Sun GlassFish Enterprise Server 2.1 Performance Tuning Guide

Disable Security Manager

The security manager is expensive because calls to required resources must call the doPrivileged() method and must also check the resource with the server.policy file. If you are sure that no malicious code will be run on the server and you do not use authentication within your application, then you can disable the security manager.

To disable use of the server.policy file, use the Admin Console. Under Configurations > config-name > JVM Settings (JVM Options) delete the option that contains the following text: