This paper explores some of the internals of Java 2 security. We'll take an inside-out approach to exploring the important concepts and APIs: First we'll look at the high-level concepts that Java 2 security is based on, and then we'll examine the Java class internals that encode these concepts. The Java classes are a highly optimized implementation of the relatively simple concepts on which Java 2 security is based. The high optimization level means that a bare reading of the source code is confusing and at times misleading, so a good understanding of the concepts and how the Java security classes map to those concepts is essential when pursuing a strong understanding of Java 2 security. This paper wraps up with a discussion of advanced Java security techniques. We'll see how to impose Java security on non-Java interpreted scripts, how to create logical threads of execution taking into account Java 2 security, as well as other techniques.