We're doing profiling of our Java EE application and sometimes JBoss code shows up. One of these places is org.jboss.security.authorization.resources.EJBResource#toString() which is called by org.jboss.security.javaee.AbstractJavaEEHelper#authorizationAudit(String, Resource, Exception). Why is string conversion done there? The HashMap is of type HashMap<String,Object>() so any value would do and string conversion could be deferred to later and and if audit logging is actually done.