How to determine what execution rights a Java EE application needs?

I've created a Java EE application using a set of libraries. Works like a charm. Now it needs to be deployed into production. Our admin is very cautious about executio开发者_开发技巧n security and requires the permissions granted explicitly.

Going through all the code and looking up security requirements (especially the custom libraries) is time consuming and I'll probably will miss things out. Is there a way in Tomcat or Websphere to run the application and just log the security requirements used during the run (In a fully ideal world: save in a format directly usable for the security manager).

What you describe sounds like IBM Alphaworks Sword4J. Not tried it and it doesn't sound like an approach I'd want to take from an availability point of view, but I'd love to hear any experiences with it.