Then we need to create a security aspects project in the security set of projects and do drop these obsolete classes. The only users would be aop remoting users that are including these into the proxy configurations. There is a trivial usage in the profileservice proxy that can be updated once a suitable replacement is available. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4148696#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...