12.6. Policy Configuration

If a security manager is installed but no security policy is specified for running applets or applications, the JRE will default to a sandbox security model. To utilize fully the Java 2 security model, described in Chapters 3 through 7, a security policy should be crafted indicating which security-sensitive resource accesses are permitted. The security policy to be enforced must also be specified to the JRE.

The design of the Policy API does not mandate how a security policy is expressed externally to the Java runtime system. Thus, a Policy class implementation is free to specialize where and how policy information is stored: for example, in a database, a directory service, a file system, or other location. The default ...

Get Inside Java™ 2 Platform Security: Architecture, API Design, and Implementation, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.