Hi David, I think this property should be set in System, not in InitialContext.
System.setProperty("log4j.category.OpenEJB.startup.attributes","DEBUG"); Scenario 1. --EJB-- @RolesAllowed({"StudentAdmin"}) public void createStudent --EJB-- --ejb-jar.xml-- <assembly-descriptor> <security-role> <role-name>SysAdmin</role-name> </security-role> <method-permission> <role-name>SysAdmin</role-name> <method> <ejb-name>StudentEndpoint</ejb-name> <method-name>createStudent</method-name> </method> </method-permission> --ejb-jar.xml-- DEBUG - Security Attribute: public void pl.zsk.sos.ejb.endpoint.StudentEndpointBean.createStudent(pl.zsk.sos.dto.StudentDTO,pl.zsk.sos.dto.AccountDTO) throws pl.zsk.sos.exception.StudentException -- StudentEndpoint : * : pl.zsk.sos.ejb.endpoint.StudentEndpointBean : createStudent(pl.zsk.sos.dto.StudentDTO, pl.zsk.sos.dto.AccountDTO) StudentAdmin Scenario 2. ejb-jar.xml unchanged RolesAllowed annotation is commented in createStudent as follows --EJB-- //@RolesAllowed({"StudentAdmin"}) public void createStudent --EJB-- DEBUG - Security Attribute: public void pl.zsk.sos.ejb.endpoint.StudentEndpointBean.createStudent(pl.zsk.sos.dto.StudentDTO,pl.zsk.sos.dto.AccountDTO) throws pl.zsk.sos.exception.StudentException -- StudentEndpoint : * : * : createStudent(*) SysAdmin Regards -- Marcin Kwapisz Division of Computer Networks Technical Univeristy of Lodz, Poland