The JVM has several built-in security features that handle various aspects of security. These security features are implemented at the JVM level, which means they can be changed and customized by the developer, but it will still be guaranteed that the security holds throughout your application. Keep in mind that not all Internet Java security deals with applets.

Many developers create Java client applications that run independently of a browser but still pass information across the Internet to a central server or even to other clients. The class loader is an example of a feature that is normally not implemented in applets (because applets have a unique class loader of their own), but can be implemented in stand-alone applications to provide security.

Bytecode is also verified by the JVM before it is executed to ensure it is legal. As you know, the Java compiler ensures the source code is legal before it creates the bytecode. Unfortunately bytecode can be easily modified, as we show in this section. If the Java compiler is like a first-wall of defense to protect against illegal code, bytecode verifiers are like a second wall of defense that protects illegal code from executing in a JVM.

We also discuss how to implement fine-grained access to system resources. Sun calls this technology Java Protected Domains. Using a combination of management tools and the Java API, we demonstrate exactly how to achieve the desired level of access for an application. Let's start with...