[spring boot feature] determine support for security manager

[tjwatson]

There are currently issues with running spring framework with security manager enabled. This issue is to investigate the issues and determine if we should fix them.

[tjwatson]

Removing from the main Epic for supporting spring application.

[tjwatson]

One issue is that if jar urls are used we do not auto grant the application rights to read out of the URLs from the jars on the classpath. Once that is disabled and wsjar protocol is used instead then there are many different permissions that are needed. So much that it seems unreasonable and most users will probably just go with AllPermission