"anil.saldhana(a)jboss.com" wrote : "david.lloyd(a)jboss.com" wrote : Sorry if this is an ignorant question but - won't most (all?) of the early-boot JARs just get AllPermission anyway? | | Alternate approach of security.xml, the security manager gets installed in the stage after classloading.xml has been bootstrapped. So initialize.xml, classloading.xml went through an open door. That is what I am enquiring about. | But typically they will run under AllPermission anyway. The only reasons I put security.xml after classloader.xml is because 1) There maybe permission classes in the classloader setup by classloader.xml that need to be loadable. 2) In future we would probably load our own policy implementation which would be defined in the secutiry.xml classloader rather than being hardwired in our bootstrap. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4188376#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...