| |
|
| java.lang.Object java.security.Policy
All known Subclasses: java.security.URIParameter,
Policy | abstract public class Policy (Code) | | A Policy object is responsible for determining whether code executing
in the Java runtime environment has permission to perform a
security-sensitive operation.
There is only one Policy object installed in the runtime at any
given time. A Policy object can be installed by calling the
setPolicy method. The installed Policy object can be
obtained by calling the getPolicy method.
If no Policy object has been installed in the runtime, a call to
getPolicy installs an instance of the default Policy
implementation (a default subclass implementation of this abstract class).
The default Policy implementation can be changed by setting the value
of the "policy.provider" security property (in the Java security properties
file) to the fully qualified name of the desired Policy subclass
implementation. The Java security properties file is located in the
file named <JAVA_HOME>/lib/security/java.security.
<JAVA_HOME> refers to the value of the java.home system property,
and specifies the directory where the JRE is installed.
Application code can directly subclass Policy to provide a custom
implementation. In addition, an instance of a Policy object can be
constructed by invoking one of the getInstance factory methods
with a standard type. The default policy type is "JavaPolicy".
See Appendix A in the
Java Cryptography Architecture API Specification & Reference
for a list of standard Policy types.
Once a Policy instance has been installed (either by default, or by
calling setPolicy ),
the Java runtime invokes its implies when it needs to
determine whether executing code (encapsulated in a ProtectionDomain)
can perform SecurityManager-protected operations. How a Policy object
retrieves its policy data is up to the Policy implementation itself.
The policy data may be stored, for example, in a flat ASCII file,
in a serialized binary file of the Policy class, or in a database.
The refresh method causes the policy object to
refresh/reload its data. This operation is implementation-dependent.
For example, if the policy object stores its data in configuration files,
calling refresh will cause it to re-read the configuration
policy files. If a refresh operation is not supported, this method does
nothing. Note that refreshed policy may not have an effect on classes
in a particular ProtectionDomain. This is dependent on the Policy
provider's implementation of the implies
method and its PermissionCollection caching strategy.
author: Roland Schemers author: Gary Ellison version: 1.109, 05/05/07 See Also: java.security.Provider See Also: java.security.ProtectionDomain See Also: java.security.Permission |
Inner Class :public static interface Parameters | |
Method Summary | |
public static Policy | getInstance(String type, Policy.Parameters params) Returns a Policy object of the specified type.
This method traverses the list of registered security providers,
starting with the most preferred Provider.
A new Policy object encapsulating the
PolicySpi implementation from the first
Provider that supports the specified type is returned.
Note that the list of registered providers may be retrieved via
the
Security.getProviders Security.getProviders() method.
Parameters: type - the specified Policy type. | public static Policy | getInstance(String type, Policy.Parameters params, String provider) Returns a Policy object of the specified type.
A new Policy object encapsulating the
PolicySpi implementation from the specified provider
is returned. | public static Policy | getInstance(String type, Policy.Parameters params, Provider provider) Returns a Policy object of the specified type.
A new Policy object encapsulating the
PolicySpi implementation from the specified Provider
object is returned. | public Policy.Parameters | getParameters() Return Policy parameters. | public PermissionCollection | getPermissions(CodeSource codesource) Return a PermissionCollection object containing the set of
permissions granted to the specified CodeSource.
Applications are discouraged from calling this method
since this operation may not be supported by all policy implementations.
Applications should solely rely on the implies method
to perform policy checks. | public PermissionCollection | getPermissions(ProtectionDomain domain) Return a PermissionCollection object containing the set of
permissions granted to the specified ProtectionDomain.
Applications are discouraged from calling this method
since this operation may not be supported by all policy implementations.
Applications should rely on the implies method
to perform policy checks.
The default implementation of this method first retrieves
the permissions returned via getPermissions(CodeSource)
(the CodeSource is taken from the specified ProtectionDomain),
as well as the permissions located inside the specified ProtectionDomain.
All of these permissions are then combined and returned in a new
PermissionCollection object. | public static Policy | getPolicy() Returns the installed Policy object. | static synchronized Policy | getPolicyNoCheck() Returns the installed Policy object, skipping the security check. | public Provider | getProvider() Return the Provider of this Policy. | public String | getType() Return the type of this Policy. | public boolean | implies(ProtectionDomain domain, Permission permission) Evaluates the global policy for the permissions granted to
the ProtectionDomain and tests whether the permission is
granted.
