not really. authentication policy is communicated to the client via the ior, and the policy in the ior is scoped to the interface, as apposed to the individual methods of the interface. The short answer/rationale is that it is best to partition your app into protected and unprotected components.
Ron
[Message sent by forum member 'monzillo' (monzillo)]
http://forums.java.net/jive/thread.jspa?messageID=269057