5.2. Describing Code

The security policy is essentially an access control matrix that describes code according to its characteristics and the permissions it is granted. The CodeSource and Principal classes are used to describe code.

5.2.1. CodeSource

Code is fully characterized by three things. One is its origin, or its location as specified by a URL. The second, applicable if the code is signed, is the set of digital certificates containing the public keys corresponding to the private keys used to sign the code. (Note: Digital certificates are described in Section 8.1.) The first two characteristics are captured in the class java.security.CodeSource, which can be viewed as a natural extension of the concept of a code base within HTML, although ...

Get Inside Java™ 2 Platform Security: Architecture, API Design, and Implementation, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.