"clebert.suconic(a)jboss.com" wrote : IMO all we need is to make sure we aways test for System.getSecurityManager() != null before creating the Priviledged block. Then we know that users who care about performance won't be affected, and users who care about security on the VM will assume some little impact. That's fine. All privileged blocks in AOP are preceded by a System.getSecurityManager() != null check. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4190956#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...