"adrian(a)jboss.org" wrote : I guess the shutdown hooks run with different rights so it needs to be a privileged block? If you make the stop() method run privileged, won't you make it kind of easy to defeat the security manager (by simply undeploying the bean, or even just getting the bean by name, or creating an instance of it, and manually calling stop() on it from hostile code)? Just trying to think if there's a way to get at that. Probably the shutdown hook is the one that should be using the privileged block - or is that what you meant? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4187502#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...