Add the interceptor in the beans.xml and let us know the result. Interceptors are not enabled by default and must be listed in the beans.xml (I would put the security interceptor first so it's the first interceptor to be invoked).
<interceptors> <class>org.jboss.seam.security.extension.SecurityInterceptor</class> </interceptors>
to my beans.xml works. The interceptor get's called and the the security of the annotated methods gets validated.
Does the documentation of seam-security mentions somewhere that one has to enable the SecurityInterceptor manually?
If I specify
<interceptors> <class>org.jboss.seam.security.extension.SecurityInterceptor</class> <class>org.jboss.seam.transaction.TransactionInterceptor</class> </interceptors>
in my beans.xml the applications fails to deploy.
WELD-001416 Enabled interceptor class [..snip..]TransactionInterceptor[..snip..] specified twice
This is because the transaction interceptor is already configured in seam-security-impl jar (see /META-INF/beans.xml of the seam-security-impl jar) ...
It doesn't look like it is in the docs, please add a JIRA (or even a pull request :) )