Instead of confusing J2EE security with the Java Security Manager (as anil did), or making up completely nonsense comments(like scott did), maybe JBoss should write a sensible server.policy that could be used in the real world where you want to use the Java 2 Security Model to restrict things like which Sockets can be opened, which classes can be loaded by which other classes... If you don't know how to do it, you can read about it on Weblogic documentation http://edocs.bea.com/wls/docs81/security/server_prot.html#1032249 View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4060108#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...