java.security: abstract public class: Policy

java.security
abstract public class: Policy [javadoc | source]

java.lang.Object
   java.security.Policy

Direct Known Subclasses:
PolicyDelegate

A Policy object is responsible for determining whether code executing in the Java runtime environment has permission to perform a security-sensitive operation.

There is only one Policy object installed in the runtime at any given time. A Policy object can be installed by calling the setPolicy method. The installed Policy object can be obtained by calling the getPolicy method.

If no Policy object has been installed in the runtime, a call to getPolicy installs an instance of the default Policy implementation (a default subclass implementation of this abstract class). The default Policy implementation can be changed by setting the value of the "policy.provider" security property (in the Java security properties file) to the fully qualified name of the desired Policy subclass implementation. The Java security properties file is located in the file named <JAVA_HOME>/lib/security/java.security. <JAVA_HOME> refers to the value of the java.home system property, and specifies the directory where the JRE is installed.

Application code can directly subclass Policy to provide a custom implementation. In addition, an instance of a Policy object can be constructed by invoking one of the getInstance factory methods with a standard type. The default policy type is "JavaPolicy".

Once a Policy instance has been installed (either by default, or by calling setPolicy), the Java runtime invokes its implies when it needs to determine whether executing code (encapsulated in a ProtectionDomain) can perform SecurityManager-protected operations. How a Policy object retrieves its policy data is up to the Policy implementation itself. The policy data may be stored, for example, in a flat ASCII file, in a serialized binary file of the Policy class, or in a database.

The refresh method causes the policy object to refresh/reload its data. This operation is implementation-dependent. For example, if the policy object stores its data in configuration files, calling refresh will cause it to re-read the configuration policy files. If a refresh operation is not supported, this method does nothing. Note that refreshed policy may not have an effect on classes in a particular ProtectionDomain. This is dependent on the Policy provider's implementation of the implies method and its PermissionCollection caching strategy.

Also see:

java.security.Provider

java.security.ProtectionDomain

java.security.Permission

author: Roland - Schemers

author: Gary - Ellison

Nested Class Summary:
public static interface	Policy.Parameters	This represents a marker interface for Policy parameters.

Field Summary
public static final PermissionCollection	UNSUPPORTED_EMPTY_COLLECTION	A read-only empty PermissionCollection instance. since: `1.6` -

Method from java.security.Policy Summary:
getInstance, getInstance, getInstance, getParameters, getPermissions, getPermissions, getPolicy, getPolicyNoCheck, getProvider, getType, implies, isSet, refresh, setPolicy

