Spec-Zone .ru
спецификации, руководства, описания, API
|
|
JavaTM 2 Platform Std. Ed. v1.3.1 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--java.security.Policy
This is an abstract class for representing the system security policy for a Java application environment (specifying which permissions are available for code from various sources). That is, the security policy is represented by a Policy subclass providing an implementation of the abstract methods in this Policy class.
There is only one Policy object in effect at any given time.
The Policy object is typically consulted by objects such as the
SecureClassLoader
when a loader
needs to determine the permissions to assign to a particular
protection domain. The SecureClassLoader executes code such as the
following to ask the currently installed Policy object to populate a
PermissionCollection object:
policy = Policy.getPolicy(); PermissionCollection perms = policy.getPermissions(MyCodeSource)
The SecureClassLoader object passes in a CodeSource object, which encapsulates the codebase (URL) and public key certificates of the classes being loaded. The Policy object consults its policy specification and returns an appropriate Permissions object enumerating the permissions allowed for code from the specified code source.
The source location for the policy information utilized by the Policy object is up to the Policy implementation. The policy configuration may be stored, for example, as a flat ASCII file, as a serialized binary file of the Policy class, or as a database.
The currently-installed Policy object can be obtained by
calling the getPolicy
method, and it can be
changed by a call to the setPolicy
method (by
code with permission to reset the Policy).
The refresh
method causes the policy
object to refresh/reload its current configuration. This is
implementation-dependent. For example, if the policy object stores
its policy in configuration files, calling refresh
will
cause it to re-read the configuration policy files. The refreshed
policy may not have an effect on classes loaded from a given
CodeSource. This is dependent on the ProtectionDomain caching strategy
of the ClassLoader. For example, the
SecureClassLoader
caches protection domains.
The default Policy implementation can be changed by setting the value of the "policy.provider" security property (in the Java security properties file) to the fully qualified name of the desired Policy implementation class. The Java security properties file is located in the file named <JAVA_HOME>/lib/security/java.security, where <JAVA_HOME> refers to the directory where the SDK was installed.
CodeSource
,
PermissionCollection
,
SecureClassLoader
Constructor Summary | |
Policy()
|
Method Summary | |
abstract PermissionCollection |
getPermissions(CodeSource codesource)
Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for code from the specified code source. |
static Policy |
getPolicy()
Returns the installed Policy object. |
abstract void |
refresh()
Refreshes/reloads the policy configuration. |
static void |
setPolicy(Policy policy)
Sets the system-wide Policy object. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public Policy()
Method Detail |
public static Policy getPolicy()
setPolicy
.
This method first calls
SecurityManager.checkPermission
with a
SecurityPermission("getPolicy")
permission
to ensure it's ok to get the Policy object..SecurityException
- if a security manager exists and its
checkPermission
method doesn't allow
getting the Policy object.SecurityManager#checkPermission(SecurityPermission)
,
setPolicy(java.security.Policy)
public static void setPolicy(Policy policy)
SecurityManager.checkPermission
with a
SecurityPermission("setPolicy")
permission to ensure it's ok to set the Policy.policy
- the new system Policy object.SecurityException
- if a security manager exists and its
checkPermission
method doesn't allow
setting the Policy.SecurityManager#checkPermission(SecurityPermission)
,
getPolicy()
public abstract PermissionCollection getPermissions(CodeSource codesource)
codesource
- the CodeSource associated with the caller.
This encapsulates the original location of the code (where the code
came from) and the public key(s) of its signer.SecurityException
- if the current thread does not
have permission to call getPermissions
on the policy object.public abstract void refresh()
refresh
on a file-based policy will cause the file to be re-read.SecurityException
- if the current thread does not
have permission to refresh this Policy object.
|
JavaTM 2 Platform Std. Ed. v1.3.1 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Java, Java 2D, and JDBC are trademarks or registered trademarks of Sun Microsystems, Inc. in the US and other countries.
Copyright 1993-2001 Sun Microsystems, Inc. 901 San Antonio Road
Palo Alto, California, 94303, U.S.A. All Rights Reserved.