Java 2 access control

Java 2 access control

The Java 2 security policy is an access-control matrix that specifies...

which system resources certain code bases can access
who must sign them

The Java 2 security policy is declarative and is enforced by the java.security.AccessController.checkPermission method. For example
xcall = m;
while (xcall > 0) 
{
    if (xcall's domain does not have the permission)
        throw AccessControlException;
    else if (xcall is marked as privileged)
        return;
    xcall = xcall - 1;
};
A java.security.AccessControlException exception is created when certain classes on the call stack are missing the required permissions. To resolve, either:

Grant the missing permission to the application.
Mark some code as privileged, after considering the issues and risks.

Security: Resources for learning
Java 2 security policy files
JavaMail API security permissions best practices