Java Doc for PolicyFile.java in  » 6.0-JDK-Modules » j2me » sun » security » provider » Java Source Code / Java DocumentationJava Source Code and Java Documentation

Java Source Code / Java Documentation
1. 6.0 JDK Core
2. 6.0 JDK Modules
3. 6.0 JDK Modules com.sun
4. 6.0 JDK Modules com.sun.java
5. 6.0 JDK Modules sun
6. 6.0 JDK Platform
7. Ajax
8. Apache Harmony Java SE
9. Aspect oriented
10. Authentication Authorization
11. Blogger System
12. Build
13. Byte Code
14. Cache
15. Chart
16. Chat
17. Code Analyzer
18. Collaboration
19. Content Management System
20. Database Client
21. Database DBMS
22. Database JDBC Connection Pool
23. Database ORM
24. Development
25. EJB Server geronimo
26. EJB Server GlassFish
27. EJB Server JBoss 4.2.1
28. EJB Server resin 3.1.5
29. ERP CRM Financial
30. ESB
31. Forum
32. GIS
33. Graphic Library
34. Groupware
35. HTML Parser
36. IDE
37. IDE Eclipse
38. IDE Netbeans
39. Installer
40. Internationalization Localization
41. Inversion of Control
42. Issue Tracking
43. J2EE
44. JBoss
45. JMS
46. JMX
47. Library
48. Mail Clients
49. Net
50. Parser
51. PDF
52. Portal
53. Profiler
54. Project Management
55. Report
56. RSS RDF
57. Rule Engine
58. Science
59. Scripting
60. Search Engine
61. Security
62. Sevlet Container
63. Source Control
64. Swing Library
65. Template Engine
66. Test Coverage
67. Testing
68. UML
69. Web Crawler
70. Web Framework
71. Web Mail
72. Web Server
73. Web Services
74. Web Services apache cxf 2.0.1
75. Web Services AXIS2
76. Wiki Engine
77. Workflow Engines
78. XML
79. XML UI
Java
Java Tutorial
Java Open Source
Jar File Download
Java Articles
Java Products
Java by API
Photoshop Tutorials
Maya Tutorials
Flash Tutorials
3ds-Max Tutorials
Illustrator Tutorials
GIMP Tutorials
C# / C Sharp
C# / CSharp Tutorial
C# / CSharp Open Source
ASP.Net
ASP.NET Tutorial
JavaScript DHTML
JavaScript Tutorial
JavaScript Reference
HTML / CSS
HTML CSS Reference
C / ANSI-C
C Tutorial
C++
C++ Tutorial
Ruby
PHP
Python
Python Tutorial
Python Open Source
SQL Server / T-SQL
SQL Server / T-SQL Tutorial
Oracle PL / SQL
Oracle PL/SQL Tutorial
PostgreSQL
SQL / MySQL
MySQL Tutorial
VB.Net
VB.Net Tutorial
Flash / Flex / ActionScript
VBA / Excel / Access / Word
XML
XML Tutorial
Microsoft Office PowerPoint 2007 Tutorial
Microsoft Office Excel 2007 Tutorial
Microsoft Office Word 2007 Tutorial
Java Source Code / Java Documentation » 6.0 JDK Modules » j2me » sun.security.provider 
Source Cross Reference  Class Diagram Java Document (Java Doc) 


java.lang.Object
   java.security.Policy
      sun.security.provider.PolicyFile

PolicyFile
public class PolicyFile extends java.security.Policy (Code)
This class represents a default implementation for java.security.Policy. Note: For backward compatibility with JAAS 1.0 it loads both java.auth.policy and java.policy. However it is recommended that java.auth.policy be not used and the java.policy contain all grant entries including that contain principal-based entries.

This object stores the policy for entire Java runtime, and is the amalgamation of multiple static policy configurations that resides in files. The algorithm for locating the policy file(s) and reading their information into this Policy object is:

