1) I inherited AOP security in whatever form it was. I have not worked on it except for it to remain running. So will certainly take your suggestions into consideration when I work on it. 2) We still maintain RealmMapping for backwards compatibility. The current recommended approach is AuthorizationManager interface. As you can see, JaasSecurityManager.realmmapping methods just delegate to the authz mgr interface. Currently, the ISecurityManagement interface provides the strategy based hook into the security managers. I think we need to inject an instance of ISM into the bean container. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4193125#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...