policy : Java Glossary


Java version 1.2 or later file that controls what programs, weblets and Applets are allowed to do.
Totally Permission Policy File Will The Real Policy File Please Stand Up.
Applet Control Recovery
Default Disadvantages
codebase Learning More
Where are the policy files? Links

Totally Permission Policy File

// Do what you will. Totally permissive policy file.
grant {
permission java.security.AllPermission;

Applet Control

Here  I suspect Applets may still have to be signed, even when you grant them privilege. You may also have to grant permission to the JRE (Java Runtime Environment) itself and the ext classes. I have not done experiments to find out the grant gotchas.


Oracle’s default policy file grants all permissions to the code living in the ext directory, and a few measly permissions 


The codebase parameter describes where the class/jar files are that are being given permission. The same code living in different places may have different permissions. The location of the files you are giving permission to read or write go on the permission statement.

The exact meaning of a codebase value depends on the characters at the end.

Codebase Magic Trailing Characters
Trailing Characters on Codebase Meaning
/ matches all class files (not JAR files) in the specified directory.
/* matches all files (both class and JAR files) contained in that directory.
/- matches all files (both class and JAR files) in the directory and recursively all files in subdirectories contained in that directory.

Where are the policy files?

Exactly how many policy files you have and where they are is controlled by settings in the C:\Program Files\java\jre1.8.0_25\ \lib\security\java.security or C:\Program Files\Java Web Start\java.security . The Opera browser has its own policy file at C:\Program Files\Opera\classes\Opera.policy .

The default is to have:

  1. a single system-wide policy file C:\Program Files\java\jre1.8.0_25\ \lib\security\java.policy in the {$java.home}\lib\security\java.policy directory. e.g.
    C:\Program Files\Java\jre7\lib\security\java.policy
    C:\Program Files\Java\jre7\lib\security\javaws.policy
    C:\Program Files (x86)\Java\jre7\lib\security\java.policy
    C:\Program Files (x86)\Java\jre7\lib\security\javaws.policy
  2. a user-specific policy file user.home/.java.policy, (note the lead dot) e.g. "C:\Documents and Settings\ user\.java.policy". In Vista, W2008, W7-32, W7-64, W8-32 and W8-64 look in C:\Users\user\.java.policy.

The entries in C:\Program Files\java\jre1.8.0_25\ \lib\security\java.security/java.policy tell Java where to find your policy files. They look like this:

You can find out what directories java.home and user.home point to by looking at the system properties. You can run wassup to discover these system properties.

Then make sure the corresponding java.security file points to your {$java.home}\lib\security\java.policy and user.home\.java.policy files.

If you have Take Command, you can find the java.policy and .java.policy files with dir /bs *.policy

Will The Real Policy File Please Stand Up.

Summarising: to find out which policy file(s) your browser is using, run wassup and look for the restricted system property java.security.policy. By default Wassup shows only safe properties. Remember to change the selection to include restricted prosperities. If there is no such property, look for java.home. Use that to find lib\java.security. Use that to find the system java.policy and user .java.policy files.


If you accidentally delete your java.policy or .java.policy file, Java may go nuts, refusing to give permission for anything. All certificates will be rejected. You can recreate it to look like the default displayed above.


There are three problems with editing the policy file to grant your applet permission:

Learning More

Oracle’s Technote Guide on Permission Names : available:
Oracle’s Technote Guide on AWTPermission Names : available:
Oracle’s Technote Guide on policy files : available:
Oracle’s Technote Guide on Permission Names : available:
Oracle’s Javadoc on AWT Permissions : available:

This page is posted
on the web at:


Optional Replicator mirror
of mindprod.com
on local hard disk J:

Please the feedback from other visitors, or your own feedback about the site.
Contact Roedy. Please feel free to link to this page without explicit permission.
no blog for this page
Your face IP:[]
You are visitor number