We have few public static methods in spi, common and cxf stack impl that need permission checks to be performed when running with security manager on.