"ALRubinger" wrote : "anil.saldhana(a)jboss.com" wrote : Why should the ejb3 security interceptors exist in an external project? | | Because EJB3 should not require the AS runtime. | | S, | ALR So what? If you run in embedded you just drop the security interceptor. If you run in Tomcat, you replace it with a version that uses Tomcat Realms. That still doesn't mean that EJB3 should define how security works in JBossAS. Make a sentence out the foillowing words: "Before Put Horse Cart" :-) View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4135017#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...