JBoss development, A new message was posted in the thread "EJB3 security - Skip authorization for @PermiAll?": http://community.jboss.org/message/531678#531678 Author : ANIL SALDHANA Profile : http://community.jboss.org/people/anil.saldhana@jboss.com Message: -------------------------------------------------------------- That behaves as an "unchecked" operation. Now either we can centralize all security operations in the security layer (including the @PA check) or we can add code to the integration layer (here the ejb3 interceptor) to not invoke the security layer, for performance benefit.   For this particular case, it makes sense to do the latter. -------------------------------------------------------------- To reply to this message visit the message page: http://community.jboss.org/message/531678#531678