Home/ Questions/Q 4013200
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T09:20:30+00:00

This article about Java security says: Code in the Java library consults the Security

  • 0

This article about Java security says:

Code in the Java library consults the
Security Manager whenever a dangerous
operation is about to be attempted.

So, what does this exactly mean? Say, if I’ve implemented my own securitymanager and enabled it for the whole JVM. Now, does the java runtime consults my securitymanager for each and every java call(like System.out.println() etc) or it consults only for dangerous api calls like System.exit() ,file operations etc?

edit: let me clarify my question,

I’m not questioning the possiblities of the securitymanager. I’m just asking if the security checks are done for the dangerous api’s alone or it is done for each and every method call. Which inturn causes a huge performance degradation in case of applications with large amounts of code.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It will only consult the SecurityManager if the code says so. It won’t do it for every single operation.

    For example in Runtime.exit, you see that the SecurityManager is consulted:

    public void exit(int status) {
SecurityManager security = System.getSecurityManager();
if (security != null) {
    security.checkExit(status);
}
Shutdown.exit(status);
}

    Similarly, in File, you will see that most methods consult the SecurityManager. Example:

    public boolean canWrite() {
SecurityManager security = System.getSecurityManager();
if (security != null) {
    security.checkWrite(path);
}
return fs.checkAccess(this, FileSystem.ACCESS_WRITE);
}

    If you are writing a method which might be “dangerous” then you should also consult the SecurityManager.

    • 0