Security manager can use various user repositories for authentication and an access control properties file for authorization, as explained in text.