JavaTM 2 Platform
Std. Ed. v1.3.1

java.security
Class Policy

java.lang.Object
  |
  +--java.security.Policy

public abstract class Policy
extends Object

This is an abstract class for representing the system security policy for a Java application environment (specifying which permissions are available for code from various sources). That is, the security policy is represented by a Policy subclass providing an implementation of the abstract methods in this Policy class.

There is only one Policy object in effect at any given time.

The Policy object is typically consulted by objects such as the SecureClassLoader when a loader needs to determine the permissions to assign to a particular protection domain. The SecureClassLoader executes code such as the following to ask the currently installed Policy object to populate a PermissionCollection object:

   policy = Policy.getPolicy();
   PermissionCollection perms = policy.getPermissions(MyCodeSource)
 

The SecureClassLoader object passes in a CodeSource object, which encapsulates the codebase (URL) and public key certificates of the classes being loaded. The Policy object consults its policy specification and returns an appropriate Permissions object enumerating the permissions allowed for code from the specified code source.

The source location for the policy information utilized by the Policy object is up to the Policy implementation. The policy configuration may be stored, for example, as a flat ASCII file, as a serialized binary file of the Policy class, or as a database.

The currently-installed Policy object can be obtained by calling the getPolicy method, and it can be changed by a call to the setPolicy method (by code with permission to reset the Policy).

The refresh method causes the policy object to refresh/reload its current configuration. This is implementation-dependent. For example, if the policy object stores its policy in configuration files, calling refresh will cause it to re-read the configuration policy files. The refreshed policy may not have an effect on classes loaded from a given CodeSource. This is dependent on the ProtectionDomain caching strategy of the ClassLoader. For example, the SecureClassLoader caches protection domains.

The default Policy implementation can be changed by setting the value of the "policy.provider" security property (in the Java security properties file) to the fully qualified name of the desired Policy implementation class. The Java security properties file is located in the file named <JAVA_HOME>/lib/security/java.security, where <JAVA_HOME> refers to the directory where the SDK was installed.

See Also:
CodeSource, PermissionCollection, SecureClassLoader

Constructor Summary
Policy()
           
 
Method Summary
abstract  PermissionCollection getPermissions(CodeSource codesource)
          Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for code from the specified code source.
static Policy getPolicy()
          Returns the installed Policy object.
abstract  void refresh()
          Refreshes/reloads the policy configuration.
static void setPolicy(Policy policy)
          Sets the system-wide Policy object.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

Policy

public Policy()
Method Detail

getPolicy

public static Policy getPolicy()
Returns the installed Policy object. This value should not be cached, as it may be changed by a call to setPolicy. This method first calls SecurityManager.checkPermission with a SecurityPermission("getPolicy") permission to ensure it's ok to get the Policy object..
Returns:
the installed Policy.
Throws:
SecurityException - if a security manager exists and its checkPermission method doesn't allow getting the Policy object.
See Also:
SecurityManager#checkPermission(SecurityPermission), setPolicy(java.security.Policy)

setPolicy

public static void setPolicy(Policy policy)
Sets the system-wide Policy object. This method first calls SecurityManager.checkPermission with a SecurityPermission("setPolicy") permission to ensure it's ok to set the Policy.
Parameters:
policy - the new system Policy object.
Throws:
SecurityException - if a security manager exists and its checkPermission method doesn't allow setting the Policy.
See Also:
SecurityManager#checkPermission(SecurityPermission), getPolicy()

getPermissions

public abstract PermissionCollection getPermissions(CodeSource codesource)
Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for code from the specified code source.
Parameters:
codesource - the CodeSource associated with the caller. This encapsulates the original location of the code (where the code came from) and the public key(s) of its signer.
Returns:
the set of permissions allowed for code from codesource according to the policy.
Throws:
SecurityException - if the current thread does not have permission to call getPermissions on the policy object.

refresh

public abstract void refresh()
Refreshes/reloads the policy configuration. The behavior of this method depends on the implementation. For example, calling refresh on a file-based policy will cause the file to be re-read.
Throws:
SecurityException - if the current thread does not have permission to refresh this Policy object.

JavaTM 2 Platform
Std. Ed. v1.3.1

Submit a bug or feature
For further API reference and developer documentation, see Java 2 SDK SE Developer Documentation. That documentation contains more detailed, developer-targeted descriptions, with conceptual overviews, definitions of terms, workarounds, and working code examples.

Java, Java 2D, and JDBC are trademarks or registered trademarks of Oracle and/or its affiliates, in the US and other countries.
Copyright © 1995, 2010 Oracle and/or its affiliates. All rights reserved.