5.6. Dynamic Security Policy
The technique of deferred binding of permissions to protection domains is known as dynamic policy. However, even if the Java runtime environment subscribes to this technique, not all permissions accorded to a protection domain are computed dynamically. For instance, class loaders may statically bind permissions to a protection domain. An example of this is that code downloaded from an origin server is granted permission to connect back to the origin server. Specifically, the implementation of URLClassLoader adds into the static permission set of the ProtectionDomain—of the class being loaded—permissions based on the URL of the CodeSource of the class.
Prior to J2SE 1.4, all permissions assigned to a class were statically ...
Get Inside Java™ 2 Platform Security: Architecture, API Design, and Implementation, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
