Stuart Douglas created WFLY-2486: ------------------------------------ Summary: EJBComponentDescription#isSecurityEnabled() is incorrect Key: WFLY-2486 URL: https://issues.jboss.org/browse/WFLY-2486 Project: WildFly Issue Type: Bug Security Level: Public (Everyone can see) Components: EJB Reporter: Stuart Douglas Assignee: David Lloyd This assumes that if the security domain is null, then the there is no security. This is incorrect, as there could be a default security domain. There could also be a security domain set, but not security annotations/metadata that is applicable to the bean. On the whole I think we should remove this method, as its use is problematic, and move any code that relies on it to org.jboss.as.ejb3.security.EJBSecurityViewConfigurator, so all the security stuff is setup in one place -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira