I wouldn't go as far as to constrain all entities by default, it would add another "speedbump" that a developer would need to be aware of when implementing remoting in their app. Section 7.9 in the remoting chapter of the documentation describes how object graphs returned by invoking a session bean can be constrained to exclude sensitive or unnecessary objects. I've got no problem implementing a similar exclusion for entity classes. Maybe @NonRemotable, or even @NoWebRemote would be a good annotation for this use case. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3972452#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...