Methods from java.lang.Object:
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from java.security.Policy Detail:
public static Policy getInstance(String type, Parameters params) throws NoSuchAlgorithmException { checkPermission(type); try { GetInstance.Instance instance = GetInstance.getInstance("Policy", PolicySpi.class, type, params); return new PolicyDelegate((PolicySpi)instance.impl, instance.provider, type, params); } catch (NoSuchAlgorithmException nsae) { return handleException(nsae); } } Returns a Policy object of the specified type. This method traverses the list of registered security providers, starting with the most preferred Provider. A new Policy object encapsulating the PolicySpi implementation from the first Provider that supports the specified type is returned. Note that the list of registered providers may be retrieved via the Security.getProviders() method.
public static Policy getInstance(String type, Parameters params, String provider) throws NoSuchProviderException, NoSuchAlgorithmException { if (provider == null \|\| provider.length() == 0) { throw new IllegalArgumentException("missing provider"); } checkPermission(type); try { GetInstance.Instance instance = GetInstance.getInstance("Policy", PolicySpi.class, type, params, provider); return new PolicyDelegate((PolicySpi)instance.impl, instance.provider, type, params); } catch (NoSuchAlgorithmException nsae) { return handleException (nsae); } } Returns a Policy object of the specified type. A new Policy object encapsulating the PolicySpi implementation from the specified provider is returned. The specified provider must be registered in the provider list. Note that the list of registered providers may be retrieved via the Security.getProviders() method.
public static Policy getInstance(String type, Parameters params, Provider provider) throws NoSuchAlgorithmException { if (provider == null) { throw new IllegalArgumentException("missing provider"); } checkPermission(type); try { GetInstance.Instance instance = GetInstance.getInstance("Policy", PolicySpi.class, type, params, provider); return new PolicyDelegate((PolicySpi)instance.impl, instance.provider, type, params); } catch (NoSuchAlgorithmException nsae) { return handleException (nsae); } } Returns a Policy object of the specified type. A new Policy object encapsulating the PolicySpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list.
public Parameters getParameters() { return null; } Return Policy parameters. This Policy instance will only have parameters if it was obtained via a call to `Policy.getInstance`. Otherwise this method returns null.
public PermissionCollection getPermissions(CodeSource codesource) { return Policy.UNSUPPORTED_EMPTY_COLLECTION; } Return a PermissionCollection object containing the set of permissions granted to the specified CodeSource. Applications are discouraged from calling this method since this operation may not be supported by all policy implementations. Applications should solely rely on the `implies` method to perform policy checks. If an application absolutely must call a getPermissions method, it should call `getPermissions(ProtectionDomain)`. The default implementation of this method returns Policy.UNSUPPORTED_EMPTY_COLLECTION. This method can be overridden if the policy implementation can return a set of permissions granted to a CodeSource.
public PermissionCollection getPermissions(ProtectionDomain domain) { PermissionCollection pc = null; if (domain == null) return new Permissions(); if (pdMapping == null) { initPolicy(this); } synchronized (pdMapping) { pc = pdMapping.get(domain.key); } if (pc != null) { Permissions perms = new Permissions(); synchronized (pc) { for (Enumeration< Permission > e = pc.elements() ; e.hasMoreElements() ;) { perms.add(e.nextElement()); } } return perms; } pc = getPermissions(domain.getCodeSource()); if (pc == null \|\| pc == UNSUPPORTED_EMPTY_COLLECTION) { pc = new Permissions(); } addStaticPerms(pc, domain.getPermissions()); return pc; } Return a PermissionCollection object containing the set of permissions granted to the specified ProtectionDomain. Applications are discouraged from calling this method since this operation may not be supported by all policy implementations. Applications should rely on the `implies` method to perform policy checks. The default implementation of this method first retrieves the permissions returned via `getPermissions(CodeSource)` (the CodeSource is taken from the specified ProtectionDomain), as well as the permissions located inside the specified ProtectionDomain. All of these permissions are then combined and returned in a new PermissionCollection object. If `getPermissions(CodeSource)` returns Policy.UNSUPPORTED_EMPTY_COLLECTION, then this method returns the permissions contained inside the specified ProtectionDomain in a new PermissionCollection object. This method can be overridden if the policy implementation supports returning a set of permissions granted to a ProtectionDomain.
public static Policy getPolicy() { SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(SecurityConstants.GET_POLICY_PERMISSION); return getPolicyNoCheck(); } Returns the installed Policy object. This value should not be cached, as it may be changed by a call to `setPolicy`. This method first calls `SecurityManager.checkPermission` with a `SecurityPermission("getPolicy")` permission to ensure it's ok to get the Policy object.
static synchronized Policy getPolicyNoCheck() { if (policy == null) { String policy_class = null; policy_class = AccessController.doPrivileged( new PrivilegedAction< String >() { public String run() { return Security.getProperty("policy.provider"); } }); if (policy_class == null) { policy_class = "sun.security.provider.PolicyFile"; } try { policy = (Policy) Class.forName(policy_class).newInstance(); } catch (Exception e) { /* * The policy_class seems to be an extension * so we have to bootstrap loading it via a policy * provider that is on the bootclasspath * If it loads then shift gears to using the configured * provider. / // install the bootstrap provider to avoid recursion policy = new sun.security.provider.PolicyFile(); final String pc = policy_class; Policy p = AccessController.doPrivileged( new PrivilegedAction< Policy >() { public Policy run() { try { ClassLoader cl = ClassLoader.getSystemClassLoader(); // we want the extension loader ClassLoader extcl = null; while (cl != null) { extcl = cl; cl = cl.getParent(); } return (extcl != null ? (Policy)Class.forName( pc, true, extcl).newInstance() : null); } catch (Exception e) { if (debug != null) { debug.println("policy provider " + pc + " not available"); e.printStackTrace(); } return null; } } }); / * if it loaded install it as the policy provider. Otherwise * continue to use the system default implementation */ if (p != null) { policy = p; } else { if (debug != null) { debug.println("using sun.security.provider.PolicyFile"); } } } } return policy; } Returns the installed Policy object, skipping the security check. Used by SecureClassLoader and getPolicy.
public Provider getProvider() { return null; } Return the Provider of this Policy. This Policy instance will only have a Provider if it was obtained via a call to `Policy.getInstance`. Otherwise this method returns null.
public String getType() { return null; } Return the type of this Policy. This Policy instance will only have a type if it was obtained via a call to `Policy.getInstance`. Otherwise this method returns null.
public boolean implies(ProtectionDomain domain, Permission permission) { PermissionCollection pc; if (pdMapping == null) { initPolicy(this); } synchronized (pdMapping) { pc = pdMapping.get(domain.key); } if (pc != null) { return pc.implies(permission); } pc = getPermissions(domain); if (pc == null) { return false; } synchronized (pdMapping) { // cache it pdMapping.put(domain.key, pc); } return pc.implies(permission); } Evaluates the global policy for the permissions granted to the ProtectionDomain and tests whether the permission is granted.
static boolean isSet() { return policy != null; } package private for AccessControlContext
public void refresh() { } Refreshes/reloads the policy configuration. The behavior of this method depends on the implementation. For example, calling `refresh` on a file-based policy will cause the file to be re-read. The default implementation of this method does nothing. This method should be overridden if a refresh operation is supported by the policy implementation.
public static void setPolicy(Policy p) { SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission( new SecurityPermission("setPolicy")); if (p != null) { initPolicy(p); } synchronized (Policy.class) { Policy.policy = p; } } Sets the system-wide Policy object. This method first calls `SecurityManager.checkPermission` with a `SecurityPermission("setPolicy")` permission to ensure it's ok to set the Policy.

