If you would like to secure the confluence webapp to make sure plugins (or other code executed) cannot access unwanted system resources, the following will restrict file system access.

grant {
  permission java.util.PropertyPermission "*", "read,write";
  permission java.net.SocketPermission "*:-", "connect,accept,listen";
  permission java.io.FilePermission "/tangosol-coherence-override.xml","read";
  permission java.io.FilePermission "/tangosol-coherence-override-prod.xml","read";
  permission java.io.FilePermission "/path/to/confluenceWebapp/-","read,write";
  permission java.io.FilePermission "/path/to/confluence.home","read,write,delete";
  permission java.io.FilePermission "/path/to/confluence.home/-","read,write,delete";
  permission java.io.FilePermission "/path/to/resin/lib/-","read";
  permission java.io.FilePermission "/tmp", "read";
  permission java.io.FilePermission "/tmp/*", "read,write,delete";
  permission java.io.FilePermission "quartz.properties", "read";
  permission java.util.logging.LoggingPermission "control";
  permission java.awt.AWTPermission "*";
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
  permission java.io.SerializablePermission "*";
  permission java.lang.RuntimePermission "*";
  permission java.net.NetPermission "*";
  permission ognl.OgnlInvokePermission "*";
};

-Djava.security.manager -Djava.security.policy=/path/to/.java.policy