In Chapter 4, we examined the security manager in the context of existing implementations of the security manager for use in Java-enabled browsers; we followed that with a discussion of the access control mechanism and Java’s ability to define access policies.
In this chapter, we’ll put that information together and look at how the security manager is actually implemented, and how you can implement your own security manager. There are three times when it’s important to write your own security manager:
RMI wants you to provide a security manager for all RMI servers; for RMI servers that load client classes, a security manager is required. There is a default RMI security manager that you may use for this purpose, or you may write your own.
If you’re writing your own Java-enabled browser, you’ll want to provide a security manager. In addition, if you’re using an existing browser, you may want to use a different security manager in that browser. Some browsers already allow the user to specify a different security manager via a property; other browsers can be licensed for this type of customization.
If you download, install, and run Java applications on your machine, you may want to provide a security manager to protect your system against those applications the same way that it is protected against Java applets. In Java 1.1 and earlier releases, this requires you to write a security manager. ...