5.4. Security Policy
The security behavior of a Java runtime environment is specified by the security policy in effect during runtime. In abstract terms, the security policy is a typical access control matrix that says what system resources can be accessed, in what fashion, and under what circumstances. For example, one entry in the matrix shown in Figure 5.2 says something like, “When running an applet downloaded from http://java.sun.com, allow it to read the file x.” More specifically, a security policy is a mapping from a set of properties that characterize running code to a set of access permissions granted to the code.
Figure 5.2. Policy matrix
In J2SE, the expression of policy is declarative in nature, that is, nonprogrammatically ...