Method from java.security.Policy Detail:

 public static Policy getInstance(String type,
    Parameters params) throws NoSuchAlgorithmException {
        checkPermission(type);
        try {
            GetInstance.Instance instance = GetInstance.getInstance("Policy",
                                                        PolicySpi.class,
                                                        type,
                                                        params);
            return new PolicyDelegate((PolicySpi)instance.impl,
                                                        instance.provider,
                                                        type,
                                                        params);
        } catch (NoSuchAlgorithmException nsae) {
            return handleException(nsae);
        }
}

This method traverses the list of registered security providers, starting with the most preferred Provider. A new Policy object encapsulating the PolicySpi implementation from the first Provider that supports the specified type is returned.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

 public static Policy getInstance(String type,
    Parameters params,
    String provider) throws NoSuchProviderException, NoSuchAlgorithmException {
        if (provider == null || provider.length() == 0) {
            throw new IllegalArgumentException("missing provider");
        }
        checkPermission(type);
        try {
            GetInstance.Instance instance = GetInstance.getInstance("Policy",
                                                        PolicySpi.class,
                                                        type,
                                                        params,
                                                        provider);
            return new PolicyDelegate((PolicySpi)instance.impl,
                                                        instance.provider,
                                                        type,
                                                        params);
        } catch (NoSuchAlgorithmException nsae) {
            return handleException (nsae);
        }
}

A new Policy object encapsulating the PolicySpi implementation from the specified provider is returned. The specified provider must be registered in the provider list.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

 public static Policy getInstance(String type,
    Parameters params,
    Provider provider) throws NoSuchAlgorithmException {
        if (provider == null) {
            throw new IllegalArgumentException("missing provider");
        }
        checkPermission(type);
        try {
            GetInstance.Instance instance = GetInstance.getInstance("Policy",
                                                        PolicySpi.class,
                                                        type,
                                                        params,
                                                        provider);
            return new PolicyDelegate((PolicySpi)instance.impl,
                                                        instance.provider,
                                                        type,
                                                        params);
        } catch (NoSuchAlgorithmException nsae) {
            return handleException (nsae);
        }
}

A new Policy object encapsulating the PolicySpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list.

 public Parameters getParameters() {
        return null;
}

This Policy instance will only have parameters if it was obtained via a call to Policy.getInstance. Otherwise this method returns null.

 public PermissionCollection getPermissions(CodeSource codesource) {
        return Policy.UNSUPPORTED_EMPTY_COLLECTION;
}

Applications are discouraged from calling this method since this operation may not be supported by all policy implementations. Applications should solely rely on the implies method to perform policy checks. If an application absolutely must call a getPermissions method, it should call getPermissions(ProtectionDomain).

The default implementation of this method returns Policy.UNSUPPORTED_EMPTY_COLLECTION. This method can be overridden if the policy implementation can return a set of permissions granted to a CodeSource.

 public PermissionCollection getPermissions(ProtectionDomain domain) {
        PermissionCollection pc = null;
        if (domain == null)
            return new Permissions();
        if (pdMapping == null) {
            initPolicy(this);
        }
        synchronized (pdMapping) {
            pc = pdMapping.get(domain.key);
        }
        if (pc != null) {
            Permissions perms = new Permissions();
            synchronized (pc) {
                for (Enumeration< Permission > e = pc.elements() ; e.hasMoreElements() ;) {
                    perms.add(e.nextElement());
                }
            }
            return perms;
        }
        pc = getPermissions(domain.getCodeSource());
        if (pc == null || pc == UNSUPPORTED_EMPTY_COLLECTION) {
            pc = new Permissions();
        }
        addStaticPerms(pc, domain.getPermissions());
        return pc;
}

Applications are discouraged from calling this method since this operation may not be supported by all policy implementations. Applications should rely on the implies method to perform policy checks.

