"scott.stark(a)jboss.org" wrote : 2. A privileged block in the Ejb3AuthenticationInterceptorv2 around the call to the JBossSecurityContext.setSecurityManagement at line 119: Yes, took care of this earlier today: https://jira.jboss.org/jira/browse/EJBTHREE-1619. "scott.stark(a)jboss.org" wrote : The TODO about having the SecurityManagement instance injected rather than created anew each time also seems like an issue. I believe this is https://jira.jboss.org/jira/browse/JBAS-4722. S, ALR View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4196042#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...