This class represents a security policy that determines the permissions granted to code based on its source and signers, and, in Java 1.4 and later, based on the user on whose behalf that code is running. There is only a single Policy in effect at any one time. Obtain the system policy by calling the static getPolicy( ) method. Code that has appropriate permissions can specify a new system policy by calling setPolicy( ). The refresh( ) method is a request to a Policy object to update its state (for example, by rereading its configuration file). The Policy class is used primarily by system-level code. Applications should not need to use this class unless they implement some kind of custom access-control mechanism.

Prior to Java 1.4, this class provides a mapping from CodeSource objects to PermissionCollection objects. getPermissions( ) is the central Policy method; it evaluates the Policy for a given CodeSource and returns an appropriate PermissionCollection representing the static set of permissions available to code from that source.

As of Java 1.4, you can use a ProtectionDomain object to encapsulate a CodeSource and a set of users on whose behalf the code is running. In this release, there is a new getPermissions( ) method that returns a PermissionsCollection appropriate for the specified ProtectionDomain. In addition, there is a new implies( ) method that dynamically queries the Policy to see if the specified permission is granted to the specific ProtectionDomain.

public abstract class Policy {
// Public Constructors
     public Policy( );  
// Public Class Methods
     public static java.security.Policy getPolicy( );  
     public static void setPolicy(java.security.Policy p);  
// Public Instance Methods
     public abstract PermissionCollection getPermissions(CodeSource codesource);
1.4  public PermissionCollection getPermissions(ProtectionDomain domain);  
1.4  public boolean implies(ProtectionDomain domain, Permission permission);  
     public abstract void refresh( );  
}