Interface Policy


public interface Policy
A Policy object is responsible for determining whether a caller principal (including the unauthenticated one) has permission to perform a security-sensitive operation.

A Policy uses the Subject as a holder for the caller principal. A Subject, being a "bag of principals" does not specify which of the potentially many principals represents the caller principal. As a low level artifact (aimed at Jakarta EE runtime interaction with the security system) this allows for an amount of runtime specific behaviour and optimisations.

Policies typically, but not necessarily, make use of the Permission instances hold by the PolicyConfiguration instance for a given policy context. In a Jakarta EE Servlet environment these contain the transformed security constraints as expressed by XML in web.xml, via annotations, or which are programmatically set using the Jakarta Servlet APIs.

Author:
Arjan Tijms