String
type,
Policy.Parameters
params,
String
provider) throws
NoSuchProviderException
,
NoSuchAlgorithmException
A new Policy object encapsulating the PolicySpi implementation from the specified provider is returned. The specified provider must be registered in the provider list.
Note that the list of registered providers may be retrieved via the
Security.getProviders()
method.
public static
Policy
getInstance
(
String
type,
Policy.Parameters
params,
Provider
provider) throws
NoSuchAlgorithmException
A new Policy object encapsulating the PolicySpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list.
public
Provider
getProvider
()
This Policy instance will only have a Provider if it was obtained via a call to Policy.getInstance. Otherwise this method returns null.
public
String
getType
()
This Policy instance will only have a type if it was obtained via a call to Policy.getInstance. Otherwise this method returns null.
public
Policy.Parameters
getParameters
()
This Policy instance will only have parameters if it was obtained via a call to Policy.getInstance. Otherwise this method returns null.
publicabstractPermissionCollectiongetPermissions(CodeSource codesource)
Applications are discouraged from calling this method since this operation may not be supported by all policy implementations. Applications should solely rely on the implies method to perform policy checks. If an application absolutely must call a getPermissions method, it should call getPermissions(ProtectionDomain).
The default implementation of this method returns Policy.UNSUPPORTED_EMPTY_COLLECTION. This method can be overridden if the policy implementation can return a set of permissions granted to a CodeSource.
public PermissionCollection getPermissions(ProtectionDomain domain)
Applications are discouraged from calling this method since this operation may not be supported by all policy implementations. Applications should rely on the implies method to perform policy checks.
The default implementation of this method first retrieves the permissions returned via getPermissions(CodeSource) (the CodeSource is taken from the specified ProtectionDomain), as well as the permissions located inside the specified ProtectionDomain. All of these permissions are then combined and returned in a new PermissionCollection object. If getPermissions(CodeSource) returns Policy.UNSUPPORTED_EMPTY_COLLECTION, then this method returns the permissions contained inside the specified ProtectionDomain in a new PermissionCollection object.
This method can be overridden if the policy implementation supports returning a set of permissions granted to a ProtectionDomain.
public boolean implies(ProtectionDomain domain, Permission permission)
publicabstractvoid refresh()
The default implementation of this method does nothing. This method should be overridden if a refresh operation is supported by the policy implementation.