The third building block for the access
controller is the facility to specify which permissions should apply
sources. We call this global set of permissions the security policy;
it is encapsulated by the
Establish the security policy for a Java program. The policy encapsulates a mapping between code sources and permission objects in such a way that classes loaded from particular locations or signed by specific individuals have the set of specified permissions.
A policy class is constructed as follows:
Create a policy class. The constructor should initialize the policy object according to its internal rules (e.g., by reading the java.policy file).
There are two other methods in the
Create a permissions object that contains the set of permissions that should be granted to classes that came from the given code source (i.e., loaded from the code source’s URL and signed by the keys in the code source).
Refresh the policy object. For example, if the initial policy came from a file, re-read the file and install a new policy object based on the (presumably changed) information from the file.
In programmatic terms, writing a policy class involves implementing
these methods. The default policy class is provided by the
sun.security.provider.PolicyFile), which ...