I don't understand why would you choose the default port to be value below 1024 which means you cannot run this on unix system without super user privileges.
Even when I change the port in the config file, it still tries to bind to 999 so the server crashes.
Java Security Manager is PITA, if you run Java app with reduced privileges be ready to face a lot of unexpected problems caused by JSM. Being a
reference implementation, IRI has as much error handling stripped out as possible. Together with JSM in paranoic mode this would make the testing a nightmare.
Port in the config file is for API only.