The policy for a Java runtime (specifying
which permissions are available for code from various principals)
is represented as a separate
persistent configuration. The configuration may be stored as a
flat ASCII file, as a serialized binary file of
the Policy class, or as a database.
The Java runtime creates one global Policy object, which is used to
represent the static policy configuration file. It is consulted by
a ProtectionDomain when the protection domain initializes its set of
permissions.
The Policy init method parses the policy
configuration file, and then
populates the Policy object. The Policy object is agnostic in that
it is not involved in making policy decisions. It is merely the
Java runtime representation of the persistent policy configuration
file.
When a protection domain needs to initialize its set of
permissions, it executes code such as the following
to ask the global Policy object to populate a
Permissions object with the appropriate permissions:
policy = Policy.getPolicy();
Permissions perms = policy.getPermissions(protectiondomain)
The protection domain contains CodeSource
object, which encapsulates its codebase (URL) and public key attributes.
It also contains the principals associated with the domain.
The Policy object evaluates the global policy in light of who the
principal is and what the code source is and returns an appropriate
Permissions object.
version: 1.28, 01/14/00 author: Roland Schemers author: Ram Marti since: JDK1.2 |