Using the @SecurityDomain and @RolesAllowed, you can restrict the method access. Here's an example: | @Stateless | @Remote( { UserManagerRemote.class }) | @Local (UserManagerLocal.class) | @RemoteBinding(jndiBinding = "RemoteUserManagerBean") | @SecurityDomain (value="other") | public class UserManagerBean implements UserManagerLocal, UserManagerRemote { | | | | @RolesAllowed (value="admin") | public User getUser(long id) { | System.out.println("Bean method successfully called"); | // do something | return user; | } | } View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4163852#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...