The security manager is disabled by default.
In a production environment, you may be able to safely disable the security manager if all of the following are true:
Performance is critical
Deployment to the production server is carefully controlled
Only trusted applications are deployed
Applications don't need policy enforcement
Disabling the security manager may improve performance significantly for some types of applications. To disable the security manager, do one of the following:
To use the Administration Console, open the Security component under the relevant configuration, and uncheck the Security Manager Enabled box. Then restart the server. For details, click the Help button in the Administration Console.
asadmin delete-jvm-options -Djava.security.manager
To re-enable the security manager, use the corresponding create-jvm-options command. For more information about the create-jvm-options and asadmin delete-jvm-options commands, see the Oracle GlassFish Server 3.0.1 Reference Manual.