I think the problem is that JACC is not being used by Jboss by default. When I try to debug and see the code flow it goes to RoleBasedAuthorizationInterceptor and not JaccAuthorizationInterceptor. The Insufficient permission exception is thrown by the RoleBasedAuthorizationInterceptor. How do I register the JaccAuthorizationInterceptor to handle my authorization needs? -P. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3965632#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...