I get this question so many times that I believe I should publish it here instead! ;)
* For a quick and dirty workaround, you can disable security manager by removing reference to server.policy in domain.xml. See link
* Here is the proper way to configure the security policy: See link
* If you want to override the default permissions through code instead of configuration, here is one way. See link