domain is a grouping of a code source
and permissions—that is, a protection domain represents all the
permissions that are granted to a particular code source. In the
default implementation of the
Policy class, a
protection domain is one grant entry in the file. A protection domain
is an instance of the
) and is constructed as follows:
Construct a protection domain based on the given code source and set of permissions.
When associated with a class, a protection domain means that the given class was loaded from the site specified in the code source, was signed by the public keys specified in the code source, and should have permission to perform the set of operations represented in the permission collection object. Each class in the virtual machine may belong to one and only one protection domain, which is set by the class loader when the class is defined.
However, not all class loaders have a specific protection domain associated with them: classes that are loaded by the primordial class loader have no protection domain. In particular, this means that classes that exist as part of the system class path (that is, the Java API classes) have no explicit protection domain. We can think of these classes as belonging to the system protection ...