So i ended up extending the Policy
and PermissionCollection
classes and at the beginning of my program i made a call to Policy.setPolicy()
. Essentially this gives you an in-code way of setting some policies. I don't know if it's useful in general but it's useful to me because i would like to grant java.io.FilePermission
to specific directories that may change over time.
Anyway, here is some code to demonstrate what i did:
public class AwesomePolicy extends Policy {
private PermissionCollection myPermissions;
private List<Path> inputPaths;
private List<Path> processPaths;
public AwesomePolicy(List<Path> inputPaths, List<Path> processPaths){
this.inputPaths=inputPaths; // shallow copy
this.processPaths=processPaths; // shallow copy
myPermissions = new AwesomePermissionCollection();
populateAwesomePermissionCollection();
}
@Override
public PermissionCollection getPermissions(CodeSource codesource){
return permissions;
}
private void populateAwesomePermissionCollection(){
for(Path p : inputPaths){
myPermissions.add(new FilePermission(p.toString() + File.separatorChar + "*", "read, write");
for(Path p: processPaths){
myPermissions.add(new FilePermission(p.toString() + File.separatorChar + "*", "read, write");
}
}
}
public AwesomePermissionCollection extends PermissionCollection{
private static final long serialVersionUID = -7456927975079431927L;
List<Permission> myPermissions = new ArrayList<Permission>();
@Override
public void add(Permission p){
myPermissions.add(p);
}
@Override
public Enumeration<Permission> elements(){
return Collections.enumeration(myPermissions);
}
@Override
public boolean implies(Permission permission){
for(Permission p: myPermissions){
if(p.implies(permission)){
return true;
}
}
return false;
}
}
and then in my main program i just did Policy.setPolicy(new AwesomePolicy(inputPaths, processPaths));
where inputPaths
and processPaths
were first fetched from a database table.