This documentation differs from the official API. Jadeite adds extra features to the API including: variable font sizes, constructions examples, placeholders for classes and methods, and auto-generated “See Also” links. Additionally it is missing some items found in standard Javadoc documentation, including: generics type information, “Deprecated” tags and comments, “See Also” links, along with other minor differences. Please send any questions or feedback to bam@cs.cmu.edu.
Overview  Package   Class 
 PREV CLASS   NEXT CLASS FRAMES   NO FRAMES 
SUMMARY: NESTED | FIELD | CONSTR | METHOD  DETAIL: FIELD | CONSTR | METHOD 

java.security
class Policy

java.lang.Object extended by java.security.Policy 
public abstract class Policy
extends Object

A Policy object is responsible for determining whether code executing in the Java runtime environment has permission to perform a security-sensitive operation.

There is only one Policy object installed in the runtime at any given time. A Policy object can be installed by calling the setPolicy method. The installed Policy object can be obtained by calling the getPolicy method.

If no Policy object has been installed in the runtime, a call to getPolicy installs an instance of the default Policy implementation (a default subclass implementation of this abstract class). The default Policy implementation can be changed by setting the value of the "policy.provider" security property (in the Java security properties file) to the fully qualified name of the desired Policy subclass implementation. The Java security properties file is located in the file named <JAVA_HOME>/lib/security/java.security. <JAVA_HOME> refers to the value of the java.home system property, and specifies the directory where the JRE is installed.

Application code can directly subclass Policy to provide a custom implementation. In addition, an instance of a Policy object can be constructed by invoking one of the getInstance factory methods with a standard type. The default policy type is "JavaPolicy". See Appendix A in the Java Cryptography Architecture API Specification & Reference for a list of standard Policy types.

Once a Policy instance has been installed (either by default, or by calling setPolicy), the Java runtime invokes its implies when it needs to determine whether executing code (encapsulated in a ProtectionDomain) can perform SecurityManager-protected operations. How a Policy object retrieves its policy data is up to the Policy implementation itself. The policy data may be stored, for example, in a flat ASCII file, in a serialized binary file of the Policy class, or in a database.

The refresh method causes the policy object to refresh/reload its data. This operation is implementation-dependent. For example, if the policy object stores its data in configuration files, calling refresh will cause it to re-read the configuration policy files. If a refresh operation is not supported, this method does nothing. Note that refreshed policy may not have an effect on classes in a particular ProtectionDomain. This is dependent on the Policy provider's implementation of the implies method and its PermissionCollection caching strategy.

Nested Class Summary
static interface
Policy.Parameters

           This represents a marker interface for Policy parameters.
 
Field Summary
static PermissionCollection UNSUPPORTED_EMPTY_COLLECTION
          A read-only empty PermissionCollection instance.
 
Constructor Summary
Policy()

          
 
Method Summary
static Policy
getInstance(String type, Policy.Parameters params)

          Returns a Policy object of the specified type.
static Policy
getInstance(String type, Policy.Parameters params, Provider provider)

          Returns a Policy object of the specified type.
static Policy
getInstance(String type, Policy.Parameters params, String provider)

          Returns a Policy object of the specified type.
 Policy.Parameters
getParameters()

          Return Policy parameters.
 PermissionCollection
getPermissions(CodeSource codesource)

          Return a PermissionCollection object containing the set of permissions granted to the specified CodeSource.
 PermissionCollection
getPermissions(ProtectionDomain domain)

          Return a PermissionCollection object containing the set of permissions granted to the specified ProtectionDomain.
static Policy
getPolicy()

          Returns the installed Policy object.
 Provider
getProvider()

          Return the Provider of this Policy.
 String
getType()

          Return the type of this Policy.
 boolean
implies(ProtectionDomain domain, Permission permission)

          Evaluates the global policy for the permissions granted to the ProtectionDomain and tests whether the permission is granted.
 void
refresh()

          Refreshes/reloads the policy configuration.
static void
setPolicy(Policy p)

          Sets the system-wide Policy object.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

UNSUPPORTED_EMPTY_COLLECTION

public static final PermissionCollection UNSUPPORTED_EMPTY_COLLECTION
A read-only empty PermissionCollection instance.
Constructor Detail

Policy

public Policy()
Method Detail

getInstance

public static Policy getInstance(String type,
                                 Policy.Parameters params)
                          throws NoSuchAlgorithmException
Returns a Policy object of the specified type.

This method traverses the list of registered security providers, starting with the most preferred Provider. A new Policy object encapsulating the PolicySpi implementation from the first Provider that supports the specified type is returned.

Note that the list of registered providers may be retrieved via the {@link Security#getProviders() Security.getProviders()} method.

Parameters:
type - the specified Policy type. See Appendix A in the Java Cryptography Architecture API Specification & Reference for a list of standard Policy types.
params - parameters for the Policy, which may be null.
Returns:
the new Policy object.
Throws:
NoSuchAlgorithmException - if no Provider supports a PolicySpi implementation for the specified type.

getInstance

public static Policy getInstance(String type,
                                 Policy.Parameters params,
                                 Provider provider)
                          throws NoSuchAlgorithmException
Returns a Policy object of the specified type.

A new Policy object encapsulating the PolicySpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list.

Parameters:
type - the specified Policy type. See Appendix A in the Java Cryptography Architecture API Specification & Reference for a list of standard Policy types.
params - parameters for the Policy, which may be null.
provider - the Provider.
Returns:
the new Policy object.
Throws:
NoSuchAlgorithmException - if the specified Provider does not support a PolicySpi implementation for the specified type.

getInstance

public static Policy getInstance(String type,
                                 Policy.Parameters params,
                                 String provider)
                          throws NoSuchProviderException,
                                 NoSuchAlgorithmException
Returns a Policy object of the specified type.

