The Policy Class
The third building block for the access
controller is the facility to specify which permissions should apply
to which
code
sources. We call this global set of permissions the security policy;
it is encapsulated by the Policy class
(java.security.Policy).
- public abstract class Policy
Establish the security policy for a Java program. The policy encapsulates a mapping between code sources and permission objects in such a way that classes loaded from particular locations or signed by specific individuals have the set of specified permissions.
A policy class is constructed as follows:
- public Policy( )
Create a policy class. The constructor should initialize the policy object according to its internal rules (e.g., by reading the java.policy file).
There are two other methods in the Policy class:
- public abstract Permissions getPermissions(CodeSource cs)
Create a permissions object that contains the set of permissions that should be granted to classes that came from the given code source (i.e., loaded from the code source’s URL and signed by the keys in the code source).
- public abstract void refresh( )
Refresh the policy object. For example, if the initial policy came from a file, re-read the file and install a new policy object based on the (presumably changed) information from the file.
In programmatic terms, writing a policy class involves implementing
these methods. The default policy class is provided by the
PolicyFile
class
(sun.security.provider.PolicyFile), which ...
Get Java Security, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
