Disabling the Application Server’s security manager may improve performance for some types of applications. The J2EE authorization and authentication features will still work even if the security manager has been disabled. You may disable the security manager in a development environment, but you should not disable it in a production environment.
To disable the security manager:
For instructions, see Configuring the JVM Options.
-Djava.security.policy
See Also: