847 # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ |
847 # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ |
848 # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ |
848 # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ |
849 # FFFFFFFF FFFFFFFF, 2} |
849 # FFFFFFFF FFFFFFFF, 2} |
850 |
850 |
851 # Cryptographic Jurisdiction Policy defaults |
851 # Cryptographic Jurisdiction Policy defaults |
852 # |
852 # |
853 # Due to the import control restrictions of some countries, the default |
853 # Due to the import control restrictions of some countries, the default |
854 # JCE policy files allow for strong but "limited" cryptographic key |
854 # JCE policy files allow for strong but "limited" cryptographic key |
855 # lengths to be used. If your country's cryptographic regulations allow, |
855 # lengths to be used. If your country's cryptographic regulations allow, |
856 # the "unlimited" strength policy files can be used instead, which contain |
856 # the "unlimited" strength policy files can be used instead, which contain |
857 # no restrictions on cryptographic strengths. |
857 # no restrictions on cryptographic strengths. |
858 # |
858 # |
859 # If your country has restrictions that don't fit either "limited" or |
859 # If your country has restrictions that don't fit either "limited" or |
860 # "unlimited", an appropriate set of policy files should be created and |
860 # "unlimited", an appropriate set of policy files should be created and |
861 # configured before using this distribution. The jurisdiction policy file |
861 # configured before using this distribution. The jurisdiction policy file |
862 # configuration must reflect the cryptographic restrictions appropriate |
862 # configuration must reflect the cryptographic restrictions appropriate |
863 # for your country. |
863 # for your country. |
864 # |
864 # |
865 # YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY |
865 # YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY |
866 # TO DETERMINE THE EXACT REQUIREMENTS. |
866 # TO DETERMINE THE EXACT REQUIREMENTS. |
867 # |
867 # |
868 # The policy files are flat text files organized into subdirectories of |
868 # The policy files are flat text files organized into subdirectories of |
869 # <java-home>/conf/security/policy. Each directory contains a complete |
869 # <java-home>/conf/security/policy. Each directory contains a complete |
870 # set of policy files. |
870 # set of policy files. |
871 # |
871 # |
872 # The "crypto.policy" Security property controls the directory selection, |
872 # The "crypto.policy" Security property controls the directory selection, |
873 # and thus the effective cryptographic policy. |
873 # and thus the effective cryptographic policy. |
874 # |
874 # |
875 # The default set of directories is: |
875 # The default set of directories is: |
876 # |
876 # |
877 # limited | unlimited |
877 # limited | unlimited |
878 # |
878 # |
879 # however other directories can be created and configured. |
879 # however other directories can be created and configured. |
880 # |
880 # |
881 # Within a directory, the effective policy is the combined minimum |
881 # Within a directory, the effective policy is the combined minimum |
882 # permissions of the grant statements in the file(s) with the filename |
882 # permissions of the grant statements in the file(s) with the filename |
883 # pattern "default_*.policy". At least one grant is required. For |
883 # pattern "default_*.policy". At least one grant is required. For |
884 # example: |
884 # example: |
885 # |
885 # |
889 # The effective exemption policy is the combined minimum permissions |
889 # The effective exemption policy is the combined minimum permissions |
890 # of the grant statements in the file(s) with the filename pattern |
890 # of the grant statements in the file(s) with the filename pattern |
891 # "exempt_*.policy". Exemption grants are optional. |
891 # "exempt_*.policy". Exemption grants are optional. |
892 # |
892 # |
893 # limited = grants exemption permissions, by which the |
893 # limited = grants exemption permissions, by which the |
894 # effective policy can be circumvented. |
894 # effective policy can be circumvented. |
895 # e.g. KeyRecovery/Escrow/Weakening. |
895 # e.g. KeyRecovery/Escrow/Weakening. |
896 # |
896 # |
897 # Please see the JCA documentation for additional information on these |
897 # Please see the JCA documentation for additional information on these |
898 # files and formats. |
898 # files and formats. |
|
899 # |
|
