Hadoop doesn't work at all with a proper security manager, noted in
HADOOP-5731, caused by the service level auth of HADOOP-4348.
Even if you switch to a minimal security manager that blocks System.exit() calls (see
HADOOP-4532 and HADOOP-5453) but doesnt delegate authorisation to the normal sun policy-driven code doesn't work, because libraries in Hadoop (here, jetty) and elsewhere RMI both check for a security manager being present, and if so, get the codebase's policy and add rights to it. That is, they assume that they can do this, and that it is needed.
This patch lets both libraries get away with setting permissions, without paying any attention to the values. It is not a step towards hosting Hadoop under a fully functional security manager, but should be enough to run Hadoop under a simple manager that blocks exit calls unless asked very nicely.
Now, ultimately, I would like to work with a Security Manager, but fixing that is going to require way more effort.