I know AccessController.doProvileged() making magic that "+Marking code as "privileged" enables a piece of trusted code to temporarily enable access to more resources than are available directly to the code that called it+. " as described here: http://download.java.net/jdk8/docs/technotes/guides/security/doprivileged.html
However, what I don't understand is that why this introduced at all. if certain resource is secured, it should not be able to accessed at all unless caller get permission. what does "*temporarily enable access*" mean here? if the resource is enabled to be accessed through doProvileged(), there is nothing to prevent it from accessed permanently, right? programmer won't remove doProvileged() code when they deliver the code to make the resource unaccessable :)
in the example mentioned in above document:
"+This is necessary in some situations. For example, an application may not be allowed direct access to files that contain fonts, but the system utility to display a document must obtain those fonts, on behalf of the user. In order to do this, the system utility becomes privileged while obtaining the fonts+."
user is able to put doProvileged() code in his code to access system font just like the system utility does, the system font is not secured to user as well.