Because I read in book "Core Security Patterns", that the sandbox works only in untrusted applets. For me sound strange, because this mean that if I donload a jar and execute in my machine, the application can access all my system resources?
An Applet runs in a sandbox. The default is that an Applet can only send data back to the server on which it originated, and can not write data to the local file system.
However, there is a props file you can edit and change all this stuff.
Same for the JVM as a whole. You can restrict the places a vanilla JVM can read and write data, or you can give it full access to the hard drive.
I do remember doing a Java application where I wasn't aware of the security properties that were applied to the JVM. My applicatiosn couldn't write data to any of the places on the hard drive I was attempting. Documenting the stuff you do is very important to developers like me.
Its not that java security is only applicable to applets. If you download a jar but you don't trust it, Still you can run it with SecurityManager and you can set permissions allowed to this jar (%JAVA_HOME%\jre\lib\security\java.policy).
Sandbox security was there in java 1.2. After that a lot of changes has been done in java security to make it more fine grained....