I have been trying to use a custom SecurityManager to sandbox some externally loaded code. The SecurityManager I have works fine. I have taken the same approach as numerous posts here suggested: set the custom manager whenever the potentially dangerous code executes, then revert back to the standard manager. This works fine and does what I want. However, the application is multi-threaded: 2 threads using the custom manager, one using the default one. This leads to the situation where the trusted code might be prevented from running properly as another thread just set the custom security manager. Is there a way to work around this? Alternatively, is there a better way altogether? I saw some posts talking about using different policies with the same security manager but I could not find a good example of this. Any help greatly appreciated.