JAAS stands for Java Authentication and Authorization Service. It allows you to grant permission based on who is executing the code. Previous security models already granted permission based on where the code was coming from and who signed it. JAAS has been added to JDK1.4 and the examples here will use that JDK. If you want to run them with JDK version 1.3, download the optional JAAS package here and put jaas.jar in jdk1.3/jre/lib/ext.
JAAS consists of two components: the authentication component and the authorization component. The Authentication component determines who is attempting to run code. The authorization component determines if that entity has the necessary permissions to run that code.
To find out how to authenticate with JAAS, check out JAAS Authentication.
To find out how to allow or deny access to resources, check out JAAS Declarative Authorization and JAAS Programmatic Authorization.