The package manager allows the installation of local class libraries that are not fully trusted by using permission signing. This is especially important for components such as JavaBeans and class libraries. It is desirable to allow these components to reside locally and to have some expanded permissions, but it is often not necessary to give them unlimited power.
System libraries are libraries that are shared and have all possible security permissions available to them. These libraries are the core of the Java system APIs, and they are the most privileged Java code. Most packages installed from non-system providers do not need this level of permissions. However, Java has traditionally treated all local classes on the class path as if they were system libraries.
Under trust-based security, classes from installed packages are not shared between applets or applications that use them. They carry specific system permission identifiers that are approved by either the user or the system administrator when the package is installed on the user's system. The permission identifiers determine the maximum permissions that can be used by the classes in that package. For more information on the package manager, see Java Package Manager .