Refactor security to avoid reflection APIs
Make sure we can handle everything in declarative - annotated methods, types