since you have the security manager enabled, the BasePolicyWrapper should be running with its avoidReentrancy flag set to true. In which case, it uses a threadlocal to avoid the recursive calls to policy.implies() shown in your stack trace.
there may be a bug in the logic of the BasePolicyWrapper wrt to its setting of the avoidRentrancy flag, although the logic appears to be ok. I enabled the security manager, and added the grants you describe below, and did not see a problem or restart. I also tried a couple of app tests, and I didn't see a problem.
I was able to cause a startup problem (although I did not see the same stack trace you are seeing), by setting
-Dcom.sun.enterprise.security.provider.PolicyWrapper.ignoreReentrancy=true
in domain.xml
By default this property should NOT bedefined. If you haven't defined this property, can you try repeating your test after having set this property to
-Dcom.sun.enterprise.security.provider.PolicyWrapper.ignoreReentrancy=false
in jvm-options of domain.xml.
that should explicitly cause avoidReecusion to be set to true.
let me know what you learn, and then we can see if you should file a bug.
Ron
[Message sent by forum member 'monzillo' (monzillo)]
http://forums.java.net/jive/thread.jspa?messageID=275819