The only real restriction would be when running with a security manager, since you need permissions that are not typically assigned to an application. If it works, it works, but you should be proposing a mechanism that allows the extended permissions to be read in from a deployment descriptor so that its something the jboss security layer is supporting to avoid this from not working in the future.
Ok, thanx, but could you please point me to some info about extended permission? Google failed to find anything meaningful about this term but single line in the JBoss RoadMap.
No info exists. You need to make it up.