Service layer design for enterprise applications

Its not yet complete.Released for public viewing.Comments would be appreciated.

Trusted service layer design:
In order to make a perfect service layer we need to know the security and flexibility of using the services.I will be using the JAAS for authintication and authorization of  the users.I personally  feel the authorisation technique that is followed by JAAS in not suitable enough for using it in enterprise.I have used some other things in the design of the service architecture but some of the things are not knows to me.I will study and make prototype about this any add in this article.
As soon as the login informations receive the application (by application i mean the middle type of the architecture.)
The JAAS would now come into the picture.Using JAAS we would authinticate the user and use the the subject to construct the sercvice gateway and if a service gateway could be created successfully then store in the session for further use.No one should be able to use / invoke services without going through the service gateway.
Careful use of previledged code.
Suppose there arises a situation in which you have to perform an operation but the complete stack of function calls do not have the required permission to perform the operation.
In that case this previledge code comes into play.You canconsolidate the code in a method and then call the method in the following manner.
public void doSomething(){
   AccessController.doPreviledge(new PreviledgeAction(){
Now this code becomes an independent piece of code only depending on the permission of its own permission domain.It would not dig down the stack to check whether all the codes in here are having the required permission.This is a important way of making services and bundle the jar and give only the jar the required permission to execute the required operation.