The policytool

The last security-related tool that comes with the Java platform is policytool. This tool allows you to manage entries in a java.policy file. Unlike the other tools we’ve discussed, policytool is a graphical tool. As such, it has no command-line options or arguments.

When you first start policytool, you see a blank window with two pull-down menus: File and Edit. Initially, there are no policy entries loaded into this tool; if you want to work on an existing policy file, the first thing you must do is choose the Open command from the File menu. Otherwise, you can add new entries and create a new file containing those entries. Whichever method you choose, keep in mind that policytool is designed to operate on a single policy file.

When you’ve completed editing the entries for a policy file, you can save your changes. Under the File menu, you can use the Save or Save As command to overwrite the file you loaded or to save your changes to a new file.

Managing Policy Codebases

The initial screen for this tool displays the name of the currently loaded policy file (which is blank if no file has been loaded); the name of the keystore referenced within this file; buttons to add, edit, or remove policy entries; and a list of the current set of policy entries. In this context, a policy entry is the URL from which classes will be loaded; that is, a codebase or a code source. Hence, a single policy entry may contain many individual permissions. In Figure 1.1 we’ve loaded the default ...

Get Java Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.