This is an abstract class for representing the system security
policy for a Java application environment (specifying
which permissions are available for code from various sources).
That is, the security policy is represented by a Policy subclass
providing an implementation of the abstract methods
in this Policy class.
There is only one Policy object in effect at any given time.
The source location for the policy information utilized by the
Policy object is up to the Policy implementation.
The policy configuration may be stored, for example, as a
flat ASCII file, as a serialized binary file of
the Policy class, or as a database.
The currently-installed Policy object can be obtained by
calling the getPolicy method, and it can be
changed by a call to the setPolicy method (by
code with permission to reset the Policy).
The refresh method causes the policy
object to refresh/reload its current configuration.
This is implementation-dependent. For example, if the policy
object stores its policy in configuration files, calling
refresh will cause it to re-read the configuration
policy files. The refreshed policy may not have an effect on classes
in a particular ProtectionDomain. This is dependent on the Policy
provider's implementation of the
Policy.implies(ProtectionDomain,Permission) implies method and the PermissionCollection caching strategy.
The default Policy implementation can be changed by setting the
value of the "policy.provider" security property (in the Java
security properties file) to the fully qualified name of
the desired Policy implementation class.
The Java security properties file is located in the file named
<JAVA_HOME>/lib/security/java.security, where <JAVA_HOME>
refers to the directory where the SDK was installed.
author: Roland Schemers author: Gary Ellison version: 1.76, 10/10/06 See Also: java.security.CodeSource See Also: java.security.PermissionCollection See Also: java.security.SecureClassLoader |