In this chapter, we’ve looked at Java’s access control mechanism. The access controller is the most powerful security feature of the Java platform: it protects most of the vital resources on a user’s machine, and it allows users (or system administrators) to customize the security policy of a particular application simply by modifying entries in the java.policy (and/or other similar) files.

The access controller is able to control access to a well-established set of system resources (files, sockets, etc.), but it is extensible as well: you can create your own permission classes that the access controller can use in order to grant or to deny access to any resource that you like.

In the next chapter, we’ll look into more details of implementing a security policy, including the important relationship between the access controller and the security manager. And, because the access controller is only available with Java 1.2, we’ll look at how the security manager can be used to implement a security policy in earlier releases of Java as well.