A problem I see in the jbossas startup when an ejb3 deployment exists is the RoleBasedAuthorizationInterceptorFactory attempting to do a lookup for the java:/jaas/* content to obtain the security domain binding. With the current security refactoring, this context is established by a separate JBossSecurityJNDIContextEstablishment bean on which there is no dependency. For now that dependency should be part of the configuration specifying the RoleBasedAuthorizationInterceptorFactory. More generally this should be a jndi @Resource type of dependency that gets mapped to a bean that provides the jndi binding via an alias on an mc bean for example. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4140298#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...