[ https://issues.jboss.org/browse/WFLY-7538?page=com.atlassian.jira.plugin.... ] Darran Lofthouse commented on WFLY-7538: ---------------------------------------- The time to add a doPrivileged call to a class is when (and only when) that class is taking full responsibility for it's actions. That means it must have validated any input that it has received, especially input that will be passed on using the PrivilegedAction, it must also have verified the caller is allowed to make the call. I am going to write a blog post about this topic, we are a little too caught up on adding a doProvileged every time we see a permissions check when the permissions check taking into account a larger portion of the stack may be a more appropriate check. -- This message was sent by Atlassian JIRA (v7.2.3#72005)