Chapter 7. J2SE Security Fundamentals
Chapter 8. The Java 2 Permission Model
Chapter 9. Authentication and Authorization with JAAS