5.2. Describing Code
The security policy is essentially an access control matrix that describes code according to its characteristics and the permissions it is granted. The CodeSource and Principal classes are used to describe code.
Code is fully characterized by three things. One is its origin, or its location as specified by a URL. The second, applicable if the code is signed, is the set of digital certificates containing the public keys corresponding to the private keys used to sign the code. (Note: Digital certificates are described in Section 8.1.) The first two characteristics are captured in the class java.security.CodeSource, which can be viewed as a natural extension of the concept of a code base within HTML, although ...