That's what I thought. The documentation needs to be corrected or clarified. "Declarative security" sounds like JBoss Rules-based security, using the @Restrict annotation. I just wanted to confirm that before I build this system on 90% POJOs, because it's going to use Drools security rules for everything. (I'm going through the Drools docs right now learning how to build a rules file.) View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4123799#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...