The default implementation of this method first retrieves the permissions returned via getPermissions(CodeSource) (the CodeSource is taken from the specified ProtectionDomain), as well as the permissions located inside the specified ProtectionDomain. All of these permissions are then combined and returned in a new PermissionCollection object. If getPermissions(CodeSource) returns Policy.UNSUPPORTED_EMPTY_COLLECTION, then this method returns the permissions contained inside the specified ProtectionDomain in a new PermissionCollection object.

This method can be overridden if the policy implementation supports returning a set of permissions granted to a ProtectionDomain.

 public static Policy getPolicy() {
        SecurityManager sm = System.getSecurityManager();
        if (sm != null)
            sm.checkPermission(SecurityConstants.GET_POLICY_PERMISSION);
        return getPolicyNoCheck();
}

setPolicy

SecurityManager.checkPermission

SecurityPermission("getPolicy")

 static synchronized Policy getPolicyNoCheck() {
        if (policy == null) {
            String policy_class = null;
            policy_class = AccessController.doPrivileged(
                new PrivilegedAction< String >() {
                    public String run() {
                        return Security.getProperty("policy.provider");
                    }
                });
            if (policy_class == null) {
                policy_class = "sun.security.provider.PolicyFile";
            }
            try {
                policy = (Policy)
                    Class.forName(policy_class).newInstance();
            } catch (Exception e) {
                /*
                 * The policy_class seems to be an extension
                 * so we have to bootstrap loading it via a policy
                 * provider that is on the bootclasspath
                 * If it loads then shift gears to using the configured
                 * provider.
                 */
                // install the bootstrap provider to avoid recursion
                policy = new sun.security.provider.PolicyFile();
                final String pc = policy_class;
                Policy p = AccessController.doPrivileged(
                    new PrivilegedAction< Policy >() {
                        public Policy run() {
                            try {
                                ClassLoader cl =
                                        ClassLoader.getSystemClassLoader();
                                // we want the extension loader
                                ClassLoader extcl = null;
                                while (cl != null) {
                                    extcl = cl;
                                    cl = cl.getParent();
                                }
                                return (extcl != null ? (Policy)Class.forName(
                                        pc, true, extcl).newInstance() : null);
                            } catch (Exception e) {
                                if (debug != null) {
                                    debug.println("policy provider " +
                                                pc +
                                                " not available");
                                    e.printStackTrace();
                                }
                                return null;
                            }
                        }
                    });
                /*
                 * if it loaded install it as the policy provider. Otherwise
                 * continue to use the system default implementation
                 */
                if (p != null) {
                    policy = p;
                } else {
                    if (debug != null) {
                        debug.println("using sun.security.provider.PolicyFile");
                    }
                }
            }
        }
        return policy;
}

Returns the installed Policy object, skipping the security check. Used by SecureClassLoader and getPolicy.

 public Provider getProvider() {
        return null;
}

This Policy instance will only have a Provider if it was obtained via a call to Policy.getInstance. Otherwise this method returns null.

 public String getType() {
        return null;
}

This Policy instance will only have a type if it was obtained via a call to Policy.getInstance. Otherwise this method returns null.

 public boolean implies(ProtectionDomain domain,
    Permission permission) {
        PermissionCollection pc;
        if (pdMapping == null) {
            initPolicy(this);
        }
        synchronized (pdMapping) {
            pc = pdMapping.get(domain.key);
        }
        if (pc != null) {
            return pc.implies(permission);
        }
        pc = getPermissions(domain);
        if (pc == null) {
            return false;
        }
        synchronized (pdMapping) {
            // cache it
            pdMapping.put(domain.key, pc);
        }
        return pc.implies(permission);
}

Evaluates the global policy for the permissions granted to the ProtectionDomain and tests whether the permission is granted.

 static boolean isSet() {
        return policy != null;
}

package private for AccessControlContext

 public  void refresh() {

}

refresh

The default implementation of this method does nothing. This method should be overridden if a refresh operation is supported by the policy implementation.

 public static  void setPolicy(Policy p) {
        SecurityManager sm = System.getSecurityManager();
        if (sm != null) sm.checkPermission(
                                 new SecurityPermission("setPolicy"));
        if (p != null) {
            initPolicy(p);
        }
        synchronized (Policy.class) {
            Policy.policy = p;
        }
}

SecurityManager.checkPermission

SecurityPermission("setPolicy")