This is a brief rundown of especially the commands described in the Java Security Trail. For full understanding, read the trail.

Security policies are stored in "policy files". These need to be included either by adding to the $JAVA_HOME/lib/security/java.security file or by using the -Djava.security.policy=<policyfile>. For the former, add a line policy.url.n=<policyfile> where n is an integer that has not been used in the java.security file before.

The policy files can be edited using the policytool program that comes with Java. The trail describes how the 1.5 tool works, the 1.6 tool has less keystore-related functionality.

Permissions to do "stuff" can be granted either to code from a particular "CodeBase" (URL of the files) or to code signed by a certificate. For a CodeBase, permission can be granted to a URL and all subdirectories thereof by adding '-' to the URL, e.g. http://netarkivet.dk/- to specify permissions for anything from netarkivet.dk.

Permissions are organized by class, e.g. FilePermission controls read/write/execute permissions for files. All permissions have a target, e.g. a file or directory for FilePermission. The syntax of the target is defined by the permission class.