It's a couple of questions really, the first is security related, second is annotation related:
1. Is it possible (in a standard non JBoss specific) to use @RolesAllowed and the rest of role based annotations but someohow override the default container behavior (which in JBoss is the rolebased interceptor)? The reason I"m asking that is, that in my application I need slightly different behavior for access control check than the standard, but I don't want to replace the whole security manager with JACC. So what I've done is avoid using the standard RolesAllowed annotations, and introduced MyRolesAllowed annotations. That way I will avoid invoking the standard mechanism of the container, and plugin my behavior as an EJB3 interceptor. Is there a way around it?
2. So I've created an annotation which I use to annotate bean methods @MyRolesAllowed, and I want to be able to override it for the method in the deployment descriptor. Can this supported?