Each running JVM has at most one SecurityManager installed. SecurityManager is a class in the java.lang package. So, you can subclass this and establish your own security manager using the System.setSecurityManager() method. Once a manager is installed, it cannot be replaced. So, once a program has set the security manager, a SecurityException will be thrown if another attempt is made. No one can maliciously alter its function by replacing it.

 

What it allows you to do:

• allows you to establish a security policy such that you can trust or restrict the operations of a Java program
• restrict file i/o
• restrict network connections
• restrict access to native code
• restrict launching of other processes
  

 

The process:

• The Java program attempts to do an operation that may be restricted.
• It checks with the SecurityManager to see if the operation is allowable or denied.
• If permissions are granted, then the operation is performed.
• If permission is denied, a SecurityException is thrown. This is a RuntimeException so does not need to be within a try/catch block.
  
  

Tip to create your own SecurityManager class

• When creating your own SecurityManager you normally do not directly subclass SecurityManager. Instead, most people tend to create a NullSecurityManager that extends SecurityManager but opens access to everything. Then, you subclass this manager overriding the checks you wish to restrict.
• Go to java.sun.com for more tips. (e.g. go here)