|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--java.security.Policy
Untamed: This is an abstract class for representing the system security policy for a Java application environment (specifying which permissions are available for code from various sources). That is, the security policy is represented by a Policy subclass providing an implementation of the abstract methods in this Policy class.
There is only one Policy object in effect at any given time.
The source location for the policy information utilized by the Policy object is up to the Policy implementation. The policy configuration may be stored, for example, as a flat ASCII file, as a serialized binary file of the Policy class, or as a database.
The currently-installed Policy object can be obtained by
calling the getPolicy
method, and it can be
changed by a call to the setPolicy
method (by
code with permission to reset the Policy).
The refresh
method causes the policy
object to refresh/reload its current configuration.
This is implementation-dependent. For example, if the policy
object stores its policy in configuration files, calling
refresh
will cause it to re-read the configuration
policy files. The refreshed policy may not have an effect on classes
in a particular ProtectionDomain. This is dependent on the Policy
provider's implementation of the
implies
method and the PermissionCollection caching strategy.
The default Policy implementation can be changed by setting the value of the "policy.provider" security property (in the Java security properties file) to the fully qualified name of the desired Policy implementation class. The Java security properties file is located in the file named <JAVA_HOME>/lib/security/java.security, where <JAVA_HOME> refers to the directory where the SDK was installed.
java.security.CodeSource
,
java.security.PermissionCollection
,
java.security.SecureClassLoader
Field Summary | |
private static sun.security.util.Debug |
debug
|
private WeakHashMap |
pdMapping
|
private static Policy |
policy
the system-wide policy. |
Constructor Summary | |
Policy()
Enabled: |
Method Summary | |
private void |
addStaticPerms(PermissionCollection perms,
PermissionCollection statics)
add static permissions to provided permission collection |
abstract PermissionCollection |
getPermissions(CodeSource codesource)
Enabled: Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for code from the specified code source. |
PermissionCollection |
getPermissions(ProtectionDomain domain)
Enabled: Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed given the characteristics of the protection domain. |
static Policy |
getPolicy()
Enabled: Returns the installed Policy object. |
(package private) static Policy |
getPolicyNoCheck()
Returns the installed Policy object, skipping the security check. |
boolean |
implies(ProtectionDomain domain,
Permission permission)
Enabled: Evaluates the global policy for the permissions granted to the ProtectionDomain and tests whether the permission is granted. |
private static void |
initPolicy(Policy p)
Initialize superclass state such that a legacy provider can handle queries for itself. |
(package private) static boolean |
isSet()
package private for AccessControlContext |
abstract void |
refresh()
Enabled: Refreshes/reloads the policy configuration. |
static void |
setPolicy(Policy policy)
Enabled: Sets the system-wide Policy object. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
private static Policy policy
private static final sun.security.util.Debug debug
private WeakHashMap pdMapping
Constructor Detail |
public Policy()
Method Detail |
static boolean isSet()
public static Policy getPolicy()
setPolicy
.
This method first calls
SecurityManager.checkPermission
with a
SecurityPermission("getPolicy")
permission
to ensure it's ok to get the Policy object..
SecurityException
- if a security manager exists and its
checkPermission
method doesn't allow
getting the Policy object.SecurityManager.checkPermission(Permission)
,
setPolicy(java.security.Policy)
static Policy getPolicyNoCheck()
public static void setPolicy(Policy policy)
SecurityManager.checkPermission
with a
SecurityPermission("setPolicy")
permission to ensure it's ok to set the Policy.
policy
- the new system Policy object.
SecurityException
- if a security manager exists and its
checkPermission
method doesn't allow
setting the Policy.SecurityManager.checkPermission(Permission)
,
getPolicy()
private static void initPolicy(Policy p)
public abstract PermissionCollection getPermissions(CodeSource codesource)
codesource
- the CodeSource associated with the caller.
This encapsulates the original location of the code (where the code
came from) and the public key(s) of its signer.
public PermissionCollection getPermissions(ProtectionDomain domain)
domain
- the ProtectionDomain associated with the caller.
java.security.ProtectionDomain
,
java.security.SecureClassLoader
private void addStaticPerms(PermissionCollection perms, PermissionCollection statics)
public boolean implies(ProtectionDomain domain, Permission permission)
domain
- the ProtectionDomain to testpermission
- the Permission object to be tested for implication.
java.security.ProtectionDomain
public abstract void refresh()
refresh
on a file-based policy will cause the file to be re-read.
|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |