policy : Java Glossary

go to home page P words local find full screen, hide local find menu Google search web for more information on this topic jump to foot of page translate this page with Babelfish punctuation 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z (all) ©1996-2010 2008-11-18 Roedy Green, Canadian Mind Products
policy
JDK 1.2+ file that controls what programs, weblets and Applets are allowed to do.
Totally Permission Policy File Will The Real Policy File Please Stand Up.
Applet Control Recovery
Default Learning More
codebase Links
Where are the policy files?

Totally Permission Policy File

A 
// Do what you will. Totally permissive policy file.
grant {
permission java.security.AllPermission;
};

Applet Control

Here
I suspect Applets may still have to be signed, even when you grant them privilege. You may also have to grant permission to the JRE itself and the ext classes. I have not done experiments to find out the grant gotchas.

Default

Sun’s default policy file grants all permissions to the code living in the ext directory, and a few measly permissions

codebase

The codebase parameter describes where the class/jar files are that are being given permission. The same code living in different places may have different permissions. The location of the files you are giving permission to read or write go on the permission statement.

The exact meaning of a codebase value depends on the characters at the end.

Codebase Magic Trailing Characters
Trailing Characters on Codebase Meaning
/ matches all class files (not JAR files) in the specified directory.
/* matches all files (both class and JAR files) contained in that directory.
/- matches all files (both class and JAR files) in the directory and recursively all files in subdirectories contained in that directory.

Where are the policy files?

Exactly how many policy files you have and where they are is controlled by settings in the C:\Program Files\java\jre6\lib\security\java.security or C:\Program Files\Java Web Start\java.security. The Opera browser has its own policy file at C:\Program Files\Opera\classes\Opera.policy.

The default is to have:

  1. a single system-wide policy file C:\Program Files\java\jre6 \lib\security\java.policy in the {$java.home}\lib\security directory.
  2. a user-specific policy file user.home/.java.policy, e.g. "C:\Documents and Settings\ %username%\.java.policy". In Vista, look in "C:\Users\%username%\.java.policy".

The entries in C:\Program Files\java\jre6\lib\security\java.security tell Java where to find your policy files. They look like this:

policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${user.home}/.java.policy
You can find out what directories java.home and user.home point to by looking at the system properties. You can run wassup to discover these system properties.

Then make sure the corresponding java.security file points to your {$java.home}\lib\security\java.policy and user.home\.java.policy files.

Will The Real Policy File Please Stand Up.

Summarising: to find out which policy file(s) your browser is using, run wassup and look for the restricted system property java.security.policy. By default Wassup shows only safe properties. Remember to change the selection to include restricted properities. If there is no such property, look for java.home. Use that to find lib\java.security. Use that to find the system java.policy and user .java.policy files.

Recovery

If you accidentally delete your java.policy or .java.policy file, Java may go nuts, refusing to give permission for anything. All certificates will be rejected. You can recreate it to look like the default displayed above.

Learning More

Sun’s JDK Technote Guide on Permission Names : available:
Sun’s JDK Technote Guide on policy files : available:
Sun’s Developer Online Training on AWT Permissions
Sun’s JDK Technote Guide on Permission Names : available:
java.policy Finder/Viewer
Mitch Gallant’s site for more complex examples
permission
policytool
CMP homejump to top You can get the freshest copy of this page from: or possibly from your local J: drive (Java virtual drive/mindprod.com website mirror)
http://mindprod.com/jgloss/policyfile.html J:\mindprod\jgloss\policyfile.html
CMP logofeedback Please email your feedback for publication, errors, omissions, typos, formatting errors, ambiguities, unclear wording, broken/redirected link reports, suggestions to improve this page or comments to Roedy Green : feedback email
mindprod.com IP:[65.110.21.43]
view BlogYour face IP:[38.107.191.113]
You are visitor number 58,680.