A new Policy object encapsulating the PolicySpi implementation from the specified provider is returned. The specified provider must be registered in the provider list.

Note that the list of registered providers may be retrieved via the {@link Security#getProviders() Security.getProviders()} method.

Parameters:
type - the specified Policy type. See Appendix A in the Java Cryptography Architecture API Specification & Reference for a list of standard Policy types.
params - parameters for the Policy, which may be null.
provider - the provider.
Returns:
the new Policy object.
Throws:
NoSuchProviderException - if the specified provider is not registered in the security provider list.
NoSuchAlgorithmException - if the specified provider does not support a PolicySpi implementation for the specified type.

getParameters

public Policy.Parameters getParameters()
Return Policy parameters.

This Policy instance will only have parameters if it was obtained via a call to Policy.getInstance. Otherwise this method returns null.

Returns:
Policy parameters, or null.

getPermissions

public PermissionCollection getPermissions(CodeSource codesource)
Return a PermissionCollection object containing the set of permissions granted to the specified CodeSource.

Applications are discouraged from calling this method since this operation may not be supported by all policy implementations. Applications should solely rely on the implies method to perform policy checks. If an application absolutely must call a getPermissions method, it should call getPermissions(ProtectionDomain).

The default implementation of this method returns Policy.UNSUPPORTED_EMPTY_COLLECTION. This method can be overridden if the policy implementation can return a set of permissions granted to a CodeSource.

Parameters:
codesource - the CodeSource to which the returned PermissionCollection has been granted.
Returns:
a set of permissions granted to the specified CodeSource. If this operation is supported, the returned set of permissions must be a new mutable instance and it must support heterogeneous Permission types. If this operation is not supported, Policy.UNSUPPORTED_EMPTY_COLLECTION is returned.

getPermissions

public PermissionCollection getPermissions(ProtectionDomain domain)
Return a PermissionCollection object containing the set of permissions granted to the specified ProtectionDomain.

Applications are discouraged from calling this method since this operation may not be supported by all policy implementations. Applications should rely on the implies method to perform policy checks.

The default implementation of this method first retrieves the permissions returned via getPermissions(CodeSource) (the CodeSource is taken from the specified ProtectionDomain), as well as the permissions located inside the specified ProtectionDomain. All of these permissions are then combined and returned in a new PermissionCollection object. If getPermissions(CodeSource) returns Policy.UNSUPPORTED_EMPTY_COLLECTION, then this method returns the permissions contained inside the specified ProtectionDomain in a new PermissionCollection object.

This method can be overridden if the policy implementation supports returning a set of permissions granted to a ProtectionDomain.

Parameters:
domain - the ProtectionDomain to which the returned PermissionCollection has been granted.
Returns:
a set of permissions granted to the specified ProtectionDomain. If this operation is supported, the returned set of permissions must be a new mutable instance and it must support heterogeneous Permission types. If this operation is not supported, Policy.UNSUPPORTED_EMPTY_COLLECTION is returned.

getPolicy

public static Policy getPolicy()
Returns the installed Policy object. This value should not be cached, as it may be changed by a call to setPolicy. This method first calls SecurityManager.checkPermission with a SecurityPermission("getPolicy") permission to ensure it's ok to get the Policy object..

Returns:
the installed Policy.

getProvider

public Provider getProvider()
Return the Provider of this Policy.

This Policy instance will only have a Provider if it was obtained via a call to Policy.getInstance. Otherwise this method returns null.

Returns:
the Provider of this Policy, or null.

getType

public String getType()
Return the type of this Policy.

This Policy instance will only have a type if it was obtained via a call to Policy.getInstance. Otherwise this method returns null.

Returns:
the type of this Policy, or null.

implies

public boolean implies(ProtectionDomain domain,
                       Permission permission)
Evaluates the global policy for the permissions granted to the ProtectionDomain and tests whether the permission is granted.

Parameters:
domain - the ProtectionDomain to test
permission - the Permission object to be tested for implication.
Returns:
true if "permission" is a proper subset of a permission granted to this ProtectionDomain.

refresh

public void refresh()
Refreshes/reloads the policy configuration. The behavior of this method depends on the implementation. For example, calling refresh on a file-based policy will cause the file to be re-read.

The default implementation of this method does nothing. This method should be overridden if a refresh operation is supported by the policy implementation.

setPolicy

public static void setPolicy(Policy p)
Sets the system-wide Policy object. This method first calls SecurityManager.checkPermission with a SecurityPermission("setPolicy") permission to ensure it's ok to set the Policy.

Parameters:
p - the new system Policy object.
Overview  Package   Class 
 PREV CLASS   NEXT CLASS FRAMES   NO FRAMES 
SUMMARY: NESTED | FIELD | CONSTR | METHOD  DETAIL: FIELD | CONSTR | METHOD 
This documentation differs from the official API. Jadeite adds extra features to the API including: variable font sizes, constructions examples, placeholders for classes and methods, and auto-generated “See Also” links. Additionally it is missing some items found in standard Javadoc documentation, including: generics type information, “Deprecated” tags and comments, “See Also” links, along with other minor differences. Please send any questions or feedback to bam@cs.cmu.edu.
This page displays the Jadeite version of the documention, which is derived from the offical documentation that contains this copyright notice:
Copyright 2008 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. Also see the documentation redistribution policy.
The official Sun™ documentation can be found here at http://java.sun.com/javase/6/docs/api/.