Policy object is responsible for determining whether code executing
 in the Java runtime environment has permission to perform a
 security-sensitive operation.
  There is only one Policy object installed in the runtime at any
 given time.  A Policy object can be installed by calling the
 setPolicy method.  The installed Policy object can be
 obtained by calling the getPolicy method.
 
 If no Policy object has been installed in the runtime, a call to
 getPolicy installs an instance of the default Policy
 implementation (a default subclass implementation of this abstract class).
 The default Policy implementation can be changed by setting the value
 of the policy.provider security property to the fully qualified
 name of the desired Policy subclass implementation. The system
 class loader is used to load this class.
 
 Application code can directly subclass Policy to provide a custom
 implementation.  In addition, an instance of a Policy object can be
 constructed by invoking one of the getInstance factory methods
 with a standard type.  The default policy type is "JavaPolicy".
 
 Once a Policy instance has been installed (either by default,
 or by calling setPolicy), the Java runtime invokes its
 implies method when it needs to
 determine whether executing code (encapsulated in a ProtectionDomain)
 can perform SecurityManager-protected operations.  How a Policy
 object retrieves its policy data is up to the Policy implementation
 itself. The policy data may be stored, for example, in a flat ASCII file,
 in a serialized binary file of the Policy class, or in a database.
 
 The refresh method causes the policy object to
 refresh/reload its data.  This operation is implementation-dependent.
 For example, if the policy object stores its data in configuration files,
 calling refresh will cause it to re-read the configuration
 policy files.  If a refresh operation is not supported, this method does
 nothing.  Note that refreshed policy may not have an effect on classes
 in a particular ProtectionDomain. This is dependent on the policy
 provider's implementation of the implies
 method and its PermissionCollection caching strategy.
- Since:
- 1.2
- See Also:
- 
Nested Class SummaryNested ClassesModifier and TypeClassDescriptionstatic interfaceDeprecated, for removal: This API element is subject to removal in a future version.This class is only useful in conjunction with the Security Manager, which is deprecated and subject to removal in a future release.
- 
Field SummaryFieldsModifier and TypeFieldDescriptionstatic final PermissionCollectionDeprecated, for removal: This API element is subject to removal in a future version.A read-only empty PermissionCollection instance.
- 
Constructor SummaryConstructorsConstructorDescriptionPolicy()Deprecated, for removal: This API element is subject to removal in a future version.Constructor for subclasses to call.
- 
Method SummaryModifier and TypeMethodDescriptionstatic PolicygetInstance(String type, Policy.Parameters params) Deprecated, for removal: This API element is subject to removal in a future version.Returns a Policy object of the specified type.static PolicygetInstance(String type, Policy.Parameters params, String provider) Deprecated, for removal: This API element is subject to removal in a future version.Returns aPolicyobject of the specified type.static PolicygetInstance(String type, Policy.Parameters params, Provider provider) Deprecated, for removal: This API element is subject to removal in a future version.Returns aPolicyobject of the specified type.Deprecated, for removal: This API element is subject to removal in a future version.ReturnPolicyparameters.getPermissions(CodeSource codesource) Deprecated, for removal: This API element is subject to removal in a future version.Return a PermissionCollection object containing the set of permissions granted to the specified CodeSource.getPermissions(ProtectionDomain domain) Deprecated, for removal: This API element is subject to removal in a future version.Return a PermissionCollection object containing the set of permissions granted to the specified ProtectionDomain.static PolicyDeprecated, for removal: This API element is subject to removal in a future version.Returns the installedPolicyobject.Deprecated, for removal: This API element is subject to removal in a future version.Return theProviderof this policy.getType()Deprecated, for removal: This API element is subject to removal in a future version.Return the type of thisPolicy.booleanimplies(ProtectionDomain domain, Permission permission) Deprecated, for removal: This API element is subject to removal in a future version.Evaluates the global policy for the permissions granted to the ProtectionDomain and tests whether the permission is granted.voidrefresh()Deprecated, for removal: This API element is subject to removal in a future version.Refreshes/reloads the policy configuration.static voidDeprecated, for removal: This API element is subject to removal in a future version.Sets the system-widePolicyobject.
- 
Field Details- 
UNSUPPORTED_EMPTY_COLLECTIONDeprecated, for removal: This API element is subject to removal in a future version.A read-only empty PermissionCollection instance.- Since:
- 1.6
 
 
- 
- 
Constructor Details- 
Policypublic Policy()Deprecated, for removal: This API element is subject to removal in a future version.Constructor for subclasses to call.
 
