Is there a performance penalty when using a SecurityManager?
I need the following:
public class ExitHelper {
public ExitHelper() {
System.setSecurityManager(new ExitMonitorSecurityManager());
private static class ExitMonitorSecurityManager extends SecurityManager {
public void checkPermission(Permission perm) {}
public void checkPermission(Permission perm, Object context) {}
public void checkExit( final int status ) {
// this is the part I need and I don't care much about the performance issue of this method
Will this have a huge impact on my program?
The program does open a lot of files, for example. And if I enable the SecurityManager and put some logging in there, I can that these methods are called a lot. Really a lot. So much that normal logging is lost amongst logging from these two methods. So it seems putting a SecurityManager into place means that lots and lots of calls are made. Would it be any slower than the default SecurityManager? (is there any by default?)
How does this work? Which part of the program will be checked for permissions and how often? I'm concerned by the two checkPermission(...) methods.
There is a performance penalty, but it is likely to be small because:
In particular, note that the calling code for security checks is typically very lightweight in the Java library code, i.e. something like this:
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkXXX(argument, . . . );
If your security manager code itself is equally lightweight, then the runtime cost of the security check should be negligible. I would avoid putting any logging code in the SecurityManager itself however - this would be costly and probably belongs at a higher level in your application code.
If you want to absolutely minimise the overhead of the security manager for permissions that you don't care about, then you should override the specific checkXXX methods that you don't need with something like:
public void checkRead(String file) {
// empty method as we are happy to allow all file reads
Ultimately you'll have to benchmark for your particular situation, but the "gut feel" answer would be that you shouldn't really be worrying about it.