[jboss-dev] SecurityManager

I'm making Hibernate Validator SecurityManager friendly. I have a few question wrt Java security. I have been told to wrap any reflection call into AccessController.doPrivileged so that if HV is granted reflection privilege, the SM won't complain. Now I do not want to wrap all my reflection calls into AccessController.doPrivileged Here are my questions: - how do I know that a SecurityManager as been activated? It seems to me that System.getSecurityManager() != null does the trick - how "slow" is this AccessController.doPrivileged wrapping in practice? - does JBoss use a SM OOTB? Thanks Emmanuel