You did not understand the suggested DownloadServerClasses change as this does not completely disable rmi class laoding. It simply restricts it to the classes/resources associated with ejb deployments as opposed to the complete server codebase. Removal of the dynamic class loading service still is a viable workaround as the need for dynamic class loading is something rarely used in production.