|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.ibm.security12.java.security.Policy | +--com.ibm.security12.sun.security.provider.PolicyFile
The policy for a Java runtime (specifying which permissions are available for code from various principals) is represented as one or more separate persistent configurations. Each configuration may be stored as a flat ASCII file, as a serialized binary file of the Policy class, or as a database.
Each Java runtime may have multiple policy files. The default policy files are configured in the security properties file to be:
(java.home)/lib/security/java.policy (user.home)/.java.policy
where java.home indicates the JDK installation directory (determined by the value of the "java.home" system property), and
where user.home indicates the user's home directory (determined by the value of the "user.home" system property).
The Java runtime creates one global Policy object, which is used to represent the permissions granted in the static policy configuration file(s). It is consulted by a ProtectionDomain when the protection domain initializes its set of permissions.
The Policy object is agnostic in that it is not involved in making policy decisions. It is merely the Java runtime representation of the persistent policy configuration file(s).
When a protection domain needs to initialize its set of permissions, it executes code such as the following to ask the global Policy object to populate a PermissionCollection object with the appropriate permissions:
policy = Policy.getPolicy(); PermissionCollection perms = policy.getPermissions(MyCodeSource)
The protection domain passes in a CodeSource object, which encapsulates its codebase (URL) and public key attributes. The Policy object evaluates the global policy in light of who the principal is and returns an appropriate Permissions object.
CodeSource
,
Permissions
,
ProtectionDomain
Constructor Summary | |
PolicyFile()
Creates a Policy object. |
Method Summary | |
PermissionCollection |
getPermissions(CodeSource codesource)
Examines the global policy for the specified CodeSource, and creates a PermissionCollection object with the set of permissions for that principal's protection domain. |
void |
getPermissions(Permissions perms,
CodeSource cs)
Examines the global policy for the specified CodeSource, and creates a PermissionCollection object with the set of permissions for that principal's protection domain. |
protected Certificate[] |
getSignerCertificates(CodeSource cs)
|
void |
refresh()
Refreshes the policy object. |
Methods inherited from class com.ibm.security12.java.security.Policy |
getPolicy,
setPolicy |
Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
Constructor Detail |
public PolicyFile()
Method Detail |
public void refresh()
public PermissionCollection getPermissions(CodeSource codesource)
CodeSource
- the codesource associated with the caller.
This encapsulates the original location of the code (where the code
came from) and the public key(s) of its signer.public void getPermissions(Permissions perms, CodeSource cs)
permissions
- the permissions to populatecodesource
- the codesource associated with the caller.
This encapsulates the original location of the code (where the code
came from) and the public key(s) of its signer.protected Certificate[] getSignerCertificates(CodeSource cs)
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |