"scott.stark(a)jboss.org" wrote : The code calling the aop layer should have the getClassLoader permission since its expected that loading/generating aspects will need access to it, and user code should not be able to do this without specific permissions. | | In this case the ClientSessionDelegate should have a privileged block. | Ok. There goes my night of sleep. I had this nagging doubt. If it would be aop, then the messaging release could go ahead. They use aop everywhere. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4190712#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...