|
|
Remember, Policy maps the code sources to their permissions, and the Policy
object is, essentially, a Singleton. The methods we commonly use
on Policy are getPermissions(), getPolicy(), refresh(), and setPolicy().
Now we'll look at getPermissions().
-
getPermissions() returns to us a PermissionCollection
object. This is fairly self-explanatory; a PermissionCollection is
simply a collection of allowed permissions.
-
Additionally, each class has a ProtectionDomain
that encapsulates the code source and corresponding PermissionCollection.
-
You can get this by calling the getProtectionDomain
of the Class
object.
-
The Class object must represent the class in which you are interested in
finding permissions. Use the forName()
static method of class Class to get this.
-
Sound confusing? How about this:
ProtectionDomain pd = Class.forName("Car").getProtectionDomain()
-
ProtectionDomain has four methods:
-
CodeSource getCodeSource() - returns a CodeSource
object that encapsulates both the location (URL) of the code and any certificates.
-
PermissionCollection getPermissions() - returns the PermissionCollection,
discussed earlier.
-
boolean implies(Permission permission) - returns true if the ProtectionDomain
implies the permission represented in the Permission object.
-
String toString() - overrides the default toString()
method of class Object.
-
The ProtectionDomain is set when the class is loaded.
-
The SecureClassLoader uses the policy object to find permissions for the
code source. Then it creates a ProtectionDomain with the permissions
and code sources.
-
The SecurityManager checks requested permissions against granted permissions.
-
It gets the ProtectionDomains of all of the classes on the stack, and asks
if they permit the operation being requested. If so, the operation
can continue. If not, a SecurityException is thrown.
-
By checking all classes, the SecurityManager ensures that the most restrictive
policy of all classes on the stack is enforced.
Security Policy Files
|