Introduction

This describes a simple example of a Policy descriptor. Let us assume that Phoenix has been integrated with the Policy toolkit and that the snippet defining classloader is included in the deployment format of Phoenix (the .sar file).

The format below should be largely self explanatory if you are familiar with the java.policy file format. One thing that is worth mentioning is that the example uses codebases with a protocol of "sar:". This is a protocol specific to Phoenix and makes it possible to refer to jars and classes contained within the deployment archive. 


<policy version="1.0">

  <!-- define the keystore that is used to load signers from -->
  <keystore name="myKeystore"
            location="sar:/conf/keystore"
            type="JKS"/>

  <!-- grant the java classes defined in
       /SAR-INF/classes/ directory the permission
       to read and write files to temp directory. -->
  <grant code-base="sar:/SAR-INF/classes/">
    <permission class="java.io.FilePermission"
                target="${/}tmp${/}*"
                action="read,write"/>
  </grant>

  <!-- grant the secure.jar the permission to connect
       a socket to localhost ports 1024 and above,
       as long as code has been signed by "Fred". -->
  <grant code-base="sar:/SAR-INF/lib/secure.jar"
         signed-by="Fred"
         key-store="myKeystore" >
    <permission class="java.io.FilePermission"
                target="localhost:1024-"
                action="accept,connect,listen"/>
  </grant>

</policy>