- 
- 
Method Details- 
getPolicyDeprecated, for removal: This API element is subject to removal in a future version.Returns the installedPolicyobject. This value should not be cached, as it may be changed by a call tosetPolicy. This method first callsSecurityManager.checkPermissionwith aSecurityPermission("getPolicy")permission to ensure it's ok to get thePolicyobject.- Returns:
- the installed Policy.
- Throws:
- SecurityException- if a security manager exists and its- checkPermissionmethod doesn't allow getting the- Policyobject.
- See Also:
 
- 
setPolicyDeprecated, for removal: This API element is subject to removal in a future version.Sets the system-widePolicyobject. This method first callsSecurityManager.checkPermissionwith aSecurityPermission("setPolicy")permission to ensure it's ok to set the Policy.- Parameters:
- p- the new system- Policyobject.
- Throws:
- SecurityException- if a security manager exists and its- checkPermissionmethod doesn't allow setting the Policy.
- See Also:
 
- 
getInstancepublic static Policy getInstance(String type, Policy.Parameters params) throws NoSuchAlgorithmException Deprecated, for removal: This API element is subject to removal in a future version.Returns a Policy object of the specified type.This method traverses the list of registered security providers, starting with the most preferred provider. A new Policyobject encapsulating thePolicySpiimplementation from the first provider that supports the specified type is returned.Note that the list of registered providers may be retrieved via the Security.getProviders()method.- Implementation Note:
- The JDK Reference Implementation additionally uses the
 jdk.security.provider.preferredSecurityproperty to determine the preferred provider order for the specified algorithm. This may be different than the order of providers returned bySecurity.getProviders().
- Parameters:
- type- the specified Policy type. See the Policy section in the Java Security Standard Algorithm Names Specification for a list of standard Policy types.
- params- parameters for the- Policy, which may be- null.
- Returns:
- the new Policyobject
- Throws:
- IllegalArgumentException- if the specified parameters are not understood by the- PolicySpiimplementation from the selected- Provider
- NoSuchAlgorithmException- if no- Providersupports a- PolicySpiimplementation for the specified type
- NullPointerException- if- typeis- null
- SecurityException- if the caller does not have permission to get a- Policyinstance for the specified type.
- Since:
- 1.6
- See Also:
 
- 
getInstancepublic static Policy getInstance(String type, Policy.Parameters params, String provider) throws NoSuchProviderException, NoSuchAlgorithmException Deprecated, for removal: This API element is subject to removal in a future version.Returns aPolicyobject of the specified type.A new Policyobject encapsulating thePolicySpiimplementation from the specified provider is returned. The specified provider must be registered in the provider list.Note that the list of registered providers may be retrieved via the Security.getProviders()method.- Parameters:
- type- the specified Policy type. See the Policy section in the Java Security Standard Algorithm Names Specification for a list of standard Policy types.
- params- parameters for the- Policy, which may be- null.
- provider- the provider.
- Returns:
- the new Policyobject
- Throws:
- IllegalArgumentException- if the specified provider is- nullor empty, or if the specified parameters are not understood by the- PolicySpiimplementation from the specified provider
- NoSuchAlgorithmException- if the specified provider does not support a- PolicySpiimplementation for the specified type
- NoSuchProviderException- if the specified provider is not registered in the security provider list
- NullPointerException- if- typeis- null
- SecurityException- if the caller does not have permission to get a- Policyinstance for the specified type
- Since:
- 1.6
- See Also:
 
- 
getInstancepublic static Policy getInstance(String type, Policy.Parameters params, Provider provider) throws NoSuchAlgorithmException Deprecated, for removal: This API element is subject to removal in a future version.Returns aPolicyobject of the specified type.A new Policyobject encapsulating thePolicySpiimplementation from the specified provider is returned. Note that the specified provider does not have to be registered in the provider list.- Parameters:
- type- the specified Policy type. See the Policy section in the Java Security Standard Algorithm Names Specification for a list of standard Policy types.
- params- parameters for the- Policy, which may be- null.
- provider- the- Provider.
- Returns:
- the new Policyobject
- Throws:
- IllegalArgumentException- if the specified- Provideris- null, or if the specified parameters are not understood by the- PolicySpiimplementation from the specified- Provider
- NoSuchAlgorithmException- if the specified- Providerdoes not support a- PolicySpiimplementation for the specified type
- NullPointerException- if- typeis- null
- SecurityException- if the caller does not have permission to get a- Policyinstance for the specified type
- Since:
- 1.6
- See Also:
 
