5.4. Security Policy

The security behavior of a Java runtime environment is specified by the security policy in effect during runtime. In abstract terms, the security policy is a typical access control matrix that says what system resources can be accessed, in what fashion, and under what circumstances. For example, one entry in the matrix shown in Figure 5.2 says something like, “When running an applet downloaded from http://java.sun.com, allow it to read the file x.” More specifically, a security policy is a mapping from a set of properties that characterize running code to a set of access permissions granted to the code.

Figure 5.2. Policy matrix

In J2SE, the expression of policy is declarative in nature, that is, nonprogrammatically ...

Get Inside Java™ 2 Platform Security: Architecture, API Design, and Implementation, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.