The various restrictions on applets that we’ve mentioned in this chapter are a product of Java’s security mechanism. There are security mechanisms at several points in Java: in the language itself, in the virtual machine, and built into the Java API. As far as threads are concerned, only the security mechanisms of the API come into consideration, and we’ll examine how those mechanisms affect both threads and thread groups in this section. The enforcement of security is a prime reason behind the ThreadGroup class.

Java’s thread security is enforced by the SecurityManager class; security policies in a Java program are established when an instance of this class is instantiated and installed in the virtual machine. When certain operations are attempted on threads or thread groups, the API consults the security manager to determine if those operations are permitted. Prior to Java 2, there was no security manager in a Java application unless you wrote and installed one yourself; this is the reason that all the operations we’ve discussed are legal in Java applications. In a Java applet, there is typically a security manager in place that enforces particular restrictions.