  1. Loop through the java.security.Security properties, policy.url.1, policy.url.2, ..., policy.url.X" and auth.policy.url.1, auth.policy.url.2, ..., auth.policy.url.X". These properties are set in the Java security properties file, which is located in the file named <JAVA_HOME>/lib/security/java.security, where <JAVA_HOME> refers to the directory where the JDK was installed. Each property value specifies a URL pointing to a policy file to be loaded. Read in and load each policy. auth.policy.url is supported only for backward compatibility.
  2. The java.lang.System property java.security.policy may also be set to a URL pointing to another policy file (which is the case when a user uses the -D switch at runtime). If this property is defined, and its use is allowed by the security property file (the Security property, policy.allowSystemProperty is set to true), also load that policy.
  3. The java.lang.System property java.security.auth.policy may also be set to a URL pointing to another policy file (which is the case when a user uses the -D switch at runtime). If this property is defined, and its use is allowed by the security property file (the Security property, policy.allowSystemProperty is set to true), also load that policy. java.security.auth.policy is supported only for backward compatibility. If the java.security.policy or java.security.auth.policy property is defined using "==" (rather than "="), then ignore all other specified policies and only load this policy.
Each policy file consists of one or more grant entries, each of which consists of a number of permission entries.
 grant signedBy "alias", codeBase "URL",
 principal principalClass "principalName",
 principal principalClass "principalName",
 ... {
 permission Type "name "action", 
 signedBy "alias";
 permission Type "name "action",
 signedBy "alias";
 ....
 };
 
All non-bold items above must appear as is (although case doesn't matter and some are optional, as noted below). principal entries are optional and need not be present. Italicized items represent variable values.

A grant entry must begin with the word grant. The signedBy,codeBase and principal name/value pairs are optional. If they are not present, then any signer (including unsigned code) will match, and any codeBase will match. Note that the principalClass may be set to the wildcard value, *, which allows it to match any Principal class. In addition, the principalName may also be set to the wildcard value, *, allowing it to match any Principal name. When setting the principalName to the *, do not surround the * with quotes.

A permission entry must begin with the word permission. The word Type in the template above is a specific permission type, such as java.io.FilePermission or java.lang.RuntimePermission.

The "action" is required for many permission types, such as java.io.FilePermission (where it specifies what type of file access that is permitted). It is not required for categories such as java.lang.RuntimePermission where it is not necessary - you either have the permission specified by the "name" value following the type name or you don't.

The signedBy name/value pair for a permission entry is optional. If present, it indicates a signed permission. That is, the permission class itself must be signed by the given alias in order for it to be granted. For example, suppose you have the following grant entry:

 grant principal foo.com.Principal "Duke" {
 permission Foo "foobar", signedBy "FooSoft";
 }
 

Then this permission of type Foo is granted if the Foo.class permission has been signed by the "FooSoft" alias, or if XXX Foo.class is a system class (i.e., is found on the CLASSPATH).

Items that appear in an entry must appear in the specified order (permission, Type, "name", and "action"). An entry is terminated with a semicolon.

Case is unimportant for the identifiers (permission, signedBy, codeBase, etc.) but is significant for the Type or for any string that is passed in as a value.

An example of two entries in a policy configuration file is

 // if the code is comes from "foo.com" and is running as "Duke",
 // grant it read/write to all files in /tmp.
 grant codeBase "foo.com", principal foo.com.Principal "Duke" {
 permission java.io.FilePermission "/tmp/*", "read,write";
 };
 // grant any code running as "Duke" permission to read
 // the "java.vendor" Property.
 grant principal foo.com.Principal "Duke" { 
 permission java.util.PropertyPermission "java.vendor";
 
This Policy implementation supports special handling of any permission that contains the string, "${{self}}", as part of its target name. When such a permission is evaluated (such as during a security check), ${{self}} is replaced with one or more Principal class/name pairs. The exact replacement performed depends upon the contents of the grant clause to which the permission belongs.

If the grant clause does not contain any principal information, the permission will be ignored (permissions containing ${{self}} in their target names are only valid in the context of a principal-based grant clause). For example, BarPermission will always be ignored in the following grant clause:

 grant codebase "www.foo.com", signedby "duke" {
 permission BarPermission "... ${{self}} ...";
 };
 
If the grant clause contains principal information, ${{self}} will be replaced with that same principal information. For example, ${{self}} in BarPermission will be replaced by javax.security.auth.x500.X500Principal "cn=Duke" in the following grant clause:
 grant principal javax.security.auth.x500.X500Principal "cn=Duke" {
 permission BarPermission "... ${{self}} ...";
 };
 
If there is a comma-separated list of principals in the grant clause, then ${{self}} will be replaced by the same comma-separated list or principals. In the case where both the principal class and name are wildcarded in the grant clause, ${{self}} is replaced with all the principals associated with the Subject in the current AccessControlContext.

