Previous versions of JBoss AS allowed users to configure a <missing-method-permissions-exclude-mode> element which would decide whether methods without any specific security configurations, on a secured bean, are allowed access or not.

In AS7, we allow access to such methods and it behaves similar to @PermitAll. We should allow users to have control over this.

Related article http://anil-identity.blogspot.in/2010/02/tip-interpretation-of-missing-ejb.html