What is left to be fixed:
- The Security Dependency Processor currently adds the Picketbox module dep to all deployments. We need to be selective about this.
- The Security subsystem currently just creates a "other" application policy with the UsersRolesLoginModule. We need to move it to a formal security domain configuration.
- Take a look at web security utilizing a run as being passed to it.
- Other scenarios. :)