12.6. Policy Configuration

If a security manager is installed but no security policy is specified for running applets or applications, the JRE will default to a sandbox security model. To utilize fully the Java 2 security model, described in Chapters 3 through 7, a security policy should be crafted indicating which security-sensitive resource accesses are permitted. The security policy to be enforced must also be specified to the JRE.

The design of the Policy API does not mandate how a security policy is expressed externally to the Java runtime system. Thus, a Policy class implementation is free to specialize where and how policy information is stored: for example, in a database, a directory service, a file system, or other location. The default ...

Get Inside Java™ 2 Platform Security: Architecture, API Design, and Implementation, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.