Jetty has support for running in a 'secure' mode in a couple of different ways.
Typical Jetty Startup
> java -jar start.jar OPTIONS=secure,default
This will start up jetty using the custom org.eclipse.jetty.policy.JettyPolicy implementation for loading and processing policy files, and install a security manager very before the jetty server starts to bootstrap itself up through the XMLConfiguration mechanism. This mechanism allows for the specification of multiple policy files if you so choose which can be registered in the start.config file.
Typical JVM Startup
> java -Djava.security.manager -Djava.security.policy=lib/secure/jetty.policy -jar start.jar
This is the standard jdk mechanism for starting up the JVM with the policy and security manager in place.