Hi everyone, Today I finally got https://issues.jboss.org/browse/AEROGEAR-437 done, which means that now we have AeroGear Controller integrated with PicketBox, Picketlink and Deltaspike. Aerogear Security is the "middle-man" responsible for deal with security frameworks and JAX-RS authorization responses, currently. And our routes now can be role based like this https://github.com/aerogear/aerogear-controller-demo/blob/master/src/main... : route() .from("/delorean").roles("admin") .on(RequestMethod.GET) .to(Home.class).anotherPage(); It was deployed on OpenShift: http://controller-abstractj.rhcloud.com/aerogear-controller-demo/. If you wan't to test it and file some jiras to me, just configure your application like I did at our demo https://github.com/aerogear/aerogear-controller-demo/blob/master/pom.xml#L86 and go for it. What's missing? - HTTP authentication responses (High priority now, to handle responses to the client side) - Better exception handling - Expose timeout configuration - PicketBoxLoadUser must be optional - Role validation improvements - Page redirection on error (Daniel have been working on it - https://issues.jboss.org/browse/AEROGEAR-426) - Registration page - Code refactoring as usual - Make use of aerogear controller at our TODO app (eating our own dog food) -- "The measure of a man is what he does with power" - Plato - @abstractj - Volenti Nihil Difficile