"alessio.soldano(a)jboss.com" wrote : Do you mean that the 4.2 package (org.jboss.annotation.security.SecurityDomain) was theoretically not good too? Yes, the package name should reflect the defining artifact or domain. Thus we can make sure there is no class name overlap. "anil.saldhana(a)jboss.com" wrote : I did not create the annotation. I also did not refactor them or move them. I have just taken the task of cleaning up the ejb3 security integration for AS5. Given this, I feel for AS5, the annotation should be in the security spi project. As long as this doesn't create a dependency loop that would be perfect. "anil.saldhana(a)jboss.com" wrote : I do not handle ejb3 stuff for Branch_4_2. That is where the issues for you exist. This is where Carlo/BillD/Scott should opine. Branch_4_2 is no longer being maintained. As for the original issue, just put both the annotations on your class. It requires that you have both versions of the jar on your classpath during compile, but not during runtime. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4138693#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...