Java Virtual Machines (JVMs) can be run with a SecurityManager installed. The SecurityManager governs what the code running in the JVM is allowed to do, based on factors such as where the code was loaded from and what certificates were used to sign the code.
The SecurityManager can be installed by setting the java.security.manager system property on the command line when starting the JVM:
java -Djava.security.manager <main class name>
or programatically from within Java code:
The standard Java SecurityManager grants permissions on the basis of a Policy, which is defined in a policy file. If no policy file is specified, the default policy file under
$JAVA_HOME/lib/security/java.policy will be used.