In this chapter, we’ve looked at Java’s access control mechanism. The access controller is the most powerful security feature of the Java platform: it protects most of the vital resources on a user’s machine, and it allows users (or system administrators) to customize the security policy of a particular application simply by modifying entries in java.policy and other similar files.

The access controller is able to control access to a well-established set of system resources (files, sockets, etc.), but it is extensible as well: you can create permission classes that the access controller can use to grant or deny access to any resource that you like.

In the next chapter, we’ll look how the class loader completes the implementation of a security policy by associated code sources and protection domains with specific classes.