Disabling the Application Server’s security manager may improve performance for some types of applications. The J2EE authorization and authentication features will still work even if the security manager has been disabled. You may disable the security manager in a development environment, but you should not disable it in a production environment.
Go to the JVM Options page of the Admin Console.
For instructions, see To configure the JVM options.
On the JVM Options page, remove this option:
Restart the server.