In this chapter, we’re going to explore the default sandbox that is used by most Java programs. The default sandbox is designed to allow an end user or system administrator to easily change the parameters of the sandbox so that certain programs may run with a very specific set of permissions. If you’re interested in how an applet running in the Java Plug-in can read a file, this chapter provides the information that you need. If you’re interested in having your own applications use the (possibly modified) sandbox, this is the place to be.

The information in this chapter is targeted to end users and system administrators: those are the people who are ultimately responsible for defining the security policies that their programs use. Except in special circumstances, it is not possible to change security policies programmatically: in the default sandbox, there is no API that a developer can use that allows her to change a security policy. If you want your program to read a local file, then you must tell the user who will run that program to modify the security policy of his machine before he runs your program. However, developers do need to understand the concepts (and especially the terms) that we define in this chapter.

In the next few chapters, we’ll discuss the programmatic details of how the sandbox is implemented; this will give you a better understanding of how Java security works and allow you to develop your own programs that implement a different ...