public abstract class Policy extends Object
 There is only one Policy object installed in the runtime at any
 given time.  A Policy object can be installed by calling the
 setPolicy method.  The installed Policy object can be
 obtained by calling the getPolicy method.
 
 If no Policy object has been installed in the runtime, a call to
 getPolicy installs an instance of the default Policy
 implementation (a default subclass implementation of this abstract class).
 The default Policy implementation can be changed by setting the value
 of the policy.provider security property to the fully qualified
 name of the desired Policy subclass implementation.
 
 Application code can directly subclass Policy to provide a custom
 implementation.  In addition, an instance of a Policy object can be
 constructed by invoking one of the getInstance factory methods
 with a standard type.  The default policy type is "JavaPolicy".
 
 Once a Policy instance has been installed (either by default, or by
 calling setPolicy), the Java runtime invokes its
 implies method when it needs to
 determine whether executing code (encapsulated in a ProtectionDomain)
 can perform SecurityManager-protected operations.  How a Policy object
 retrieves its policy data is up to the Policy implementation itself.
 The policy data may be stored, for example, in a flat ASCII file,
 in a serialized binary file of the Policy class, or in a database.
 
 The refresh method causes the policy object to
 refresh/reload its data.  This operation is implementation-dependent.
 For example, if the policy object stores its data in configuration files,
 calling refresh will cause it to re-read the configuration
 policy files.  If a refresh operation is not supported, this method does
 nothing.  Note that refreshed policy may not have an effect on classes
 in a particular ProtectionDomain. This is dependent on the Policy
 provider's implementation of the implies
 method and its PermissionCollection caching strategy.
Provider, 
ProtectionDomain, 
Permission, 
security properties| Modifier and Type | Class and Description | 
|---|---|
| static interface  | Policy.ParametersThis represents a marker interface for Policy parameters. | 
| Modifier and Type | Field and Description | 
|---|---|
| static PermissionCollection | UNSUPPORTED_EMPTY_COLLECTIONA read-only empty PermissionCollection instance. | 
| Constructor and Description | 
|---|
| Policy() | 
| Modifier and Type | Method and Description | 
|---|---|
| static Policy | getInstance(String type,
           Policy.Parameters params)Returns a Policy object of the specified type. | 
| static Policy | getInstance(String type,
           Policy.Parameters params,
           Provider provider)Returns a Policy object of the specified type. | 
| static Policy | getInstance(String type,
           Policy.Parameters params,
           String provider)Returns a Policy object of the specified type. | 
| Policy.Parameters | getParameters()Return Policy parameters. | 
| PermissionCollection | getPermissions(CodeSource codesource)Return a PermissionCollection object containing the set of
 permissions granted to the specified CodeSource. | 
| PermissionCollection | getPermissions(ProtectionDomain domain)Return a PermissionCollection object containing the set of
 permissions granted to the specified ProtectionDomain. | 
| static Policy | getPolicy()Returns the installed Policy object. | 
| Provider | getProvider()Return the Provider of this Policy. | 
| String | getType()Return the type of this Policy. | 
| boolean | implies(ProtectionDomain domain,
       Permission permission)Evaluates the global policy for the permissions granted to
 the ProtectionDomain and tests whether the permission is
 granted. | 
| void | refresh()Refreshes/reloads the policy configuration. | 
| static void | setPolicy(Policy p)Sets the system-wide Policy object. | 
public static final PermissionCollection UNSUPPORTED_EMPTY_COLLECTION
public static Policy getPolicy()
setPolicy.
 This method first calls
 SecurityManager.checkPermission with a
 SecurityPermission("getPolicy") permission
 to ensure it's ok to get the Policy object.SecurityException - if a security manager exists and its
        checkPermission method doesn't allow
        getting the Policy object.SecurityManager.checkPermission(Permission), 
setPolicy(java.security.Policy)public static void setPolicy(Policy p)
SecurityManager.checkPermission with a
 SecurityPermission("setPolicy")
 permission to ensure it's ok to set the Policy.p - the new system Policy object.SecurityException - if a security manager exists and its
        checkPermission method doesn't allow
        setting the Policy.SecurityManager.checkPermission(Permission), 
getPolicy()public static Policy getInstance(String type, Policy.Parameters params) throws NoSuchAlgorithmException
This method traverses the list of registered security providers, starting with the most preferred Provider. A new Policy object encapsulating the PolicySpi implementation from the first Provider that supports the specified type is returned.
 Note that the list of registered providers may be retrieved via
 the Security.getProviders() method.
type - the specified Policy type.  See the Policy section in the
    
