Is security manager rarely used on the server?

Question

Is security manager rarely used on the server?

A recent question on SO leads me to an older answer about Java Security Manager. My question about this line in this answer:

However, the security manager affects performance, and it is rarely used on the server side.

Can anyone support this or refute it? I thought that there is always a security manager, custom or default, and containers use it all the time.

0

java securitymanager

Miserable variable Feb 15 '13 at 21:15

source share

1 answer

matt b · Answer 1 · 2013-02-15T21:24:36+0000

In the server code that you write yourself, I cannot think that you need to use the SecurityManager, because if you write code to perform some operation in your application, it is unlikely that you need to check if your code has permissions granted by you.

For example, many methods in the SecurityManager are associated with I / O operations - checkDelete() , checkRead() , checkWrite() , etc. JDK library classes will call these methods when trying to create / write / read / delete a file, so calling them yourself would be pointless.

Therefore, it is unlikely that your server-side code will make extensive use of the SecurityManager. However, the code in which your code runs, if deployed to a servlet container, can use these methods because they are interested in determining if your code has a certain level of permission that they give.

Is security manager rarely used on the server?

More articles: