Java Security Exception still being thrown with java.security.AllPermission being set

Question

If anyone can help me out with this, you will be a life saver.

Some prerequisite information:

JDK = AdoptOpenJDK jdk-8.0.265.01-hotspot

JBOSS = 6.4.12.GA

So, here's the issue.... Recently my team received a requirement to enable Java Security Manager for our project. So for the time being we enable Java Security Manager with all permissions granted.

This is our server.policy file:

grant {
   permission java.security.AllPermission "", "";
}; 

As you can see, it's pretty plain and as far as I understood should cover all java security exceptions. We know the file is working because JBOSS won't even start without these permissions being set. However, even with this being set we are running into a security exception when attempting to run a certain part of our application.

Here is the code (This isn't the exact code but I tried to get the same point across. Forgive me if there are any compilation issues):

    List<ValidationResponse> responses = var.getSpecialObjects().parallelStream().map(specialObject -> {

        ValidationResponse response = specialObjectService
                .validateSpecialObject(specialObject);

        return response;
    }).collect(Collectors.toList());

The Security exception being thrown is "Caused by: java.lang.RuntimeException: java.lang.RuntimeException: java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")". I was under the impression that granting AllPermissions should have suppressed this but that doesn't seem to be the case. Here is the full stacktrace:

Caused by: java.lang.RuntimeException: java.lang.RuntimeException: java.lang.RuntimeException: java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.8.0_66]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [rt.jar:1.8.0_66]
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [rt.jar:1.8.0_66]
        at java.lang.reflect.Constructor.newInstance(Constructor.java:422) [rt.jar:1.8.0_66]
        at java.util.concurrent.ForkJoinTask.getThrowableException(ForkJoinTask.java:593) [rt.jar:1.8.0_66]
        at java.util.concurrent.ForkJoinTask.reportException(ForkJoinTask.java:677) [rt.jar:1.8.0_66]
        at java.util.concurrent.ForkJoinTask.invoke(ForkJoinTask.java:735) [rt.jar:1.8.0_66]
        at java.util.stream.ReduceOps$ReduceOp.evaluateParallel(ReduceOps.java:714) [rt.jar:1.8.0_66]
        at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:233) [rt.jar:1.8.0_66]
        at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499) [rt.jar:1.8.0_66]
        at com.X.X.X.X.X.X..SpecialObjectValidationService.validateSpecialObjectSave(SpecialObjectValidationService.java:223) [classes:]
        at com.X.X.X.X.X.X.SpecialObjectValidationService.checkValidationForSaveAndActivate(SpecialObjectValidationService.java:357) [classes:]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_66]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_66]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_66]
        at java.lang.reflect.Method.invoke(Method.java:497) [rt.jar:1.8.0_66]
        at org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52) [jboss-as-ee-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
        at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
        at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63) [jboss-as-ee-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
        at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:375) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
        at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:86) [jboss-as-weld-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
        at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:97) [jboss-as-weld-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
        at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63) [jboss-as-ee-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
        at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
        at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63) [jboss-as-ee-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
        at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43) [jboss-as-ejb3-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
        at org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
        at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:93) [jboss-as-weld-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
        at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
        at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
        at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
        at org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51) [jboss-as-ejb3-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
        at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:279) [jboss-as-ejb3-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
        ... 53 more
Caused by: java.lang.RuntimeException: java.lang.RuntimeException: java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
        at org.jboss.weld.util.reflection.SecureReflectionAccess.runAsInvocation(SecureReflectionAccess.java:154) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
        at org.jboss.weld.util.reflection.SecureReflections.invoke(SecureReflections.java:263) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
        at org.jboss.weld.bean.proxy.EnterpriseBeanProxyMethodHandler.invoke(EnterpriseBeanProxyMethodHandler.java:115) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
        at org.jboss.weld.bean.proxy.EnterpriseTargetBeanInstance.invoke(EnterpriseTargetBeanInstance.java:56) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
        at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:105) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
        at com.X.X.X.X.X.X.IRepository$224117240$Proxy$_$$_Weld$Proxy$.findSpecialObejctByName(ISpecialObjectRepo$224117240$Proxy$_$$_Weld$Proxy$.java) [classes:]
        at com.X.X.X.X.X.X.SpecialObjectValidationService.lambda$1(SpecialObjectService.java:205) [classes:]
        at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193) [rt.jar:1.8.0_66]
        at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1374) [rt.jar:1.8.0_66]
        at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481) [rt.jar:1.8.0_66]
        at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471) [rt.jar:1.8.0_66]
        at java.util.stream.ReduceOps$ReduceTask.doLeaf(ReduceOps.java:747) [rt.jar:1.8.0_66]
        at java.util.stream.ReduceOps$ReduceTask.doLeaf(ReduceOps.java:721) [rt.jar:1.8.0_66]
        at java.util.stream.AbstractTask.compute(AbstractTask.java:316) [rt.jar:1.8.0_66]
        at java.util.concurrent.CountedCompleter.exec(CountedCompleter.java:731) [rt.jar:1.8.0_66]
        at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289) [rt.jar:1.8.0_66]
        at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056) [rt.jar:1.8.0_66]
        at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692) [rt.jar:1.8.0_66]
        at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:157) [rt.jar:1.8.0_66]
Caused by: java.lang.RuntimeException: java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
        at org.jboss.weld.util.reflection.SecureReflectionAccess.runAndWrap(SecureReflectionAccess.java:65) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
        at org.jboss.weld.util.reflection.SecureReflections.ensureAccessible(SecureReflections.java:283) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
        at org.jboss.weld.util.reflection.SecureReflections$13.work(SecureReflections.java:267) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
        at org.jboss.weld.util.reflection.SecureReflectionAccess.run(SecureReflectionAccess.java:52) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
        at org.jboss.weld.util.reflection.SecureReflectionAccess.runAsInvocation(SecureReflectionAccess.java:137) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
        ... 18 more

As you can see the exception is being thrown when calling the collect function. Has anyone experienced this before? We found this question that looks similar to the problem we are seeing but we didn't have any luck when implementing the solutions.