The semantics of when a SecurityException will be thrown, in relation to the Subject.getPrivateCredentials methods and the methods on the returned sets, are essentially unspecified. A clear specification needs to be added: when does getPrivateCredentials throw SecurityException, and when do methods on the returned set (and its iterators) throw SecurityException?

As presently implemented, if you only have permission to access a subset of the private credentials, it appears to be impossible to actually access that subset. The getPrivateCredentials(Class) method throws SecurityException if it encounters a credential of a different class and you don't have permission to access that credential. The getPrivateCredentials() method doesn't throw SecurityException, but if you then attempt to iterate through the returned set, the Iterator.next method throws SecurityException when it encounters a credential you don't have permission to access and doesn't advance past that credential, so another call to Iterator.next will just throw SecurityException again, and you infinite loop.