We need something like the deploy/ejb3-interceptors-aop.xml RoleBasedAuthorizationInterceptorFactory which is applied to beans annotated with @SecurityDomain: | | <interceptor name="Basic Authorization" factory="org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorFactory" scope="PER_CLASS"/> | | .. | | <domain name="Stateless Bean" extends="Intercepted Bean" inheritBindings="true"> | <bind pointcut="execution(public * *->*(..))"> | <interceptor-ref name="org.jboss.ejb3.ENCPropagationInterceptor"/> | <interceptor-ref name="org.jboss.ejb3.security.AuthenticationInterceptorFactory"/> | </bind> | <bind pointcut="execution(public * @org.jboss.ejb3.annotation.SecurityDomain->*(..))"> | <interceptor-ref name="Basic Authorization"/> | </bind> | <bind pointcut="execution(public * *->*(..))"> | <interceptor-ref name="org.jboss.ejb3.security.RunAsSecurityInterceptorFactory"/> | </bind> | <bind pointcut="execution(public * @org.jboss.ejb3.annotation.Clustered->*(..))"> | <interceptor-ref name="org.jboss.ejb3.remoting.ReplicantsManagerInterceptorFactory"/> | </bind> | View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4242442#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...