Emmanuel Bernard wrote:
I'm making Hibernate Validator SecurityManager friendly. I have a
question wrt Java security.
I have been told to wrap any reflection call into
You should in addition to things such as:
so that if HV is granted reflection privilege, the SM won't
Now I do not want to wrap all my reflection calls into
Here are my questions:
- how do I know that a SecurityManager as been activated?
It seems to me that System.getSecurityManager() != null does the
I would not bother to do the SM != null check. The modern jvms are smart
to do that themselves and speed up.
- how "slow" is this AccessController.doPrivileged
if there is no security mgr enabled, then not much of a difference as
the jvm does
do some optimization (in the absence of SM). With SM enabled, there is
some overhead in
the permission checking across call stacks.
- does JBoss use a SM OOTB?
The JBossAS testsuite includes a test target that runs a bunch of tests
while the AS is running under a sec mgr.
There are users of AS who run it under a SM.