Application permissions are granted in the default grant block. These permissions apply to all code not part of the internal server code listed previously.
A few permissions above the minimal set are also granted in the default server.policy file. These permissions are necessary due to various internal dependencies of the server implementation. Java EE application developers should not rely on these additional permissions.