Java Reference
In-Depth Information
end of the name, following a
"."
or by itself, to signify a wildcard match.
For example:
"java.*"
or
"*"
are valid;
"*java"
or
"x*y"
are not valid.
FilePermission
and
SocketPermission
are subclasses of
Permission
. These
classes can have a more complicated name syntax than that used for
basic permissions. For example, for a
FilePermission
object, the permis-
sion name is the pathname of a file (or directory) and can cover multiple
files by using
"*"
to mean all files in the specified directory and using
"-"
to mean all files in the specified directory as well as all files in all
subdirectories.
All permissions can also have an
action list
associated with them that
defines the different actions permitted by that object. For example, the
action list for a
FilePermission
object can contain any combination of
"read"
,
"write"
,
"execute"
, or
"delete"
, specifying actions that can be per-
formed on the named file (or directory). Many basic permissions do not
use the action list, but some, such as
PropertyPermission
do. The name
of a
PropertyPermission
is the name of the property it represents and the
actions can be
"read"
or
"write"
, which let you invoke
System.getProperty
and
System.setProperty
, respectively, with that property name. For ex-
ample, a
PropertyPermission
with the name
"java.*"
and action
"read"
al-
lows you to retrieve the values of all system properties that start with
"java."
.
23.5.3. Security Policies
The security policy for a given execution of the runtime system is rep-
resented by a
java.security.Policy
object or, more specifically, by a con-
crete subclass of the abstract
Policy
class. The
Policy
object maintains
the sets of permissions that have been assigned to the different protec-
tion domains, according to their code source. How the security policy is
communicated to the
Policy
object is a function of the actual implement-
ation of that policy. The default implementation is to use policy files to
list the different permissions that are granted to each code source.