gnu.java.security

Class PolicyFile


public final class PolicyFile
extends Policy

An implementation of a Policy object whose permissions are specified by a policy file.

The approximate syntax of policy files is:

 policyFile ::= keystoreOrGrantEntries ;

 keystoreOrGrantEntries ::= keystoreOrGrantEntry |
                            keystoreOrGrantEntries keystoreOrGrantEntry |
                            EMPTY ;

 keystoreOrGrantEntry ::= keystoreEntry | grantEntry ;

 keystoreEntry ::= "keystore" keystoreUrl ';' |
                   "keystore" keystoreUrl ',' keystoreAlgorithm ';' ;

 keystoreUrl ::= URL ;
 keystoreAlgorithm ::= STRING ;

 grantEntry ::= "grant" domainParameters '{' permissions '}' ';'

 domainParameters ::= domainParameter |
                      domainParameter ',' domainParameters ;

 domainParameter ::= "signedBy" signerNames |
                     "codeBase" codeBaseUrl |
                     "principal" principalClassName principalName |
                     "principal" principalName ;

 signerNames ::= quotedString ;
 codeBaseUrl ::= URL ;
 principalClassName ::= STRING ;
 principalName ::= quotedString ;

 quotedString ::= quoteChar STRING quoteChar ;
 quoteChar ::= '"' | '\'';

 permissions ::= permission | permissions permission ;

 permission ::= "permission" permissionClassName permissionTarget permissionAction |
                "permission" permissionClassName permissionTarget |
                "permission" permissionClassName;
 

Comments are either form of Java comments. Keystore entries only affect subsequent grant entries, so if a grant entry preceeds a keystore entry, that grant entry is not affected by that keystore entry. Certian instances of ${property-name} will be replaced with System.getProperty("property-name") in quoted strings.

This class will load the following files when created or refreshed, in order:

  1. The file ${java.home}/lib/security/java.policy.
  2. All URLs specified by security properties "policy.file.n", for increasing n starting from 1. The sequence stops at the first undefined property, so you must set "policy.file.1" if you also set "policy.file.2", and so on.
  3. The URL specified by the property "java.security.policy".
See Also:
Policy

Constructor Summary

PolicyFile()
Constructs a new Policy object.

Method Summary

PermissionCollection
getPermissions(CodeSource codeSource)
Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for code from the specified code source.
void
refresh()
Refreshes/reloads the policy configuration.
String
toString()
Convert this Object to a human-readable String.

Methods inherited from class java.security.Policy

getPermissions, getPermissions, getPolicy, implies, refresh, setPolicy

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

PolicyFile

public PolicyFile()
Constructs a new Policy object.

Method Details

getPermissions

public PermissionCollection getPermissions(CodeSource codeSource)
Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for code from the specified code source.
Overrides:
getPermissions in interface Policy
Parameters:
Returns:
the set of permissions allowed for code from codesource according to the policy. The returned set of permissions must be a new mutable instance and it must support heterogeneous Permission types.

refresh

public void refresh()
Refreshes/reloads the policy configuration. The behavior of this method depends on the implementation. For example, calling refresh on a file-based policy will cause the file to be re-read.
Overrides:
refresh in interface Policy

toString

public String toString()
Convert this Object to a human-readable String. There are no limits placed on how long this String should be or what it should contain. We suggest you make it as intuitive as possible to be able to place it into System.out.println() and such.

It is typical, but not required, to ensure that this method never completes abruptly with a RuntimeException.

This method will be called when performing string concatenation with this object. If the result is null, string concatenation will instead use "null".

The default implementation returns getClass().getName() + "@" + Integer.toHexString(hashCode()).

Overrides:
toString in interface Object
Returns:
the String representing this Object, which may be null

PolicyFile.java -- policy file reader Copyright (C) 2004, 2005 Free Software Foundation, Inc. This file is part of GNU Classpath. GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GNU Classpath; see the file COPYING. If not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version.