If you are using our security annotations (e.g. @RolesAllowed ) and also other annotations (such as Bean Validation annotations) on the parameters of your secured methods, the security checks would entirely be bypassed.