Parameters: domain - the ProtectionDomain to test Parameters: permission - the Permission object to be tested for implication. | static boolean | isSet() | public void | refresh() Refreshes/reloads the policy configuration. | public static void | setPolicy(Policy p) Sets the system-wide Policy object. |
UNSUPPORTED_EMPTY_COLLECTION | final public static PermissionCollection UNSUPPORTED_EMPTY_COLLECTION(Code) | | A read-only empty PermissionCollection instance.
since: 1.6 |
getInstance | public static Policy getInstance(String type, Policy.Parameters params) throws NoSuchAlgorithmException(Code) | | Returns a Policy object of the specified type.
This method traverses the list of registered security providers,
starting with the most preferred Provider.
A new Policy object encapsulating the
PolicySpi implementation from the first
Provider that supports the specified type is returned.
Note that the list of registered providers may be retrieved via
the
Security.getProviders Security.getProviders() method.
Parameters: type - the specified Policy type. See Appendix A in theJava Cryptography Architecture API Specification & Reference for a list of standard Policy types. Parameters: params - parameters for the Policy, which may be null. the new Policy object. exception: SecurityException - if the caller does not have permissionto get a Policy instance for the specified type. exception: NullPointerException - if the specified type is null. exception: IllegalArgumentException - if the specified parametersare not understood by the PolicySpi implementationfrom the selected Provider. exception: NoSuchAlgorithmException - if no Provider supports a PolicySpiimplementation for the specified type. See Also: Provider since: 1.6 |
getInstance | public static Policy getInstance(String type, Policy.Parameters params, String provider) throws NoSuchProviderException, NoSuchAlgorithmException(Code) | | Returns a Policy object of the specified type.
A new Policy object encapsulating the
PolicySpi implementation from the specified provider
is returned. The specified provider must be registered
in the provider list.
Note that the list of registered providers may be retrieved via
the
Security.getProviders Security.getProviders() method.
Parameters: type - the specified Policy type. See Appendix A in theJava Cryptography Architecture API Specification & Reference for a list of standard Policy types. Parameters: params - parameters for the Policy, which may be null. Parameters: provider - the provider. the new Policy object. exception: SecurityException - if the caller does not have permissionto get a Policy instance for the specified type. exception: NullPointerException - if the specified type is null. exception: IllegalArgumentException - if the specified provideris null or empty,or if the specified parameters are not understood bythe PolicySpi implementation from the specified provider. exception: NoSuchProviderException - if the specified provider is notregistered in the security provider list. exception: NoSuchAlgorithmException - if the specified provider does notsupport a PolicySpi implementation for the specified type. See Also: Provider since: 1.6 |
getInstance | public static Policy getInstance(String type, Policy.Parameters params, Provider provider) throws NoSuchAlgorithmException(Code) | | Returns a Policy object of the specified type.
A new Policy object encapsulating the
PolicySpi implementation from the specified Provider
object is returned. Note that the specified Provider object
does not have to be registered in the provider list.
Parameters: type - the specified Policy type. See Appendix A in theJava Cryptography Architecture API Specification & Reference for a list of standard Policy types. Parameters: params - parameters for the Policy, which may be null. Parameters: provider - the Provider. the new Policy object. exception: SecurityException - if the caller does not have permissionto get a Policy instance for the specified type. exception: NullPointerException - if the specified type is null. exception: IllegalArgumentException - if the specified Provider is null,or if the specified parameters are not understood bythe PolicySpi implementation from the specified Provider. exception: NoSuchAlgorithmException - if the specified Provider does notsupport a PolicySpi implementation for the specified type. See Also: Provider since: 1.6 |
getParameters | public Policy.Parameters getParameters()(Code) | | Return Policy parameters.
This Policy instance will only have parameters if it
was obtained via a call to Policy.getInstance .
Otherwise this method returns null.
Policy parameters, or null. since: 1.6 |
getPermissions | public PermissionCollection getPermissions(CodeSource codesource)(Code) | | Return a PermissionCollection object containing the set of
permissions granted to the specified CodeSource.
Applications are discouraged from calling this method
since this operation may not be supported by all policy implementations.
Applications should solely rely on the implies method
to perform policy checks. If an application absolutely must call
a getPermissions method, it should call
getPermissions(ProtectionDomain) .
