9.9.3. About Java Security Manager Policies

The Java Security Manager uses a security policy to determine whether a given action will be permitted or denied.
The security policy is a set of defined permissions for different classes of code. The Java Security Manager compares actions requested by applications against the security policy. If an action is allowed by the policy, the Java Security Manager will permit that action to take place. If the action is not allowed by the policy, the Java Security Manager will deny that action. The security policy can define permissions based on the location of code or on the code's signature.
The Java Security Manager and the security policy used are configured using the Java Virtual Machine options java.security.manager and java.security.policy.