Ummm, I have to remember that security settings can throw that kind of permissions
Regarding the creation of a fine tuned security policy file, you might try to use another project from the
Java Tools community:
JChains.
I have never used it, the one time I did something like that I did it by hand and it was painful ;), but it supposedly shows you all the permissions you are "using" when you start your application, with all permissions granted, and then you can create a policy file with just those that were used.
Otherwise you could try to do it "by hand", using the settings -Djava.security.debug=access or something similar.
I hope it helps, good luck.
[originally posted on jforum.net by GreenEyed]