The Security Deployer needs to be changed as per the following rant from Adrian

=============================
To me this is the wrong approach anyway.

There shouldn't be any code that does

if (ejbdeployment)
doThis();
else if (webdeployment)
doThat();
else if (unknowntype) // OOPS (pun intended
cantDoIt();

The webservice deployers should be working off some generic metadata that triggers them to operate.

Then each type of deployment can populate that metadata to say "I want a webservice endpoint for this".

This is a seperate deployer for each type we know how to map to a webservice it takes the ejb/web/other metadata and maps or bridges it to the webservice metadata.

It shouldn't just be restricted to ejbs and wars.

e.g. An MBean should be capable of being an endpoint if there is a deployer that creates the relevant metadata attachment from say a META-INF/jboss-webservice.xml in the sar.

The security deployers take the same brain dead (non object orientated) approach.
============================================================