900 # Note: This property is currently used by the JDK Reference implementation. |
|
901 # It is not guaranteed to be examined and used by other implementations. |
|
902 # |
899 crypto.policy=crypto.policydir-tbd |
903 crypto.policy=crypto.policydir-tbd |
900 |
904 |
901 # |
905 # |
902 # The policy for the XML Signature secure validation mode. The mode is |
906 # The policy for the XML Signature secure validation mode. The mode is |
903 # enabled by setting the property "org.jcp.xml.dsig.secureValidation" to |
907 # enabled by setting the property "org.jcp.xml.dsig.secureValidation" to |
949 # Patterns are separated by ";" (semicolon). |
953 # Patterns are separated by ";" (semicolon). |
950 # Whitespace is significant and is considered part of the pattern. |
954 # Whitespace is significant and is considered part of the pattern. |
951 # |
955 # |
952 # If a pattern includes a "=", it sets a limit. |
956 # If a pattern includes a "=", it sets a limit. |
953 # If a limit appears more than once the last value is used. |
957 # If a limit appears more than once the last value is used. |
954 # Limits are checked before classes regardless of the order in the sequence of patterns. |
958 # Limits are checked before classes regardless of the order in the |
|
959 # sequence of patterns. |
955 # If any of the limits are exceeded, the filter status is REJECTED. |
960 # If any of the limits are exceeded, the filter status is REJECTED. |
956 # |
961 # |
957 # maxdepth=value - the maximum depth of a graph |
962 # maxdepth=value - the maximum depth of a graph |
958 # maxrefs=value - the maximum number of internal references |
963 # maxrefs=value - the maximum number of internal references |
959 # maxbytes=value - the maximum number of bytes in the input stream |
964 # maxbytes=value - the maximum number of bytes in the input stream |
960 # maxarray=value - the maximum array length allowed |
965 # maxarray=value - the maximum array length allowed |
961 # |
966 # |
962 # Other patterns, from left to right, match the class or package name as |
967 # Other patterns, from left to right, match the class or package name as |
963 # returned from Class.getName. |
968 # returned from Class.getName. |
964 # If the class is an array type, the class or package to be matched is the element type. |
969 # If the class is an array type, the class or package to be matched is the |
|
970 # element type. |
965 # Arrays of any number of dimensions are treated the same as the element type. |
971 # Arrays of any number of dimensions are treated the same as the element type. |
966 # For example, a pattern of "!example.Foo", rejects creation of any instance or |
972 # For example, a pattern of "!example.Foo", rejects creation of any instance or |
967 # array of example.Foo. |
973 # array of example.Foo. |
968 # |
974 # |
969 # If the pattern starts with "!", the status is REJECTED if the remaining pattern |
975 # If the pattern starts with "!", the status is REJECTED if the remaining |
970 # is matched; otherwise the status is ALLOWED if the pattern matches. |
976 # pattern is matched; otherwise the status is ALLOWED if the pattern matches. |
971 # If the pattern contains "/", the non-empty prefix up to the "/" is the module name; |
977 # If the pattern contains "/", the non-empty prefix up to the "/" is the |
|
978 # module name; |
972 # if the module name matches the module name of the class then |
979 # if the module name matches the module name of the class then |
973 # the remaining pattern is matched with the class name. |
980 # the remaining pattern is matched with the class name. |
974 # If there is no "/", the module name is not compared. |
981 # If there is no "/", the module name is not compared. |
975 # If the pattern ends with ".**" it matches any class in the package and all subpackages. |
982 # If the pattern ends with ".**" it matches any class in the package and all |
|
983 # subpackages. |
976 # If the pattern ends with ".*" it matches any class in the package. |
984 # If the pattern ends with ".*" it matches any class in the package. |
977 # If the pattern ends with "*", it matches any class with the pattern as a prefix. |
985 # If the pattern ends with "*", it matches any class with the pattern as a |
|
986 # prefix. |
978 # If the pattern is equal to the class name, it matches. |
987 # If the pattern is equal to the class name, it matches. |
979 # Otherwise, the status is UNDECIDED. |
988 # Otherwise, the status is UNDECIDED. |
980 # |
989 # |
981 #jdk.serialFilter=pattern;pattern |
990 #jdk.serialFilter=pattern;pattern |
982 |
991 |