The security manager is disabled by default.
In a production environment, you may be able to safely disable the security manager if all of the following are true:
Performance is critical
Deployment to the production server is carefully controlled
Only trusted applications are deployed
Applications don't need policy enforcement
Disabling the security manager may improve performance significantly for some types of applications. To disable the security manager, do one of the following:
To use the Admin Console, open the Security component under the relevant configuration, and uncheck the Security Manager Enabled box. Then restart the server. For details, click the Help button in the Admin Console.
asadmin delete-jvm-options --user adminuser -Djava.security.manager
For more information about the asadmin delete-jvm-options command, see the Sun Java System Application Server Platform Edition 9 Reference Manual.