The Java platform allows fine-grained access control to computing resources (such as disk files and network connections) based on the degree of trust the user has in the code. Most of the base security features of the Java platform are designed to protect users from potentially malicious code. For example, digitally signed code, backed by a third-party certificate, ensures the identity of the code source. Based on his knowledge of the code source, a user can choose to grant or deny execution rights to this code. Similarly, a user can grant or deny access based on the download URL of a given code source.

Access control on Java-based systems is implemented via a policy file, which contains statements like the one below:

grant signedBy "Brad", codeBase "http://www.bradrubin.com" {

       permission java.io.FilePermission "/tmp/abc", "read";
};

This statement allows code signed by "Brad" and loaded from http://www.bradrubin.com to read the /tmp/abc directory.

Other Java platform features, such as lack of pointers, further protect users from potentially malicious code. Working together, JAAS's authentication and authorization services provide a complementary function: they protect sensitive Java application code from potentially malicious users.