- 
getProviderDeprecated, for removal: This API element is subject to removal in a future version.Return theProviderof this policy.This Policyinstance will only have a provider if it was obtained via a call toPolicy.getInstance. Otherwise this method returnsnull.- Returns:
- the Providerof this policy, ornull.
- Since:
- 1.6
 
- 
getTypeDeprecated, for removal: This API element is subject to removal in a future version.Return the type of thisPolicy.This Policyinstance will only have a type if it was obtained via a call toPolicy.getInstance. Otherwise this method returnsnull.- Returns:
- the type of this Policy, ornull.
- Since:
- 1.6
 
- 
getParametersDeprecated, for removal: This API element is subject to removal in a future version.ReturnPolicyparameters.This Policyinstance will only have parameters if it was obtained via a call toPolicy.getInstance. Otherwise this method returnsnull.- Returns:
- Policyparameters, or- null.
- Since:
- 1.6
 
- 
getPermissionsDeprecated, for removal: This API element is subject to removal in a future version.Return a PermissionCollection object containing the set of permissions granted to the specified CodeSource.Applications are discouraged from calling this method since this operation may not be supported by all policy implementations. Applications should solely rely on the impliesmethod to perform policy checks. If an application absolutely must call a getPermissions method, it should callgetPermissions(ProtectionDomain).The default implementation of this method returns Policy.UNSUPPORTED_EMPTY_COLLECTION. This method can be overridden if the policy implementation can return a set of permissions granted to a CodeSource. - Parameters:
- codesource- the CodeSource to which the returned PermissionCollection has been granted.
- Returns:
- a set of permissions granted to the specified CodeSource. If this operation is supported, the returned set of permissions must be a new mutable instance and it must support heterogeneous Permission types. If this operation is not supported, Policy.UNSUPPORTED_EMPTY_COLLECTION is returned.
 
- 
getPermissionsDeprecated, for removal: This API element is subject to removal in a future version.Return a PermissionCollection object containing the set of permissions granted to the specified ProtectionDomain.Applications are discouraged from calling this method since this operation may not be supported by all policy implementations. Applications should rely on the impliesmethod to perform policy checks.The default implementation of this method first retrieves the permissions returned via getPermissions(CodeSource)(the CodeSource is taken from the specified ProtectionDomain), as well as the permissions located inside the specified ProtectionDomain. All of these permissions are then combined and returned in a new PermissionCollection object. IfgetPermissions(CodeSource)returns Policy.UNSUPPORTED_EMPTY_COLLECTION, then this method returns the permissions contained inside the specified ProtectionDomain in a new PermissionCollection object.This method can be overridden if the policy implementation supports returning a set of permissions granted to a ProtectionDomain. - Parameters:
- domain- the ProtectionDomain to which the returned PermissionCollection has been granted.
- Returns:
- a set of permissions granted to the specified ProtectionDomain. If this operation is supported, the returned set of permissions must be a new mutable instance and it must support heterogeneous Permission types. If this operation is not supported, Policy.UNSUPPORTED_EMPTY_COLLECTION is returned.
- Since:
- 1.4
 
- 
impliesDeprecated, for removal: This API element is subject to removal in a future version.Evaluates the global policy for the permissions granted to the ProtectionDomain and tests whether the permission is granted.- Parameters:
- domain- the ProtectionDomain to test
- permission- the Permission object to be tested for implication.
- Returns:
- trueif "permission" is a proper subset of a permission granted to this ProtectionDomain.
- Since:
- 1.4
- See Also:
 
- 
refreshpublic void refresh()Deprecated, for removal: This API element is subject to removal in a future version.Refreshes/reloads the policy configuration. The behavior of this method depends on the implementation. For example, callingrefreshon a file-based policy will cause the file to be re-read.The default implementation of this method does nothing. This method should be overridden if a refresh operation is supported by the policy implementation. 
 
-