Adrian, you wanted to apply Java security permission checks to vfs deployments (deploy, undeploy etc). Some possibilities are: 1) Use the current JACC policy implementation that is keyed in by a context id (which is essentially a string). So you can create a contextid that is the vfs url and create custom permissions that denote the controls that you want to apply. 2) We will need to extend the current DelegatingPolicy implementation (which is the JACC policy provider) to utilize VFS policy in addition to jacc. Option 1 is the easiest. It has to be ensured that once the policy configuration is filled with permissions, a pc.commit needs to be called to make the policy get into action. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4180663#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...