This book is very informative, describes Java security model and its evolution in detail, in fact, in too much a detail to suit the advanced developers.
It does not cover in detail how to write your own ClassLoader/SecurityManager and other security related components, so I would not recommend it to somebody wanting to rewrite the whole security model for an enterprise grade application, but this book surely covers a wide range of security basics which I find would be useful for anyone interested in security, not only for java developers.
This books gives a detailed listing of kinds of security threats Java has faced since its inception and how they were plugged and while doing that it gives a good perspective how a system can be compromised or prevented from being so.
