The Policy Class
The third building block for the access controller is the facility to
specify which permissions should apply to which
code
sources. We call this global set of permissions the security policy;
it is encapsulated by the Policy
class
(java.security.Policy
).
- public abstract class Policy
Establish the security policy for a Java program. The policy encapsulates a mapping between code sources and permission objects in such a way that classes loaded from particular locations or signed by specific individuals have the set of specified permissions.
A policy class is constructed as follows:
- public Policy()
Create a policy class. The constructor should initialize the policy object according to its internal rules (e.g., by reading the
java.policy
file, as we’ll describe later).
Like the security manager, only a single instance of the policy class can be installed in the virtual machine at any time. However, unlike the security manager, the actual instance of the policy class can be replaced. These two methods install and retrieve the policy:
- public static Policy getPolicy() ★
Return the currently installed policy object.
- public static void setPolicy(Policy p) ★
Install the given policy object, replacing whatever policy object was previously installed.
Getting and setting the ...
Get Java Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.