Some important points for portal (and maybe for others too) is the capability to query several domains and get descriptions - existing resources that are secured and that could be secured - existing actions - relationship between actions - capability to test security for a specified subject and not something based on thread local The bottom line is that we not only need to be able to do checks, we also need to be able to do runtime configuration of various aspects and build complete GUI for it. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4097963#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...