User guide

Developing Java Applications

7-23

To Grant Permission for Each Code Base

grant codeBase <URL>{

permission <access-permission-class-name> “<target-name>”, “<action-name>”;

...

};

To Grant Permission for Each User Principal

grant codeBase <URL>,

principal <principal-class-name> “<principal-name>”,

... {

permission <access-permission-class-name> “<target-name>”, “<action-name>”;

...

};

• codeBase Field

The codeBase value (<URL>) indicates the position where a code is set. Access permission is

given for a code loaded from the specified position. If this field is omitted, access permission is

granted for all codes regardless of the original code position.

• principal Field

Specify both a principal-class-name and principal-name in this field as a pair. Access permission is

granted for a pair in a principal set for a thread under process. The Subject object associates the

principal set with a code to be executed. If this field is omitted, access permission is granted for all

pairs.

• Access Permission Entry

This entry starts with permission. Specify an access permission class name such as

java.util.PropertyPermission or java.io.FilePermission in access-permission-class-name. Write a

target-name and action-name as required after the access permission class name. For example,

when java.util.PropertyPermission is specified, the system property name can be specified for

target-name and “read” and “write” can be specified for action-name. For information on setting

access permission, refer to the J2SDK and JAAS documents provided by Sun Microsystems, Inc.

Escape Character

The symbol \ is processed as an escape character in a security policy file. Therefore, use \\ as a file

separator when writing a path name in URL.