...
Each Java applet or application runs in its appropriate domain, as determined by its code source. For an applet (or an application running under a security manager) to perform a secured action such as reading or writing a file, the applet or application must be granted permission for that particular action. At certain times, privileged code may temporarily access forbidden Privileged code can access privileged resources on behalf of an unprivileged caller . That by using the AccessController.doPrivileged() method. This is necessary, for example, if a system utility needs to open a font file to display a document, on behalf of the user, but the application does not have permission to do so. To perform this action, the system utility uses its full privileges for obtaining the fonts and ignores the privileges of the caller.Code blocks can be allowed to expose their privileged actions to callers by using the AccessController.doPrivileged() method. Privileged code runs with with all the privileges of the protection domain associated with the code source. Typically, these privileges exceed those required to perform the privileged operation. Ideally, code should only be granted the minimum set of privileges required to complete its operation.
This guideline addresses the problem of excess privileges. See SEC56-JG. Define custom security permissions for fine grained security for describes another approach to solving this problemeliminating excess privileges.
Noncompliant Code Example
...