    Java Cryptography Architecture Standard Algorithm Name Documentation
    for a list of standard Policy types.params - parameters for the Policy, which may be null.SecurityException - if the caller does not have permission
          to get a Policy instance for the specified type.NullPointerException - if the specified type is null.IllegalArgumentException - if the specified parameters
          are not understood by the PolicySpi implementation
          from the selected Provider.NoSuchAlgorithmException - if no Provider supports a PolicySpi
          implementation for the specified type.Providerpublic static Policy getInstance(String type, Policy.Parameters params, String provider) throws NoSuchProviderException, NoSuchAlgorithmException
A new Policy object encapsulating the PolicySpi implementation from the specified provider is returned. The specified provider must be registered in the provider list.
 Note that the list of registered providers may be retrieved via
 the Security.getProviders() method.
type - the specified Policy type.  See the Policy section in the
    
    Java Cryptography Architecture Standard Algorithm Name Documentation
    for a list of standard Policy types.params - parameters for the Policy, which may be null.provider - the provider.SecurityException - if the caller does not have permission
          to get a Policy instance for the specified type.NullPointerException - if the specified type is null.IllegalArgumentException - if the specified provider
          is null or empty,
          or if the specified parameters are not understood by
          the PolicySpi implementation from the specified provider.NoSuchProviderException - if the specified provider is not
          registered in the security provider list.NoSuchAlgorithmException - if the specified provider does not
          support a PolicySpi implementation for the specified type.Providerpublic static Policy getInstance(String type, Policy.Parameters params, Provider provider) throws NoSuchAlgorithmException
A new Policy object encapsulating the PolicySpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list.
type - the specified Policy type.  See the Policy section in the
    
    Java Cryptography Architecture Standard Algorithm Name Documentation
    for a list of standard Policy types.params - parameters for the Policy, which may be null.provider - the Provider.SecurityException - if the caller does not have permission
          to get a Policy instance for the specified type.NullPointerException - if the specified type is null.IllegalArgumentException - if the specified Provider is null,
          or if the specified parameters are not understood by
          the PolicySpi implementation from the specified Provider.NoSuchAlgorithmException - if the specified Provider does not
          support a PolicySpi implementation for the specified type.Providerpublic Provider getProvider()
 This Policy instance will only have a Provider if it
 was obtained via a call to Policy.getInstance.
 Otherwise this method returns null.
public String getType()
 This Policy instance will only have a type if it
 was obtained via a call to Policy.getInstance.
 Otherwise this method returns null.
public Policy.Parameters getParameters()
 This Policy instance will only have parameters if it
 was obtained via a call to Policy.getInstance.
 Otherwise this method returns null.
public PermissionCollection getPermissions(CodeSource codesource)
 Applications are discouraged from calling this method
 since this operation may not be supported by all policy implementations.
 Applications should solely rely on the implies method
 to perform policy checks.  If an application absolutely must call
 a getPermissions method, it should call
 getPermissions(ProtectionDomain).
 
The default implementation of this method returns Policy.UNSUPPORTED_EMPTY_COLLECTION. This method can be overridden if the policy implementation can return a set of permissions granted to a CodeSource.
codesource - the CodeSource to which the returned
          PermissionCollection has been granted.public PermissionCollection getPermissions(ProtectionDomain domain)
 Applications are discouraged from calling this method
 since this operation may not be supported by all policy implementations.
 Applications should rely on the implies method
 to perform policy checks.
 
 The default implementation of this method first retrieves
 the permissions returned via getPermissions(CodeSource)
 (the CodeSource is taken from the specified ProtectionDomain),
 as well as the permissions located inside the specified ProtectionDomain.
 All of these permissions are then combined and returned in a new
 PermissionCollection object.  If getPermissions(CodeSource)
 returns Policy.UNSUPPORTED_EMPTY_COLLECTION, then this method
 returns the permissions contained inside the specified ProtectionDomain
 in a new PermissionCollection object.
 
This method can be overridden if the policy implementation supports returning a set of permissions granted to a ProtectionDomain.
domain - the ProtectionDomain to which the returned
          PermissionCollection has been granted.public boolean implies(ProtectionDomain domain, Permission permission)
domain - the ProtectionDomain to testpermission - the Permission object to be tested for implication.ProtectionDomainpublic void refresh()
refresh
 on a file-based policy will cause the file to be re-read.
 The default implementation of this method does nothing. This method should be overridden if a refresh operation is supported by the policy implementation.
 Submit a bug or feature 
For further API reference and developer documentation, see Java SE Documentation. That documentation contains more detailed, developer-targeted descriptions, with conceptual overviews, definitions of terms, workarounds, and working code examples.
 Copyright © 1993, 2025, Oracle and/or its affiliates.  All rights reserved. Use is subject to license terms. Also see the documentation redistribution policy.