Java Policy
# What
The policy for a Java™ programming language application environment (specifying which permissions are available for code from various sources, and executing as various principals) is represented by a Policy object. More specifically, it is represented by a Policy
subclass providing an implementation of the abstract methods in the Policy
class (which is in the java.security
package).
Java™ 编程语言应用环境的安全策略是以一个 Policy 对象表示的。具体来说,它表示一个 Policy 的子类,该子类提供了类 Policy(在 java.security 包中)的抽象方法的实现。
# Why
Policy 定义了很多 Permission,包括文件读取、网络等。只需要一个文件,就可以相对简单有效的控制 Java 程序的安全。
# How
Example:
// If the code is signed by "Duke", grant it read/write access to all // files in /tmp: grant signedBy "Duke" { permission java.io.FilePermission "/tmp/*", "read,write"; }; // Grant everyone the following permission: grant { permission java.util.PropertyPermission "java.vendor", "read"; };
# Reference
http://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html