gnu.java.security

Class PolicyFile


public final class PolicyFile
extends Policy

An implementation of a Policy object whose permissions are specified by a policy file.

The approximate syntax of policy files is:

 policyFile ::= keystoreOrGrantEntries ;

 keystoreOrGrantEntries ::= keystoreOrGrantEntry |
                            keystoreOrGrantEntries keystoreOrGrantEntry |
                            EMPTY ;

 keystoreOrGrantEntry ::= keystoreEntry | grantEntry ;

 keystoreEntry ::= "keystore" keystoreUrl ';' |
                   "keystore" keystoreUrl ',' keystoreAlgorithm ';' ;

 keystoreUrl ::= URL ;
 keystoreAlgorithm ::= STRING ;

 grantEntry ::= "grant" domainParameters '{' permissions '}' ';'

 domainParameters ::= domainParameter |
                      domainParameter ',' domainParameters ;

 domainParameter ::= "signedBy" signerNames |
                     "codeBase" codeBaseUrl |
                     "principal" principalClassName principalName |
                     "principal" principalName ;

 signerNames ::= quotedString ;
 codeBaseUrl ::= URL ;
 principalClassName ::= STRING ;
 principalName ::= quotedString ;

 quotedString ::= quoteChar STRING quoteChar ;
 quoteChar ::= '"' | '\'';

 permissions ::= permission | permissions permission ;

 permission ::= "permission" permissionClassName permissionTarget permissionAction |
                "permission" permissionClassName permissionTarget |
                "permission" permissionClassName;
 

Comments are either form of Java comments. Keystore entries only affect subsequent grant entries, so if a grant entry preceeds a keystore entry, that grant entry is not affected by that keystore entry. Certian instances of ${property-name} will be replaced with System.getProperty("property-name") in quoted strings.

This class will load the following files when created or refreshed, in order:

  1. The file ${java.home}/lib/security/java.policy.
  2. All URLs specified by security properties "policy.file.n", for increasing n starting from 1. The sequence stops at the first undefined property, so you must set "policy.file.1" if you also set "policy.file.2", and so on.
  3. The URL specified by the property "java.security.policy".
See Also:
Policy

Field Summary

protected static Logger
logger

Constructor Summary

PolicyFile()
Constructs a new Policy object.

Method Summary

PermissionCollection
getPermissions(CodeSource codeSource)
Returns the set of Permissions allowed for a given CodeSource.
void
refresh()
Causes this Policy instance to refresh / reload its configuration.
String
toString()
Convert this Object to a human-readable String.

Methods inherited from class java.security.Policy

getPermissions, getPermissions, getPolicy, implies, refresh, setPolicy

Methods inherited from class java.lang.Object

clone, equals, extends Object> getClass, finalize, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

logger

protected static final Logger logger

Constructor Details

PolicyFile

public PolicyFile()
Constructs a new Policy object.

Method Details

getPermissions

public PermissionCollection getPermissions(CodeSource codeSource)
Returns the set of Permissions allowed for a given CodeSource.
Overrides:
getPermissions in interface Policy
Parameters:
Returns:
a set of permissions for CodeSource specified by the current Policy.
Throws:
SecurityException - if a SecurityManager is installed which disallows this operation.

refresh

public void refresh()
Causes this Policy instance to refresh / reload its configuration. The method used to refresh depends on the concrete implementation.
Overrides:
refresh in interface Policy

toString

public String toString()
Convert this Object to a human-readable String. There are no limits placed on how long this String should be or what it should contain. We suggest you make it as intuitive as possible to be able to place it into System.out.println() and such.

It is typical, but not required, to ensure that this method never completes abruptly with a RuntimeException.

This method will be called when performing string concatenation with this object. If the result is null, string concatenation will instead use "null".

The default implementation returns getClass().getName() + "@" + Integer.toHexString(hashCode()).

Overrides:
toString in interface Object
Returns:
the String representing this Object, which may be null

PolicyFile.java -- policy file reader Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc. This file is part of GNU Classpath. GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GNU Classpath; see the file COPYING. If not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version.