When you run Tomcat, each instance of the server runs in the context of its own individual JVM whose security can be managed with the Java Security Manger.
PAS is enabled with a default configuration of the standard JVM Security Manager. The JVM security is configured in the /conf/catalina.policy file of a given PAS instance.
The catalina.policy file uses Permission classes, either the built-in JDK classes or customized classes, to control what actions a class can take. The following are just a few examples of the built-in classes:
java.io.FilePermissions: controls access to read, write, delete, and other actions for files and directories
java.net.SocketPermissions: controls network access through sockets
java.security.SecurityPermissions: controls access to security methods
java.io.FilePermissions: controls access to read, write, delete, and other actions for files and directories