Check out this: http://www.securingjava.com
You might also want to take a look at David Wheeler's excellent doc, "Secure Programming for Linux and Unix HOWTO", which can be found at http://www.dwheeler.com/secure-programs/. Don't let the name fool you -- the Java section (http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/java.html) is filled with useful tips on Java-specific security issues. He doesn't say a whole lot regarding signing code, but it's still a highly worthwhile read, IMHO.
Cheers,
Ken van Wyk http://www.KRvW.com