The default implementation of this method returns
Policy.UNSUPPORTED_EMPTY_COLLECTION. This method can be
overridden if the policy implementation can return a set of
permissions granted to a CodeSource.
Parameters: codesource - the CodeSource to which the returnedPermissionCollection has been granted. a set of permissions granted to the specified CodeSource.If this operation is supported, the returnedset of permissions must be a new mutable instanceand it must support heterogeneous Permission types.If this operation is not supported, Policy.UNSUPPORTED_EMPTY_COLLECTION is returned. |
getPermissions | public PermissionCollection getPermissions(ProtectionDomain domain)(Code) | | Return a PermissionCollection object containing the set of
permissions granted to the specified ProtectionDomain.
Applications are discouraged from calling this method
since this operation may not be supported by all policy implementations.
Applications should rely on the implies method
to perform policy checks.
The default implementation of this method first retrieves
the permissions returned via getPermissions(CodeSource)
(the CodeSource is taken from the specified ProtectionDomain),
as well as the permissions located inside the specified ProtectionDomain.
All of these permissions are then combined and returned in a new
PermissionCollection object. If getPermissions(CodeSource)
returns Policy.UNSUPPORTED_EMPTY_COLLECTION, then this method
returns the permissions contained inside the specified ProtectionDomain
in a new PermissionCollection object.
This method can be overridden if the policy implementation
supports returning a set of permissions granted to a ProtectionDomain.
Parameters: domain - the ProtectionDomain to which the returnedPermissionCollection has been granted. a set of permissions granted to the specified ProtectionDomain.If this operation is supported, the returnedset of permissions must be a new mutable instanceand it must support heterogeneous Permission types.If this operation is not supported,Policy.UNSUPPORTED_EMPTY_COLLECTION is returned. since: 1.4 |
getPolicy | public static Policy getPolicy()(Code) | | Returns the installed Policy object. This value should not be cached,
as it may be changed by a call to setPolicy .
This method first calls
SecurityManager.checkPermission with a
SecurityPermission("getPolicy") permission
to ensure it's ok to get the Policy object..
the installed Policy. throws: SecurityException - if a security manager exists and itscheckPermission method doesn't allowgetting the Policy object. See Also: SecurityManager.checkPermission(Permission) See Also: Policy.setPolicy(java.security.Policy) |
getPolicyNoCheck | static synchronized Policy getPolicyNoCheck()(Code) | | Returns the installed Policy object, skipping the security check.
Used by SecureClassLoader and getPolicy.
the installed Policy. |
getProvider | public Provider getProvider()(Code) | | Return the Provider of this Policy.
This Policy instance will only have a Provider if it
was obtained via a call to Policy.getInstance .
Otherwise this method returns null.
the Provider of this Policy, or null. since: 1.6 |
getType | public String getType()(Code) | | Return the type of this Policy.
This Policy instance will only have a type if it
was obtained via a call to Policy.getInstance .
Otherwise this method returns null.
the type of this Policy, or null. since: 1.6 |
implies | public boolean implies(ProtectionDomain domain, Permission permission)(Code) | | Evaluates the global policy for the permissions granted to
the ProtectionDomain and tests whether the permission is
granted.
Parameters: domain - the ProtectionDomain to test Parameters: permission - the Permission object to be tested for implication. true if "permission" is a proper subset of a permissiongranted to this ProtectionDomain. See Also: java.security.ProtectionDomain since: 1.4 |
isSet | static boolean isSet()(Code) | | package private for AccessControlContext
|
refresh | public void refresh()(Code) | | Refreshes/reloads the policy configuration. The behavior of this method
depends on the implementation. For example, calling refresh
on a file-based policy will cause the file to be re-read.
The default implementation of this method does nothing.
This method should be overridden if a refresh operation is supported
by the policy implementation.
|
setPolicy | public static void setPolicy(Policy p)(Code) | | Sets the system-wide Policy object. This method first calls
SecurityManager.checkPermission with a
SecurityPermission("setPolicy")
permission to ensure it's ok to set the Policy.
Parameters: p - the new system Policy object. throws: SecurityException - if a security manager exists and itscheckPermission method doesn't allowsetting the Policy. See Also: SecurityManager.checkPermission(Permission) See Also: Policy.getPolicy() |
|
|
|