For PrivateCredentialPermissions, you can also use "self" instead of "${{self}}". However the use of "self" is deprecated in favour of "${{self}}".
version:
   1.47, 11/17/03
See Also:   java.security.CodeSource
See Also:   java.security.Permissions
See Also:   java.security.ProtectionDomain
See Also:   




Constructor Summary
public  PolicyFile()
     Initializes the Policy object and reads the default policy configuration file(s) into the Policy object.

Method Summary
public  PermissionCollectiongetPermissions(ProtectionDomain domain)
     Examines this Policy and returns the permissions granted to the specified ProtectionDomain.
public  PermissionCollectiongetPermissions(CodeSource codesource)
     Examines this Policy and creates a PermissionCollection object with the set of permissions for the specified CodeSource.
Parameters:
  CodeSource - the codesource associated with the caller.This encapsulates the original location of the code (where the codecame from) and the public key(s) of its signer.
protected  Certificate[]getSignerCertificates(CodeSource cs)
    
public  booleanimplies(ProtectionDomain pd, Permission p)
     Evaluates the the global policy for the permissions granted to the ProtectionDomain and tests whether the permission is granted.
Parameters:
  domain - the ProtectionDomain to test
Parameters:
  permission - the Permission object to be tested for implication.
public  voidrefresh()
     Refreshes the policy object by re-reading all the policy files.


Constructor Detail
PolicyFile
public PolicyFile()(Code)
Initializes the Policy object and reads the default policy configuration file(s) into the Policy object.




Method Detail
getPermissions
public PermissionCollection getPermissions(ProtectionDomain domain)(Code)
Examines this Policy and returns the permissions granted to the specified ProtectionDomain. This includes the permissions currently associated with the domain as well as the policy permissions granted to the domain's CodeSource, ClassLoader, and Principals.

Note that this Policy implementation has special handling for PrivateCredentialPermissions. When this method encounters a PrivateCredentialPermission which specifies "self" as the Principal class and name, it does not add that Permission to the returned PermissionCollection. Instead, it builds a new PrivateCredentialPermission for each Principal associated with the provided Subject. Each new PrivateCredentialPermission contains the same Credential class as specified in the originally granted permission, as well as the Class and name for the respective Principal.


Parameters:
  domain - the Permissions granted to thisProtectionDomain are returned. the Permissions granted to the provided ProtectionDomain.




getPermissions
public PermissionCollection getPermissions(CodeSource codesource)(Code)
Examines this Policy and creates a PermissionCollection object with the set of permissions for the specified CodeSource.
Parameters:
  CodeSource - the codesource associated with the caller.This encapsulates the original location of the code (where the codecame from) and the public key(s) of its signer. the set of permissions according to the policy.



getSignerCertificates
protected Certificate[] getSignerCertificates(CodeSource cs)(Code)



implies
public boolean implies(ProtectionDomain pd, Permission p)(Code)
Evaluates the the global policy for the permissions granted to the ProtectionDomain and tests whether the permission is granted.
Parameters:
  domain - the ProtectionDomain to test
Parameters:
  permission - the Permission object to be tested for implication. true if "permission" is a proper subset of a permissiongranted to this ProtectionDomain.
See Also:   java.security.ProtectionDomain



refresh
public void refresh()(Code)
Refreshes the policy object by re-reading all the policy files.



Methods inherited from java.security.Policy
abstract public PermissionCollection getPermissions(CodeSource codesource)(Code)(Java Doc)
public PermissionCollection getPermissions(ProtectionDomain domain)(Code)(Java Doc)
public static Policy getPolicy()(Code)(Java Doc)
public boolean implies(ProtectionDomain domain, Permission permission)(Code)(Java Doc)
abstract public void refresh()(Code)(Java Doc)
public static void setPolicy(Policy policy)(Code)(Java Doc)

Methods inherited from java.lang.Object
public boolean equals(Object obj)(Code)(Java Doc)
final native public Class getClass()(Code)(Java Doc)
native public int hashCode()(Code)(Java Doc)
final native public void notify()(Code)(Java Doc)
final native public void notifyAll()(Code)(Java Doc)
public String toString()(Code)(Java Doc)
final native public void wait(long timeout) throws InterruptedException(Code)(Java Doc)
final public void wait(long timeout, int nanos) throws InterruptedException(Code)(Java Doc)
final public void wait() throws InterruptedException(Code)(Java Doc)

www.java2java.com | Contact Us
Copyright 2009 - 12 Demo Source and Support. All rights reserved.
All other trademarks are property of their respective owners.