I've been doing some EJB profiling lately and one of the cpu hot spots was related to the doPrivileged() method.
I've got a classic facade design : a stateful session bean, accessible remotely by clients, which uses a number of BMP EJB's to fetch data. The entity beans are only accessible locally.
The facade does for each entity bean two method calls; to get two properties. For each call doPrivileged pops up. The trouble is that there are a lot of entity beans to address for one client request. And in the end the method calls add up to a real performance issue.
Is there a way to prevent, switch off, whatever, security checks for entity beans ? (Or is this doPrivileged call related to something else entirely ?)
In my case it won't make much sense to check the entity beans anyway. If the user obtained an instance of the session bean, it implicitely means the data must be accessible too.
Many thanks for any clue !
if you're talking about the doPrivileged Method in java.security.AccessController, then this is nothing you could turn off in jboss as is it part of the java security mechanism.