com.ibm.security12.sun.security.provider
Class PolicyFile

java.lang.Object
  |
  +--com.ibm.security12.java.security.Policy
        |
        +--com.ibm.security12.sun.security.provider.PolicyFile

public class PolicyFile
extends Policy

The policy for a Java runtime (specifying which permissions are available for code from various principals) is represented as one or more separate persistent configurations. Each configuration may be stored as a flat ASCII file, as a serialized binary file of the Policy class, or as a database.

Each Java runtime may have multiple policy files. The default policy files are configured in the security properties file to be:

   (java.home)/lib/security/java.policy
   (user.home)/.java.policy
 

where java.home indicates the JDK installation directory (determined by the value of the "java.home" system property), and

where user.home indicates the user's home directory (determined by the value of the "user.home" system property).

The Java runtime creates one global Policy object, which is used to represent the permissions granted in the static policy configuration file(s). It is consulted by a ProtectionDomain when the protection domain initializes its set of permissions.

The Policy object is agnostic in that it is not involved in making policy decisions. It is merely the Java runtime representation of the persistent policy configuration file(s).

When a protection domain needs to initialize its set of permissions, it executes code such as the following to ask the global Policy object to populate a PermissionCollection object with the appropriate permissions:

  policy = Policy.getPolicy();
  PermissionCollection perms = policy.getPermissions(MyCodeSource)
 

The protection domain passes in a CodeSource object, which encapsulates its codebase (URL) and public key attributes. The Policy object evaluates the global policy in light of who the principal is and returns an appropriate Permissions object.

Version:
1.34, 07/27/98
Author:
Roland Schemers
See Also:
CodeSource, Permissions, ProtectionDomain

Constructor Summary
PolicyFile()
          Creates a Policy object.
 
Method Summary
 PermissionCollection getPermissions(CodeSource codesource)
          Examines the global policy for the specified CodeSource, and creates a PermissionCollection object with the set of permissions for that principal's protection domain.
 void getPermissions(Permissions perms, CodeSource cs)
          Examines the global policy for the specified CodeSource, and creates a PermissionCollection object with the set of permissions for that principal's protection domain.
protected  Certificate[] getSignerCertificates(CodeSource cs)
           
 void refresh()
          Refreshes the policy object.
 
Methods inherited from class com.ibm.security12.java.security.Policy
getPolicy, setPolicy
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PolicyFile

public PolicyFile()
Creates a Policy object.
Method Detail

refresh

public void refresh()
Refreshes the policy object.
Overrides:
refresh in class Policy

getPermissions

public PermissionCollection getPermissions(CodeSource codesource)
Examines the global policy for the specified CodeSource, and creates a PermissionCollection object with the set of permissions for that principal's protection domain.
Parameters:
CodeSource - the codesource associated with the caller. This encapsulates the original location of the code (where the code came from) and the public key(s) of its signer.
Returns:
the set of permissions according to the policy.
Overrides:
getPermissions in class Policy

getPermissions

public void getPermissions(Permissions perms,
                           CodeSource cs)
Examines the global policy for the specified CodeSource, and creates a PermissionCollection object with the set of permissions for that principal's protection domain.
Parameters:
permissions - the permissions to populate
codesource - the codesource associated with the caller. This encapsulates the original location of the code (where the code came from) and the public key(s) of its signer.
Returns:
the set of permissions according to the policy.

getSignerCertificates

protected Certificate[] getSignerCertificates(CodeSource cs)