Look into the unchecked element usage. This indicates that authentication is required, but no specific roles or authorization is needed.
That's what I am doing now.
<method-permission> <unchecked/> <method> <ejb-name>Fibo</ejb-name> <method-name>*</method-name> </method> </method-permission>
But, I have to put it in all ejb-jar.xml files. So, I was wondering if there any other way to disable authorization.
No standard mechanism. You can use a proprietary replacement for the org.jboss.ejb.plugins.SecurityInterceptor to do whatever you want.